IoT, Code, Security and Server Stuff

Views are my own and not my employer's.

Personal Development Blog...

Coding for fun since 1996, Learn by doing and sharing.

Buy a domain name, then create your own server (get $25 free credit)

View all of my posts.

Block

Protecting your devices with nextdns.io a DNS based service that blocks malicious websites, trackers, ads, typo squatting domains, new or parked domains, TLD’s, mature YouTube content and comments and more

by

I was going to setup a local (in my house) PiHole (with a Raspberry PI) that blocks internet trackers (DNS Sinkhole) and Advertisements (yes, like the ones on my website) because I don’t want my kids consuming a bucket loads of Advertisements online when they watch YouTube.

I am against online trackers and big data building a profiles on kids that are 6 and 10 years old. I have stopped using Facebook, Twitter and stopped using Google Analytics on this website.

I demo’ed to my son about the big data sucking up his data by looking at an IT retailer here in Australia for a random computer product then a few seconds later we looked as  news sites (with Advertisements) in the UK and the US and to his surprise Advertisements for the randomly selected product in Australia was on his screen (sent from the other side of the world).

I am not against Content Creators making money from Advertisement revenue  I am against the privacy issue.  If you love consuming a Content Creators stuff then support them on their Merch store(s).

I don’t want my kids to accidentally fall victim to Malware, Cryptojacking, Phishing or spammy or known bad websites.  I have a leading Antivirus products on their Computers but it is best not to put all of your eggs in one basket.

Enter https://nextdns.io (Free)

fyi: NextDNS.io is in BETA development and if you want rock a rock solid experience you may want to wait until until the beta period is over (Maybe March 2020.  The only issue I have had is the NextDNS.io systray app sometimes does not open, I can work around this by starting and stopping the NextDNS.io service (“NextDNS DNS53 to DoH proxy“) in the Windows services app.

You can probably tell from the title of this post that NextDNS is a DNS based service that blocks malicious websites, trackers, ads, typo squatting domains, new or parked domains, TLD’s, mature YouTube content and comments and more.  In my research for PiHole I found that nextdns.io was mentioned (How-to: Pi-Hole Plus DNSCrypt Setup on Raspberry Pi 4).

I logged into https://nextdns.io/ and was impressed by their slick interface.

Quick Setup Steps

  1. Create a free account at https://my.nextdns.io/signup
  2. Login to https://my.nextdns.io/ and click the Setup tab
  3. Choose your platform that you want to setup nextdns onto (e.g Windows, Android etc)
  4. Follow the setup prompts to access the installer and obtain the Configuration ID
  5. Setup the app and enter the Configuration ID
  6. Enable NextDNS

Then login to the analytics tab at https://my.nextdns.io/ to see the app in action

Read on for more technical information

https://my.nextdns.io/ Security Options (Tab)

On their account page they had these features

Threat Intelligence Feeds
Block domains known to distribute malware or launch phishing attacks and botnet command-and-control servers using a blend of the most reputable threat intelligence feeds—all updated in real-time.

Google Safe Browsing
Block malware and phishing domains using Google Safe Browsing—a technology that examines billions of URLs per day looking for unsafe websites. Unlike the version embedded in some browsers, this does not associate your public IP address to threats and does not allow bypassing the block.

Cryptojacking Protection
Prevent the unauthorized use of your devices to mine cryptocurrency.

DNS Rebinding Protection
Prevent attackers from taking control of your local devices through the Internet by automatically blocking DNS responses containing private IP addresses.

IDN Homograph Attacks Protection
Block domains that impersonate other domains by abusing the large character set made available with the arrival of Internationalized Domain Names (IDNs)—e.g. replacing the Latin letter “e” with the Cyrillic letter “е”.

Typosquatting Protection
Block domains registered by malicious actors that target users who incorrectly type a website address into their browser (e.g. gooogle.com instead of google.com).

Domain Generation Algorithms (DGAs) Protection
Block domains generated by Domain Generation Algorithms (DGAs) seen in various families of malware that can be used as rendezvous points with their command and control servers.

Block Newly Registered Domains (NRDs)
Block domains registered less than 30 days ago. Those domains are known to be favored by threat actors to launch malicious campaigns.

Block Parked Domains
Parked domains are single-page websites often laden with ads and devoid of any value. Parked domain monetization can sometimes get mixed up with suspicious practices and malicious content.

Top-Level Domains (TLDs) Blocking
Block all domains and subdomains belonging to specific TLDs (e.g “.ru”).

Block Child _______ Abuse Material (CSAM)
Block domains hosting child ______ abuse material with the help of Project Arachnid, operated by the Canadian Centre for Child Protection. No information is transmitted back to Project Arachnid when a domain is blocked.

https://my.nextdns.io/ Privacy Options (Tab)

Under their privacy tab they offer these features

NextDNS Recommended Ads & Trackers Blocklist
A comprehensive blocklist to block ads & trackers in all countries. This is the recommended starter blocklist.

> 78,795 entries • Updated 6 minutes ago

Block Disguised Third-Party Trackers
Automatically detect and block third-party trackers disguising themselves as first-party to circumvent recent browser’s privacy protections like ITP.

Allow Affiliate & Tracking Links (Disabled by default)

Allow affiliate & tracking domains common on deals websites, in emails or in search results. Those usually only get called after manually clicking on a link.

https://my.nextdns.io/ Parental Controls (Tab)

Under the Parental Controls tab these options are available

Safe Search
Filter out adult content on all major search engines, including images and videos. This will also block access to search engines not supporting this feature.

YouTube Restricted Mode
Filter out mature videos on YouTube and block embedded mature videos from being watched on other websites. This will also hide all comments.

Block Bypass Methods
Prevent or hinder the use of methods that can help bypass NextDNS filtering on the network. This includes VPNs, proxies, Tor-related software and encrypted DNS providers.

https://my.nextdns.io/ Blacklist Controls

You have the ability to blacklist (block) one or many domains. I decided to block a few sites from my kids eyes.

