opn-repo
opn-repo copied to clipboard
mimugmail
Nextdns CLI port
I saw that nextdns CLI is already among BSD ports: https://www.freshports.org/dns/nextdns/ Could we... add it to the repo?
Uh, bummer... The version in ports is old, old, old development version. The latest version published here is 1.32.1 - with way more features...
Can you check if it has a CLI Option to update itself? Otherwise I need to update the port itself
The latest CLI version has a self-update command line option. The old one in ports doesn't.
If you would delegate an option to maintain updates of selected non-ports binaries in your repo - how would that process work?
We need to add the binary inside a plugin. Do you have some kind of plugin code already to publish here?
Have code? Yes. Is it clean and publishable? Nooooooo.
Let me work on it a bit more.
Do you know where the config file will be stored? I just checked how to set the ID via CLI, but this is no fun for templating.
yes there is... /usr/local/etc/nextdns.conf is the file where nextdns stores all settings.
See: https://github.com/nextdns/nextdns/wiki/Configuration-File-Format
You can manually force it with sudo nextdns config set -config-file /usr/local/etc/nextdns.conf
all nextdns config set parameters:
-auto-activate
Run activate at startup and deactivate on exit.
-bogus-priv
Bogus private reverse lookups.
All reverse lookups for private IP ranges (ie 192.168.x.x, etc.) are
answered with "no such domain" rather than being forwarded upstream.
The set of prefixes affected is the list given in RFC6303, for IPv4
and IPv6. (default true)
-cache-max-age duration
If set to greater than 0, a cached entry will be considered stale after
this duration, even if the record's TTL is higher.
-cache-size string
Set the size of the cache in byte. Use 0 to disable caching. The value
can be expressed with unit like kB, MB, GB. The cache is automatically
flushed when the pointed configuration is updated. (default "0")
-config value
NextDNS custom configuration id.
The configuration id can be prefixed with a condition that is match for
each query:
* 10.0.3.0/24=abcdef: A CIDR can be used to restrict a configuration to
a subnet.
* 00:1c:42:2e:60:4a=abcdef: A MAC address can be used to restrict
configuration to a specific host on the LAN.
This parameter can be repeated. The first match wins.
-config-file string
Custom path to configuration file.
-control string
Address to the control socket. (default "/var/run/nextdns.sock")
-detect-captive-portals
Automatic detection of captive portals and fallback on system DNS to
allow the connection to establish.
Beware that enabling this feature can allow an attacker to force nextdns
to disable DoH and leak unencrypted DNS traffic.
-discovery-dns string
The address of a DNS server to be used to discover client names.
If not defined, the address learned via DHCP will be used. This setting
is only active if report-client-info is set to true.
-forwarder value
A DNS server to use for a specified domain.
Forwarders can be defined to send proxy DNS traffic to an alternative
DNS upstream resolver for specific domains. The format of this parameter
is [DOMAIN=]SERVER_ADDR[,SERVER_ADDR...].
A SERVER_ADDR can ben either an IP[:PORT] for DNS53 (unencrypted UDP,
TCP), or a HTTPS URL for a DNS over HTTPS server. For DoH, a bootstrap
IP can be specified as follow: https://dns.nextdns.io#45.90.28.0.
Several servers can be specified, separated by comas to implement
failover.
This parameter can be repeated. The first match wins.
-hardened-privacy
Deprecated.
-listen value
Listen address for UDP DNS proxy server.
-log-queries
Log DNS queries.
-max-ttl duration
If set to greater than 0, defines the maximum TTL value that will be
handed out to clients. The specified maximum TTL will be given to
clients instead of the true TTL value if it is lower. The true TTL
value is however kept in the cache to evaluate cache entries
freshness. This is best used in conjunction with the cache to force
clients not to rely on their own cache in order to pick up
configuration changes faster.
-report-client-info
Embed clients information with queries.
-setup-router
Automatically configure NextDNS for a router setup.
Common types of router are detected to integrate gracefuly. Changes
applies are undone on daemon exit. The listen option is ignored when
this option is used.
-timeout duration
Maximum duration allowed for a request before failing. (default 5s)
-use-hosts
Lookup /etc/hosts before sending queries to upstream resolver. (default true)
I am trying to write a javascript code in
Is there some experience of writing html-embedded javascript for OPNsense that reaches out to the 3rd-party service for anything?
Why don't you keep the plugin as simple as it can be and let the rest do nextdns on it's own UI? Don't take it as a offense, but imagine you want to integrate ntopng output into OPN .. sometimes you have to decide if it's worth the work. If it's fun for you, let's do this, but I can't relly help here regarding coding :)
Yeah, I know... As all settings for nextdns are api-accessible (all gets and sets) - I thought to bring them all together into a single user interface.
And it is actually fun to learn new coding oddities along the way; a good break from a daily work routine...
It looks like the ports version is now up-to-date and we won't need binary in the plugin. 😊