
OpenWRT will natively support NextDNS in upcoming 19.07.0 release - nextdns
https://github.com/openwrt/luci/pull/3291
======
dddddaviddddd
Lots more coming in 19.07 — the first release candidate was published last
week. Mostly security updates, bug fixes, newer kernel, some improved device
support. Also WPA3 support.

Release notes: [https://forum.openwrt.org/t/openwrt-19-07-0-first-release-
ca...](https://forum.openwrt.org/t/openwrt-19-07-0-first-release-
candidate/48040)

------
wycy
What is the best alternative router firmware these days? The last time I
looked into this, I believe it was between DD-WRT and Tomato.

~~~
s0ss
DD-WRT hasnt had a stable release in 11 years.

Tomato hasn't had a stable release in 9 years.

OPEN-WRT is a fork of DD-WRT. Lede was a fork of OPEN-WRT, but has remerged
with OPEN-WRT. OPEN-WRT is the best firmware for home routers/access points in
my opinion.

~~~
swinglock
OpenWrt is not a DD-WRT fork.

~~~
s0ss
Well I'll be damned -- It's a fork of WRT54G.

~~~
hackbinary
dd-wrt had a better web interface in the early days, and they took copies the
OpenWrt kernel in 2005.

It used to be that dd-wrt was less open than openwrt, but worked better. I
think now, though, openwrt has surpassed dd-wrt.

[https://en.m.wikipedia.org/wiki/DD-WRT](https://en.m.wikipedia.org/wiki/DD-
WRT)

~~~
tw04
dd-wrt is willing to include closed binaries from router MFGs so they tend to
support a larger list of hardware than OpenWRT and on certain models have far
better performance. OpenWRT has a massive community supporting it so, in
general I'd say they're progressing faster/adding more features.

If you have the luxury of buying new hardware, I would go the OpenWRT route
but just make sure you read _EVERYTHING_ on the hardware support page before
pulling the trigger. If you're trying to convert an existing router,
definitely do research on both, there are advantages to each. Personally if I
had a router supported fully by both, I'd go OpenWRT at this point.

------
paulcarroty
And WPA3! I'm always checking OpenWRT compatibility when need a router.

~~~
tialaramex
Does this end up including OWE in the end? It seemed like WPA3 ended up being
standardised without all the features we actually wanted as requirements.

OWE = Opportunistic Wireless Encryption, previously if your WiFi has no
password everybody can passively snoop all the packets, so it makes sense to
use a password even if you tell everybody what it is, like FreeWiFiHere - so
that an active attack would be needed to steal data and you've some chance to
detect it. OWE says wait, why not use ephemeral keys even if there's no
password and then you only set a password if you actually wanted to deny
access to people who don't know the shared password.

~~~
mangix
Yes

------
dsissitka
As an AdGuard and Pi-hole user I want to like NextDNS but when I tried it
there wasn’t an easy way to temporarily disable blocking. Is that still right?
I think that would make it a nonstarter for most of my friends and family.

~~~
Terretta
As family, just share the web admin login, easy to toggle things. Make it a
home screen icon.

With the common ‘social-graph trackers’ apps list tab, toggling WhatsApp if
you have to text with a European or Instagram if you want to post is easy, for
instance.

Or, leverage the NextDNS app, and use the giant toggle button.

------
m-p-3
Interesting. So far I've been using it since I discovered it on HN and I like
it. Their support is quite responsive too, and it's easy to whitelist a domain
if something breaks.

------
AndyMcConachie
This PR is not merged. The first release candidate for 19.07 has already
shipped. Can someone confirm that this will actually ship with 19.07?

~~~
poitrus
There is two PRs, the UI is not merge, the deamon is:
[https://github.com/openwrt/packages/pull/10535](https://github.com/openwrt/packages/pull/10535)

------
zrm
It's good to see DoH going where it ought to be here -- the place where it
gets used by everything automatically, keeps your ISP out of your DNS queries,
and doesn't require everybody to manually configure every separate application
on every separate device in order to set which resolver they want to use.

------
zaist
That is a good news ! I use NextDNS for me and my kids. It's making a real
difference.

~~~
jimbo1qaz
[https://nextdns.io/](https://nextdns.io/)

>Get in-depth analytics about your Internet traffic.

>Shield your kids from adult content.

Do you use NextDNS as a way to monitor your children online?

~~~
1_player
I would've hated it if my parents could monitor my internet access when I was
15 in the early 2000s. I've been in some weird places by pure chance and
curiosity, though the Geocities era of the Internet was much different that
today's.

------
obituary_latte
Can anyone comment on the efficacy of ad blocking with NextDNS compared to Pi-
hole?

~~~
akerro
My OpenWRT uses in-memory blacklist in dnsmasq on Omnia Turris that's faster
than rpi.

I would imagine the performance of settings it on pihole would be
unnoticeable, as it also stores blacklist in memory. The only latency
difference would be in network request likely.

~~~
onyva
Also on Turris with knot-resolver and adblock... is there a reason to
outsource blocking really? Why trust nextdns? Isn’t going to be a subscription
based service once out of beta?

~~~
poitrus
Some reasons can be: easier to setup, can be used on devices when on the go,
get encryption by default with DoH.

Most routers are not powerful enough to efficiently run blocklists and
analytics locally.

------
givinguflac
This is cool as an option but personally I prefer filtering at home using
Diversion and Skynet on AsusWRT router firmware.

This dns may be a good option for the non-technical but personally I never
want a DNS to do filtering for me.

------
messe
I wonder if something like eBPF would be useful for DNS filtering. With
bounded loops, it'd be perfect for running in the cloud.

------
mangix
Not sure if fake news. This is not even merged.

~~~
poitrus
The UI is not, the actual package is:
[https://github.com/openwrt/packages/pull/10535](https://github.com/openwrt/packages/pull/10535)

------
kpU8efre7r
Does this add a lot of much needed wireless support? I tried this on my
wrt3200acm and lost quite a few wireless features and was forced to switch
back.

~~~
tenebrisalietum
That's dependent on likely Broadcom to release an open source driver so it can
work on a later kernel.