3 sites added to the blacklisy

https://my.nextdns.io/ Whitelist Controls

You have the ability to whitelist (allow) one or many domains.  I white;listed my site.

I whitelisted fearby.com

IMHO: The words Blacklist and Whitelist are a bit old, maybe they should use Allow Site/Deny Site?

How to Setup nextdns.io

Easy setup instructions are available for Android, iOS, Windows, macOS, Linux, Chrome OS, Firefox and Routers

Setup instructions for Android, iOS, Windows, macOS, Linux, Chrome OS, Firefox, Routers

I set these options

I disabled access to Mature websites along with Gambling, Piracy and Dating sites at my.nextdns.io

Disabled options

I enabled the Block Bypass Methods

option to enable bypass block

I enabled YouTube Restriction Mode

Setting to enable YouTube restriction mode

I went to the Privacy Tab at https://my.nextdns.io and added all Blocklists (about 100 lists).

100+ block lists

Tip: Don’t enable the “No Google (Completely block Google and its services)” as this will kill YouTube and my email (GSuite)

I am impressed by the number of available Blocklists and update frequency

Block ads & trackers using the most popular blocklists available—all updated in real-time.

Here is a list of the BLock lists availabe at the tile of this post.

NextDNS Recommended Ads & Trackers Blocklist
A comprehensive blocklist to block ads & trackers in all countries. This is the recommended starter blocklist.
78,795 entries • Updated 17 minutes ago

AdGuard Simplified Domain Names filter
A filter composed of several other filters (English filter, Social media filter, Spyware filter, Mobile Ads filter, EasyList and EasyPrivacy) and simplified specifically to be better compatible with DNS-level ad blocking.
github.com/AdguardTeam/AdguardSDNSFilter • 29,858 entries • Updated 13 hours ago

hpHosts (ATS / Ads & trackers)
hpHosts is a community managed and maintained hosts file that allows an additional layer of protection against access to ad, tracking and malicious websites.
hosts-file.net • 45,734 entries • Updated 2 days ago

Steven Black
Extending and consolidating hosts files from several well-curated sources like adaway.org, mvps.org, malwaredomainlist.com, someonewhocares.org, and potentially others.
github.com/StevenBlack/hosts • 51,977 entries • Updated a day ago

Disconnect (Tracking)
Free yourself from unwanted tracking. Enjoy a faster, safer internet.
disconnect.me • 34 entries • Updated 2 days ago

Disconnect (Ads)
Free yourself from unwanted tracking. Enjoy a faster, safer internet.
disconnect.me • 2,701 entries • Updated 2 days ago

CAMELEON
CAMELEON is a free system that helps Internet users or administrators to blocks web-adverts.
sysctl.org/cameleon • 20,568 entries • Updated 2 days ago

Anudeep’s Blacklist
A list of adserving and tracking sites maintained by me. This list will be updated frequently. github.com/anudeepND/blacklist • 38,251 entries • Updated 2 days ago

NSABlocklist
Block all known NSA / GCHQ / C.I.A. / F.B.I. spying servers. Originally based on 2007 published Wikileaks documents and includes my own modifications from 2008, 2012, 2014 and 2015.
github.com/CHEF-KOCH/NSABlocklist • 8,199 entries • Updated 17 minutes ago

EasyList
EasyList is the primary filter list that removes most adverts from international webpages, including unwanted frames, images and objects. It is the most popular list used by many ad blockers and forms the basis of over a dozen combination and supplementary filter lists.
easylist.to • 17,646 entries • Updated 17 minutes ago

Peter Lowe
Blocklist for use with hosts files to block ads.
pgl.yoyo.org/adservers • 3,283 entries • Updated 11 hours ago

notracking
Automatically updated, moderated and optimized list for blocking ads, trackers and other online garbage.

github.com/notracking/hosts-blocklists • 81,155 entries • Updated 7 hours ago

EasyPrivacy
EasyPrivacy is an optional supplementary filter list that completely removes all forms of tracking from the internet, including web bugs, tracking scripts and information collectors, thereby protecting your personal data.
easylist.to • 6,869 entries • Updated 17 minutes ago

AdGuard Mobile Ads filter
Filter that blocks ads on mobile devices. Contains all known mobile ad networks.
kb.adguard.com/general/adguard-ad-filters#mobile-ads-filter • 1,002 entries • Updated 19 hours ago

Fanboy’s Annoyance List
Fanboy’s Annoyance List blocks Social Media content, in-page pop-ups and other annoyances; thereby substantially decreasing web page loading times and uncluttering them.
easylist.to • 1,028 entries • Updated 17 minutes ago

StreamingAds
Streaming services ads sources.
github.com/FadeMind/hosts.extras • 57 entries • Updated 2 days ago

Disconnect (Malvertising)
Free yourself from unwanted tracking. Enjoy a faster, safer internet.
disconnect.me • 2,736 entries • Updated 2 days ago

Goodbye Ads
Specially Designed for Mobile Ad Protection.
github.com/jerryn70/GoodbyeAds • 76,536 entries • Updated 2 days ago

AdGuard Tracking Protection filter
The most comprehensive list of various online counters and web analytics tools. If you do not want your actions on the Internet be tracked, use this filter.
kb.adguard.com/general/adguard-ad-filters#tracking-protection-filter • 5,014 entries • Updated 18 hours ago

AdAway
Blocking mobile ad providers and some analytics providers.
github.com/AdAway/adaway.github.io • 12,176 entries • Updated 2 days ago

WindowsSpyBlocker (Spy)
Block spying and tracking on Windows systems.
github.com/crazy-max/WindowsSpyBlocker • 365 entries • Updated 2 days ago

