NxFilter Tutorial
Tutorial Index

NxFilter is basically a DNS server with filtering ability. This is for its DNS service related settings.

DNS > Setup > DNS Setup
- Upstream DNS Server
NxFilter works as a forwarding DNS Server. You need to have at least one upstream DNS server.

For Upstream DNS Server addresss, You can specify DNS port number using a colon.

- Upstream DNS Query Timeout
Timeout for a DNS query to your upstream DNS server.

- Response Cache Size
NxFilter has its own cache for DNS responses from its upstream server. You can adjust the cache size. Currently the default size is 200,000 and it is enough for most cases.

- Use Persistent Cache
NxFilter can keep up to 1 million DNS responses in its DB. When you have a big enough persistent cache you will not lose your 'Internet Connection' even if there is a nationwide DNS outage because NxFilter will work with its persistent cache.

- Use Negative Cache
At default, NxFilter doesn't keep negative DNS responses in its cache. With this option enabled, NxFilter will keep negative responses such as 'Server Failure' or 'Non-existent Domain' up to 15 minutes.

- Minimal Responses
NxFilter can send only the answer records in the DNS response from its upstream server to its clients while ignoring the additional and the authority sections for reducing DNS packet size and improving server performance.

- Minimum Cache TTL
You can reduce the number of DNS requests from your clients by setting up a minimum cache TTL value. This only applies on A, AAAA, CNAME records.

- Block Cache TTL
The TTL value for NxFilter's block redirection response.

DNS > Setup > Local DNS
- Local DNS Server
When you have a local DNS server for resolving your local domain add its IP address here. You can add multiple IP addresses separated by commas for redundancy.

- Local Domain
When you have a domain to bypass to your local DNS server add the domain here. You can add multiple domains separated by commas.

Don't use '*' or any wildcard for a local domain. It includes its subdomains already.

- Local DNS Query Timeout
Timeout for a DNS query to your local DNS server.

- Use Local DNS
Enable local DNS.

If you set up a local DNS server, all the DNS queries for your local domain will be bypassed from authentication, filtering and logging.

DNS > Setup > DNS Over HTTPS
You can make NxFilter using Cloudflare or Google HTTPS DNS server as its upstream server. This means you can implement a network wide 'DNS Over HTTPS' easily.

- HTTPS DNS Server
NxFilter supports Cloudflare and Google HTTPS DNS servers.

- HTTPS DNS Query Timeout
Timeout for a DNS query to your HTTPS DNS server.

- Fail-safe With UDP/53
You can make NxFilter querying again using UDP/53 protocol when there's a failure with an HTTPS DNS server.


DNS > Access Control
IP based access control for DNS.

When your access control is too big, you browser can't post all the content. In that case, you have to create 'dns-allow-ip.txt' file for 'Allowed IP for DNS' and 'dns-block-ip.txt' for 'Blocked IP for DNS' in /nxfilter/conf directory. When you use clustering, you have to copy these files into all the nodes.

DNS > Server Protection
- Drop Attack Request By Domain
When there is a domain queried too many times and fills up the request queue rapidly, we drop the DNS requests for the domain for less than 1 minute not to flood the request queue.

- Drop Attack Request By IP
When there is a client sending abnormal amount of DNS requests, we drop the DNS requests from the client for less than 1 minute not to flood the request queue.

- Drop Hostname Without Domain
When you use NxFilter or NxCloud on cloud you don't need to deal with the hostname only domains.

- Drop Reverse Lookup For Private IP
Drop reverse lookup queries for private IP addresses. You might need this option when you run NxFilter on cloud.

- Allow Reverse Lookup For Server IP
At default, NxFilter drops revers lookups for itself. You can allow it with this option.

- Request Type Control
You can set allowed and blocked DNS request types.

DNS > Zone File
When you use NxFilter as an authoritative DNS server you would need to set up a zone file. We use the same format as a BIND zone file. To find out more, read Authoritative DNS server

DNS > Redirection

Domain to IP or domain to domain redirection is possible with NxFilter. It works like a custom DNS record.

DNS > Zone Transfer
You may need to import a DNS zone from another DNS server. Once you add a zone-transfer setup here, NxFilter imports the DNS zone every minute using IXFR protocol.