Its Still Always Dns

Almost a year ago since I wrote about my DNS filtering setup. I’ve enjoyed using that setup, but the interface into Cloudflare for teams wasn’t that friendly, and was clearly geared much more towards enterprise managemnt than end use. So over the last few weeks I decided to do a little redesign of my dns filtering system.

I’ve heard great things about NextDNS, and so far it has lived up to expectations. The interface is simple, responsive, and it gives much faster ways to manage the allowlist and denylist. In addition to nicities like parental controls and basic security filtering, it also has Ad and Tracking Blockers built in, which means I don’t have to manage it and keep pihole updated myself.

So now I didn’t really have a reason to keep pihole around. It’s nice to have everything local, and I’ll definitely go back to it if I don’t like the direction of the NextDNS product, but for now it was redundant. I just needed a stub resolver.

Unsurprisingly, this is yet another area that systemd has expanded into. With a relatively recent release of systemd-resolved, and adding the interface you’d like to listen to to the DNSStubListenerExtra parameter in /etc/systemd/resolved.conf, I’ve got a well integrated little resolver that resolves DNS over TLS to NextDNS. And I’ve got a few less dependencies.