MVPS HOSTS
Includes entries for most major parasites, hijackers and unwanted Adware/Spyware programs!
winhelp2002.mvps.org/hosts.htm • 10,476 entries • Updated 2 days ago

AdGuard Base filter
Filter that enables removing of the ads from websites with English content.
kb.adguard.com/general/adguard-ad-filters#base-filter • 19,667 entries • Updated an hour ago

someonewhocares.org (Dan Pollock)
Protects you from many types of spyware, reduces bandwidth use, blocks certain pop-up traps, prevents user tracking by way of “web bugs” embedded in spam, provides partial protection to IE from certain web-based exploits and blocks most advertising you would otherwise be subjected to on the internet.
someonewhocares.org/hosts • 14,404 entries • Updated 2 days ago

dbl.oisd.nl
Internet’s #1 domain blocklist. Blocks Ads, Mobile Ads, Phishing, Malvertising, Malware, Tracking, Telemetry, CryptoJacking, Analytics, Spyware, Ransomware, Exploid, Fraud, Abuse, Scam, Spam, Hijack, Misleading Marketing.
oisd.nl • 1,160,440 entries • Updated 5 hours ago

NoTrack Tracker Blocklist
Contains one of the largest compilation of sites associated with tracking your online activities and invading your privacy.
gitlab.com/quidsup/notrack-blocklists • 13,412 entries • Updated 2 days ago

antipopads
List of popads.net domains.
github.com/Yhonay/antipopads • 11,442 entries • Updated a day ago

1Hosts (Complete)
Protect your ‘data’ & eyeballs from being auctioned to the highest bidder.
forum.xda-developers.com/android/general/badmojr-one-host-file-to-block-t3713360 • 66,731 entries • Updated 2 days ago

AdGuard Social Media filter
If you do not like numerous «Like» and «Tweet» buttons on all the popular websites on the Internet, subscribe to this filter, and you will not see them anymore.
kb.adguard.com/general/adguard-ad-filters#social-media-filter • 55 entries • Updated 3 hours ago

squidblacklist.org (Ads)
Blocks advertisements and tracking.
www.squidblacklist.org • 552 entries • Updated a month ago

UncheckyAds
Windows installers ads sources.
unchecky.com • 10 entries • Updated 2 days ago

Fanboy’s Enhanced Tracking List
Fanboy’s Enhanced Tracking List blocks common tracking scripts such as Omniture, Webtrends, Foresee, Coremetrics, Google-Analytics, Touchclarity, ChannelIntelligence.
fanboy.co.nz • 151 entries • Updated 2 days ago

EasyList China
EasyList China is an affiliated filter list written by John and Li that specifically removes adverts on Chinese language websites.
easylist.to/pages/other-supplementary-filter-lists-and-easylist-variants.html • 5,818 entries • Updated 17 minutes ago

280blocker
280blocker adblock domain lists.
280blocker.net • 1,059 entries • Updated 2 days ago

Lightswitch05 – Ads & Tracking
A programmatically expanded list of hosts I’ve found to not be on other lists.
www.github.developerdan.com/hosts • 107,013 entries • Updated 21 hours ago

Shalla’s Blacklists (tracker)
Site keeping an eye on where you surf and what you do in a passive. Covers web bugs, counters and other tracking mechanism in web pages that do not interfere with the local computer yet collecting information about the surfing person for later analyis. Sites actively spying out the surfer by installing software or calling home sites are not covered with tracker but with -> spyware.
www.shallalist.de • 1,246 entries • Updated 2 days ago

Shalla’s Blacklists (adv)
All about advertising: This includes sites offering banners and banner creation as well as sites delivering banners to be shown in webpages. Advertising companies are listed, too.
www.shallalist.de • 14,275 entries • Updated 2 days ago

Energized Ultimate
Strictly blocks advertisements, malwares, spams, statistics & trackers on both web browsing and applications. Flagship Protection Pack from Energized Protection.
github.com/EnergizedProtection/block • 970,212 entries • Updated 16 hours ago

EasyList Germany
EasyList Germany is a filter list written by the EasyList authors MonztA, Famlam and Khrin that specifically removes adverts on German language websites.
easylist.to/pages/other-supplementary-filter-lists-and-easylist-variants.html • 595 entries • Updated a day ago

CHEF-KOCH’s HOSTS Spotify Ad-Filter List
Blocks all Spotify Ads, easy peasy lemon squeezy!
github.com/CHEF-KOCH/Spotify-Ad-free • 4,041 entries • Updated 2 days ago

add.2o7Net
2o7 Network tracking.
hostsfile.org/hosts.html • 1,286 entries • Updated 2 days ago

Personal Blocklist by WaLLy3K
Content added to this list has been manually verified, and is updated irregularly. firebog.net/about • 753 entries • Updated 2 days ago

EasyList Dutch
EasyList Dutch is an affiliated filter list written by the EasyList author Famlam that specifically removes adverts on Dutch language websites.
easylist.to/pages/other-supplementary-filter-lists-and-easylist-variants.html • 83 entries • Updated 17 minutes ago

Liste FR
Liste FR is an affiliated filter list written by Lian, Crits and smed79 that specifically removes adverts on French language websites.
easylist.to/pages/other-supplementary-filter-lists-and-easylist-variants.html • 5,411 entries • Updated 17 minutes ago

Energized Basic
Strictly blocks advertisements, malwares, spams, statistics & trackers on both web browsing and applications. An All-Rounder Balanced Protection Pack.
github.com/EnergizedProtection/block • 654,392 entries • Updated 16 hours ago

CertyficateIT
Polish ads filter.
github.com/MajkiIT/polish-ads-filter • 3,128 entries • Updated 8 hours ago

Energized Regional Extension
Strictly blocks advertisements, malwares, spams, statistics & trackers on both web browsing and applications. An Extension to Block Regional Annoyances.
github.com/EnergizedProtection/block • 64,320 entries • Updated 16 hours ago

Energized Spark
Strictly blocks advertisements, malwares, spams, statistics & trackers on both web browsing and applications. True Lite Blocking.
github.com/EnergizedProtection/block • 67,662 entries • Updated 16 hours ago

ABPindo
ABPindo is an affiliated filter list written by hermawan that specifically removes adverts on Indonesian language websites.
github.com/ABPindo/indonesianadblockrules • 594 entries • Updated 2 days ago

Energized Blu
Strictly blocks advertisements, malwares, spams, statistics & trackers on both web browsing and applications. A Mid Ranger Flagship Protection Pack.
github.com/EnergizedProtection/block • 330,817 entries • Updated 16 hours ago

EasyList Italy
EasyList Italy is a filter list written by the EasyList author Khrin that specifically removes adverts on Italian language websites.
easylist.to/pages/other-supplementary-filter-lists-and-easylist-variants.html • 204 entries • Updated 17 minutes ago

AdGuard Russian filter
Filter that enables removing of the ads from websites in Russian.
kb.adguard.com/general/adguard-ad-filters#russian-filter • 3,944 entries • Updated an hour ago

Energized Blu Go
Strictly blocks advertisements, malwares, spams, statistics & trackers on both web browsing and applications. A Lightweight Mid Ranger Protection Pack.
github.com/EnergizedProtection/block • 131,781 entries • Updated 16 hours ago

RU AdList
Russian supplement for EasyList.
forums.lanik.us/viewforum.php?f=102 • 7,887 entries • Updated 17 minutes ago

yhosts
AD hosts爱好群,群号:201973909;
github.com/vokins/yhosts • 8,940 entries • Updated 2 days ago

EasyList Hebrew
EasyList Hebrew is an affiliated filter list written by BsT that specifically removes adverts on Hebrew language websites.
github.com/easylist/EasyListHebrew • 129 entries • Updated 13 hours ago

EasyList Czech and Slovak
EasyList Czech and Slovak is an affiliated filter list written by tomasko126 that specifically removes adverts on Czech and Slovak language websites.
github.com/tomasko126/easylistczechandslovak • 83 entries • Updated 2 days ago

hostsVN
Hosts block ads of Vietnamese – Hosts chặn quảng cáo của người Việt.
github.com/bigdargon/hostsVN • 18,846 entries • Updated 2 hours ago

Lightswitch05 – Tracking Aggressive
A very aggressive block list for tracking, geo-targeting, & ads. This list will likely break functionality, so do not use it unless you are willing to maintain your own whitelist.
www.github.developerdan.com/hosts • 4,919 entries • Updated 2 days ago

Liste AR
Liste AR is an affiliated filter list written by smed79 and Crits that specifically removes adverts on Arabic language websites.
easylist.to/pages/other-supplementary-filter-lists-and-easylist-variants.html • 85 entries • Updated 17 minutes ago

Bulgarian list
Bulgarian list is an affiliated filter list written by Alex that specifically removes adverts on Bulgarian language websites.
easylist.to/pages/other-supplementary-filter-lists-and-easylist-variants.html • 10 entries • Updated 2 days ago

Latvian List
Latvian List is an affiliated filter list written by anonymous74100 that specifically removes adverts on Latvian language websites.
notabug.org/latvian-list/adblock-latvian • 53 entries • Updated 2 days ago

EasyList Lithuania
EasyList Lithuania is an affiliated filter list written by gymka that specifically removes adverts on Lithuanian language websites.
github.com/EasyList-Lithuania/easylist_lithuania • 19 entries • Updated 2 days ago

Energized Xtreme Extension
Strictly blocks advertisements, malwares, spams, statistics & trackers on both web browsing and applications. An Extreme Solution for Ultimate Protection.
github.com/EnergizedProtection/block • 32,635 entries • Updated 16 hours ago

hufilter
Block hungarian ads.
github.com/hufilter/hufilter • 149 entries • Updated 2 days ago

Finnish Easylist Addition
Finnish adblock list.
github.com/finnish-easylist-addition/finnish-easylist-addition • 66 entries • Updated 2 days ago

ABPVN List
The ABP advertising filter is built with the mission of improving the browsing experience for users and for the Vietnamese.
abpvn.com • 19,490 entries • Updated 2 hours ago

Frellwit’s Swedish Hosts File
Reduce your exposure to ads, tracking, scams & badware, and occasionally some annoyances on (mostly) Swedish websites.
github.com/lassekongo83/Frellwits-filter-lists • 669 entries • Updated 2 days ago

1Hosts (Pro)
Protect your ‘data’ & eyeballs from being auctioned to the highest bidder.
forum.xda-developers.com/android/general/badmojr-one-host-file-to-block-t3713360 • 215,683 entries • Updated 2 days ago

bkrucarci turk-adlist
Ad servers list to block ads on Turkish websites.
github.com/bkrucarci/turk-adlist • 847 entries • Updated 2 days ago

AdAway Blocking Hosts File for Japan
AdAwayで使用可能な、日本環境用 広告除去用hostsを公開します。日本環境用に特化しています。
logroid.github.io/adaway-hosts • 31,809 entries • Updated 2 days ago

Goodbye Ads Ultra
Specially Designed for Mobile Ad Protection. Premium protection.
github.com/jerryn70/GoodbyeAds • 459,196 entries • Updated 2 days ago

ad-wars
只是 ad-wars 的帮助文档
github.com/jdlingyu/ad-wars • 1,548 entries • Updated 2 days ago

1Hosts (mini)
Protect your ‘data’ & eyeballs from being auctioned to the highest bidder.
forum.xda-developers.com/android/general/badmojr-one-host-file-to-block-t3713360 • 53,512 entries • Updated 2 days ago

YousList
Block filter for advertisements, mainly on Korean sites.
github.com/yous/YousList • 145 entries • Updated 5 hours ago

No Google Completely block Google and its services. github.com/nickspaargaren/no-google • 302 entries • Updated 2 days ago

That is a lot of protection

Nextdns.io Android Setup

I setup nextdns.io on my Android 10 Device

I installed the official NextDNS app from the Play Store (https://play.google.com/store/apps/details?id=io.nextdns.NextDNS

After the app was installed I entered my specified Configuration ID (tip: don’t copy the space on the end of the text) into the In the NextDNS app.

Now I can enable or disable the NextDNS.io protections.

Next DNS App on Androiud (Simple Connect/Disconnect Button)

Options are available in the app but are limited. If you need to change options go to https://my.nextdns.io/

NectDNS.io Android App Settings.

I enabled NextDNS then I tried accessing a mature website.

Access to the site was blocked.

Access to a mature site is blocked

I tried bypassing the invalid HTTP’s certificate.

This too was blocked also.

I opened YouTube and some advertisements were gone but not all (Hello PewDiePie, nice Merch)

NO ads in YouTube

Comments were disabled, Nice. Restricted mode is enabled, this is perfect for my kids (PewDiePie Fans).

NO Comments in YouTube.

I am not against Content Creators making money from Advertisement revenue I am against the privacy issue.  If you love consuming a Content Creators stuff then support them on their Merch store(s).

Windows 10 Setup

Installing on Windows is easy, login to https://my.nextdns.io/ and click on the Windows Button

1. Install the official NextDNS app → https://nextdns.io/download/windows/stable.

Click Next

Agree to the licence agreement

Agree to the licence agreement

Choose an Install location

Choose an Install location

Installing TAP Device (looks like it is from https://openvpn.net/)

Installing TAP Device (looks like it is from https://openvpn.net/)

You need to install the device.

Install Driver Screenshost

2. After installing, right-click on NextDNS icon in the Systray then open the Settings. Set your supplied ###### as Configuration ID found at 

3. Right-click on NextDNS icon in the Systray, then click on Enable.

add your config ID to the setup screen

You can enable or disable the NextDNS service from the Windows system tray

You can enable or disable the NextDNS service from the Windows system tray

You can also Start and Stop the service from the Windows services app

Start stop a service screenshot

Blocking bad sites , YouTube comments etc all work on Windows as they do on Android.

Nextdns.io iPad Setup

If I can get my daughters iPad from her hands I will show the steps.  Basically the same as android but from the Google Play store.

1. Install our official app from the App Store → https://apps.apple.com/app/nextdns/id1463342498

2. Open the app then go to Settings and toggle “Use Custom Configuration”. Enter your Configuration ID 

3. Enable NextDNS in the NextDNS iOS app

Blocking bad sites , YouTube comments etc all work on iOS as they do on Windows and Android.

Analyics (the nest feature)

The best part of NextDNS.io is the superb analytics available.  Because they are a DNS server they can track incoming request(s) from all of my connected computes.

In 2 days my home network made 22,247 queries to the internet, 5684 requests were blocked, I could see the top accessed websites (antivirus and kids games) and a map of where the requests were going.

nextdns.io analytics is awesome.

If the Analytics was not enough I could see all the requests logs.

I filtered all blocked web traffic.

List of web traffic blocked.

The internet is a dumpster fire with all this tracking.

dumpster fire meme

Pricing

Snip from here. “Pricing is completely free during the beta, then free up until about 300,000 DNS queries/month — $1.99/month for unlimited queries. If you decide to stay on the free plan, NextDNS will simply behave like a classic public resolver after reaching the 300,000 queries limit.”

Conclusion

Don’t surf the web without protection. Every parent should install this on their kids machines.

I can’t wait for this product to leave beta, I wan’t this service in my house.

I have not been paid to promote this product.

 

 

 

 

 

Version: v1.2

v1.2 Quick Setup Guide

v1.1 Updated Conclusion and Pricing.

v1.0 Initial Draft

Setting up additional server storage on cloud servers (block storage on Vultr)

by

Vultr has a generous disk quota with the cloud servers you can set up. But what do you do when you want more space than the default allocation (for backup or application data)?

Advertisement:



I have blogged before about setting up an Ubuntu server on the cloud on Vultr and configuring it if you do not already have a cloud server.

Vultr allows you to set up a server in minutes.

Server

A Vultr $2.5 a month server comes with 20GB storage, a $20 a month server comes with 60GB of SSD storage.

Vultr does offer more storage for about 0.10c per GB. At this time or writing Vultr allows you to add more storage to serves in NY/NJ (only). Read my guide on moving data between servers with RSync. And cond forget yo secure your server with a free SSL certificate and secure it (read more here and here).

An additional 10GB of storage would cost $1/m.

10GB

An additional 50GB of storage would cost $5/m.

50GB

An additional 100GB of storage would cost $10/m.

100GB

An additional 250 GB of storage would cost $25/m

250GB

View the Vultr pricing calculator hereVultr does say that you can resize your block storage volume but there are manual actions and risks involved so get the space you need early on and prevent resizing later.

Read the Vultr Block Storage FAQ here: https://www.vultr.com/docs/block-storage

Vultr did offer early customers in (limited location’s) a free 50GB storage (read more on these limits here).

I am going to spin up a Block storage and attach to my server in Sydney.

fyi: Read the official guide on Attacking Block Storage to a Vultr server.

1. Login to your Vultr admin panel ( https://my.vultr.com/ ) and click Block Storagehttps://my.vultr.com/blockstorage/ ).

2. Click Add Block Storage

Add Block Storage

3. Choose the size of your block storage volume.

New Block Storage

Darn, I can’t choose Syndey yet as a location to create a block storage volume (I have asked Vultr when we can) so I’ll continue this guide with my existing (free) 50GB volume in New Jersey) and mount it in a server in NY/NJ (and also Syndey).

It appears I can’t connect to a  Block Storage volume outside the block storages location (data centre).

Manage Block Storage

 

You will need to attach the block storage volume to the server at that data centre location or you will get this error when you try and connect to it later.

Error

 

In my case, the server did not automatically restart so I manually restarted it.

 

Connecting the Block Storage to your VM

From the Vultr admin panel ( https://my.vultr.com ), Block Storage ( https://my.vultr.com/blockstorage/ ) you can manage individual Block Storage volumes and see the mounting information.

e.g

FYI: You can only connect to a  block storage from the same location (one server at a time I’d imagine).

4. From he Vultr Admin panel SSH into the server (in the same location).  See my guide here on setting up a Vultr server and configuring it.

Vultr say’s “Block storage is connected to your server as /dev/vdb. We do not create any filesystems on it by default.” Official Block storage documentation is located here.

5. Run the commands listed in the Block Storage screen (above)

Mount

Error: In my case, the echo command failed  add to configuration to the /etc/fstab file (even with sudo) and the mount command failed?

I checked the /etc/fstab file contents

I manually edited the /etc/fstab file and added the mount point configuration as suggested by Vultr.

Contents

6. I re-ran the mount command

sudo mount /mnt/blockstorage
#

Success

I can now directory list in the block storage volume.

ls /dev/vdb1 -al
brw-rw---- 1 username disk 253, 17 Nov  7 21:18 /dev/vdb1

 

Now let’s attach it to another folder in the root folder (e.g /data)

First, unmount the volume

Edit the /etc/fstab file with sudo nano

Change the mount point somewhere else (e.g /data)

Make a folder in the new path (/data), If you don’t do this the mount will fail.

Remount the volume (but use the new path)

sudo mount /data

You can now use the path and new storage.

cd /data
mkdir /data/test
cd /data/test
pwd
# /data/test/
sudo nano /data/test/test.txt

Nice

 

Disposing of Block Storage

TIP: Move or backup any data before you destroy or detach the volume.

First, you will need to unmount the volume (SSH session with your server).

Then remove the entry from the /etc/fstab file

Then you can navigate to the https://my.vultr.com/blockstorage/ and edit the said block storage volume and detach the volume (this will cause the server to reboot).

Detatch

After a few minutes you can delete the volume from the edited Block Storage Volume page  (click the Trashcan up the upper right).

Detatch

Done, You can now add and remove Block Storage volumes on Vultr.

 

How to check the disk usage of the block storage volume

You may need to remind yourself of the block storage volume (cat the /etc/fstab file and view the drive information on the mount line).

cat /etc/fstab
# .. /dev/vdb1 ..

How much space is used/free

df -h /dev/vdb1
Filesystem      Size  Used Avail Use% Mounted on
/dev/vdb1        50G   52M   47G   1% /data

You can also show the usage information in that mounted folder

du -xsch /data
10G     /folder1
10G     /folder2
20G     total

Use the pydf tool to view mounted partitions

Install pydf

Use pydf

 

Troubleshooting

  • You need to attach the block storage volume and reboot in the Vultr admin panel before mounting.
  • The echo command (as documented by Vultr) may not add information to the /etc/fstab file (a manual edit will work).

 

 

How to Resize a Block Storage Volume on Vultr.

Coming soon (if requested below).

 

Donate and make this blog better


Ask a question or recommend an article
[contact-form-7 404 "Not Found"]

v1.2 added disk usage information

Blocking XCode iOS Simulator App traffic with the help of Little Snitch firewall

by

Backend Considerations

I have been developing a mobile app using XCode and Swift 3 for a while now, I have been very focused on developing a scalable and robust back ends on multiple servers using different services. Loads of experts say you only have two chances to keep users engaged before they leave your app because of speed or silly error messages or slow apps.  Part of having a trustworthy app is giving users true error messages when errors pop up.  This involves testing and developing for each error scenario.

Advertisement:



I have tried to guess every possible failure point and use HTTP status codes in my app API to inform the user of reasons why something has failed (not just a success/fail).

A typical API’s for my app return these possible HTTP status error codes.

  • 400 – No Body.
  • 401 – Invalid payload (automatically validated multiple ways using node modules like validator).
  • 402 – Invalid input payload (manually validated by my code).
  • 403 – Backend NoSQL database down.
  • 404 – Invalid User
  • 405 – Query returned no results from back end NoSQL database
  • 406 – Invalid Output Payload (from various sources).
  • 407 – User has reached max queries in xx minutes.
  • 408 – Invalid Request
  • etc

I use http://keymetrics.io to monitor my node processes, custom code to notify me when things go down and I use the node package winston to log anything for later review.  I am happy with the throughput, even with the excessive logging and access controls and I am now moving onto the front end of my application.

Front End

I decided to use Swift 3 in XCode 8.2.1 to talk to my JSON API, I am using the Alamofire Networking module in Xcode to handle the network stack (as pure Swift 3 networking code was horrid).

Tip: I had issues with CocoPods to manage the installation of Alamofire so I ended up dropping it and installing it manually.

Once I setup my API setup the code below to query my API (‘/appname/api/v1/login/’) and process the data returned.

let parameters: Parameters = [
    "email": "\(sUsername)",
    "password": "\(sEncryptedHashedPassword)"
]
let headers: HTTPHeaders = [
    "x-access-token": "\(sSingleUseUserAccessToken)",
    "Content-Type": "application/json",
    "Accept": "application/json",
    "DNT": "1 (Do Not Track Enabled)"
]
let theAPIURL = globalSettings.API_LOGIN_PAGE

Alamofire.request("\(theAPIURL!)", method: .post, parameters: parameters, encoding: JSONEncoding.default, headers: headers)
    .validate(statusCode: 200..<201)
    .validate(contentType: ["application/json"])
    .responseData { response in
        switch response.result {
        case .success(let data):
            
            # Debug 
            print("Login Success (200)")
            print("response.request: \(response.request)")  // original URL request
            print("response.response: \(response.response)") // HTTP URL response
            print("reposnse.data: \(response.data)")        // server data
            print("result: \(response.result)")   // result of response serialization
            print("Login Time: \(response.timeline)")  // time
            
            // Processing Successful Login.
            
            let json = try! JSONSerialization.jsonObject(with: data)
            
            // Debug Return Payload
            print(json)
                        
            // Unwraping Payload Preferences

        
            // Assume the App Loads OK (Checks below)
            var local_LoadedOk = "Yes"
                local_LoadedOk = "Yes"
            var local_LoadedNotOKMessage = "Unknown Error"
                local_LoadedNotOKMessage = "Unknown Error"
            
            // API Payload Validation
            
            var local_LoginChecksPassingOK = true
                local_LoginChecksPassingOK = true
            
            // Get the users guid from the API Payload ( simple validation )
            var local_f_guid = (json as! NSDictionary)["f_guid"] as! String
            print("local_f_guid: \(local_f_guid)")
            if local_f_guid != "" {
                // Is the guis the right length?
                if local_f_guid.characters.count == 36 {
                    // ok
                    print(" - guid ok")
                } else {
                    local_f_guid = ""
                    // login guid too short
                    local_LoginChecksPassingOK = false
                    local_LoadedOk = "No"
                    local_LoadedNotOKMessage = "There was an error with your account (login guid error). Please contact support (LoginError_001)"
                }
            } else {
                local_f_guid = ""
                // Error Login Guid Missing
                local_LoginChecksPassingOK = false
                local_LoadedOk = "No"
                local_LoadedNotOKMessage = "There was an error with your account (login guid error). Please contact support (LoginError_002)"
            }
            
        // Get Username from API Payload
            var local_Username = (json as! NSDictionary)["Username"] as! String
            print("local_Username: \(local_Username)")
            if (local_LoginChecksPassingOK == true) {
                print("login validation ok so far")
                // Get Username
                if local_Username != "" {
                    // Check Email for @ symbol
                    if local_Username.characters.count > 0 {
                        // ok
                        print(" - username ok")
                    } else {
                        local_Username = ""
                        // Username Empty
                        local_LoginChecksPassingOK = false
                        local_LoadedOk = "No"
                        local_LoadedNotOKMessage = "There was an error with your account (email invalid). Please contact support (LoginError_003)"
                    }
                    
                } else {
                    local_Username = ""
                    // Username Empty
                    local_LoginChecksPassingOK = false
                    local_LoadedOk = "No"
                    local_LoadedNotOKMessage = "There was an error with your account (email invalid). Please contact support (LoginError_004)"
                }
            }

            
        // Get Email from API Payload
            var local_Email = (json as! NSDictionary)["Email"] as! String
            print("local_Email: \(local_Email)")
            if (local_LoginChecksPassingOK == true) {
                if (local_LoginChecksPassingOK == true) {
                    if local_Email != "" {
                        // Check Email for @ symbol
                        if local_Email.contains("@") == true {
                            print(" - email ok")
                        } else {
                            local_Email = ""
                            // Username Empty
                            local_LoginChecksPassingOK = false
                            local_LoadedOk = "No"
                            local_LoadedNotOKMessage = "There was an error with your account (email invalid). Please contact support (LoginError_005)"
                        }
                    } else {
                        local_Email = ""
                        // Username Empty
                        local_LoginChecksPassingOK = false
                        local_LoadedOk = "No"
                        local_LoadedNotOKMessage = "There was an error with your account (email invalid). Please contact support (LoginError_006)"
                    }
                }
            }
            
            
            // Was there and Error Loading or Saving
            // ... Code Removed

            // Unload other values
            // ... Code Removed
            
            // Save Preferences
            // ... Code Removed
            
            self.loginActivityIndicator.stopAnimating()
            
            // Redirect Back to Main View
            self.lblLoginProcessing.text = "Returning to the Main Screen........."
            let vc = ( self.storyboard?.instantiateViewController( withIdentifier: "mainViewController") )!
            //vc.view.backgroundColor = UIColor.orange()
            vc.modalTransitionStyle = .crossDissolve
            self.present(vc, animated: true, completion: nil)
            
        case .failure(let error):
            
            var sErrorTitle = ""
            var sErrorBody = ""
            print(" - Login Error")
            print(" - - \(error._code)")
            print(" - - \(error)")
            
            if error._code == NSURLErrorTimedOut {
                //timeout
                print("Error: Server Timeout (NSURLErrorTimedOut)")
                sErrorTitle = "Server Timeout"
                sErrorBody = "The login server timed out.\r\n\r\n Error: \(error)"
            }
            
            if (response.response?.statusCode == 402) {
                print("Error: Invalid Password (402)")
                sErrorTitle = "Invalid Password"
                sErrorBody = "The password you entered was invalid.\r\n\r\n Error: \(error)"
                
            } else if response.response?.statusCode == 403 {
                print("Error: Unknown Account (403)")
                sErrorTitle = "Unknown Account"
                sErrorBody = "The account you entered was not found.\r\n\r\n Error: \(error)"
           
            } else if response.response?.statusCode == 408 {
                print("Error: Server Timeout2 (NSURLErrorTimedOut)")
                sErrorTitle = "Server Timeout2"
                sErrorBody = "The login server timed out.\r\n\r\n Error: \(error)"
                
            } else if response.response?.statusCode == 499 {
                print("Error: Invalid or missing token, please update your app (499) ")
                sErrorTitle = "Invalid Version"
                sErrorBody = "The app token was invalid (or outdated), plaase update your app and try again.\r\n\r\n Error: \(error)"
                
            } else if response.response?.statusCode == 503 {
                print("Error: Database Read Error")
                sErrorTitle = "Sever Error (503)"
                sErrorBody = "The server cannot process your login at this time (Error 503).\r\n\r\n Error: \(error)"
                
            } else if response.response?.statusCode == 504 {
                print("Error: Database Write Error (504)")
                sErrorTitle = "Sever Error"
                sErrorBody = "The server cannot process your login at this time (Error 504).\r\n\r\n Error: \(error)"
                
            } else  {
                print("Unknwon Error (\(response.response?.statusCode)")
                sErrorTitle = "Unable to login"
                
                sErrorBody = "The App was unable to login. Please check your mobile and or wifi settings and try again."
                //sErrorBody = "There was an unknown error loging in (Error (\(response.response?.statusCode))\r\n\r\n Error: \(error)"
                self.resignFirstResponder()
            }

            
            self.loginActivityIndicator.stopAnimating()
            self.resignFirstResponder()
            
            // Show Loading Alert
            let alert = UIAlertController(title: "\(sErrorTitle)", message: "\(sErrorBody)", preferredStyle: .alert)
            self.present(alert, animated: true, completion: nil)
            let when = DispatchTime.now() + 5
            DispatchQueue.main.asyncAfter(deadline: when){
                alert.dismiss(animated: true, completion: nil)
            }
            
        }
}

Everything is working like a real app.  If I enter valid credentials my app logs me in.

If I enter incorrect credentials I get an error.

LittleSnitch001

If I stop my Node login service and try and login I get an appropriate error message.

LittleSnitch002

Simulating full or partial network request failures on different endpoints

I checked the iOS Simulator (10.0 running iOS 10.2) that comes with XCode 8.2.1 to find a way to turn off the network to the simulator and I coudl not find an option???

The iOS Simulator lacks the usual Wifi and Mobile configuration options found on iOS devices.

LittleSnitch003

XCode Simulator is lacking network control features.

LittleSnitch004

LittleSnitch005

XCode allows me to see the network stats within my app but not adjust the network layer status.

LittleSnitch007

Like all good developers I opened google and typed “Is it possible to disable the network in iOS Simulator? and found many solutions on how to disable the network in the simulator like:

  • Close the simulator, disconnect from the internet, start XCode and your project and simulator and then connect to the network (that way the simulator stays disconnected until the simulator reboots). – This does not work.
  • “Build a simple Faraday cage to block or limit the external RF signal level”.

w6ehv

  • “Create a walk-in Faraday cage with a desk inside, the Mac will be much easier to work with”.

I did not want to spend minutes disconnecting and reconnecting to the internet or build a faraday cage so I took Felix advice and downloaded an application for OSX called Little Snitch from Objective Development.

Little Snitch

Reading the Little Snitch website the software reminds me of the good old days of controlling everything before Operating System Vendors buried these features.

Snip: “Whenever an application attempts to connect to a server on the Internet, Little Snitch shows a connection alert, allowing you to decide whether to allow or deny the connection. Your decision gets stored as a rule which will automatically be applied to future, similar connection attempts from the same application.

Time to give Little Snitch a go, $34.95 is a bargain if it works as good as it says it does.

Little Snitch

Little Snitch took 5 mins to install (low level).  After it rebooted the Little Snitch Configuration program popped up.

LittleSnitch008

Little Snitch – System Tray Options were available too.

LittleSnitch009

Default Configuration (will take a number of minutes).

Little Snitch was now prompting me to approve many network connections for background apps.  Currently as we speak MongoDB and AWS Elasticsearch servers are being hit with ransomware. I might be patient and manually approve every process wanting to use my network with Little Snitch.

I opened many apps and responded to the network access prompts when the apps tried to talk to the network.

LittleSnitch0010d

Manually invoking an application to use the network (software update) results in an approval pop-up.

LittleSnitch0010c

After a number of minutes reviewing app network permissions, I loaded up the Little Snitch Network Monitor. Nice.

LittleSnitch0011

The Network Monitor is handy for reviewing in real-time what is happening on your Network/Machine.

Note: My BitDefender is rather busy.

LittleSnitch0012

I have digressed,  let’s see if Little Snitch can block my iOS App to assist with debugging API’s.

Blocking iOS Simulator Traffic with Little Snitch

XCode itself wanted access to the internet before I opened my project.

As soon as I started the XCode iOS Simulator I blocked all simulator related processes (I can turn it back on later).

LittleSnitch0013

Tip” I just found out if you move the mouse above the forever button in the dark grey area you can view more information.

I blocked the following iOS Simulator related processes from making any connection forever.

LittleSnitch0014

LittleSnitch0015

LittleSnitch0016

LittleSnitch0017

Now to start my app on the simulator from XCode and invoke a network call and see if we can block it to trigger my error pop-up.  Yes, I was able to block the iOS Simulated app with Little Snitch 🙂

LittleSnitch0019

I received this “correct” error in my app, Excellent, now I can customize the error messages in my app.

LittleSnitch0020

🙂

The eagle eyes will notice that the error message above is the same as when I turned off the Node Server that handles the login.  Now I need to add some XCode code in to detect “Is Wifi Network Up”,”Is Mobile Network Up”Can Access Network” and “Can Ping Server” etc. This would provide true error messages and not give the user any doubt to what the problem was.

If it was their device blocking my app they need a different message to one that reports a general data connection error or server down error.

Now how do I enable the blocked network traffic in Little Snitch?

Open the Little Snitch Configuration app.

LittleSnitch008

You can easily see what processes are allowed/blocked and change the setting (double click then change the connection to/from to Allow/Deny).

LittleSnitch0022

Summary

As it turns out I did not need to block the other iOS processes (just my app) so in future, I will just Deny or Allow for my app (until quite).

LittleSnitch0019

Little Snitch from Objective Development is an awesome app and allows me to block traffic where XCode would not.  As a bonus it will secure your machine and help keep it safe.

I will update this guide when I learn more about Little Snitch.

 

Donate and make this blog better





Ask a question or recommend an article
[contact-form-7 404 "Not Found"]