NextDNS Integration: Temporarily Disable Blocking

JoeHA · August 5, 2022, 2:41pm

Allow the new NextDNS Integration to change the NextDNS configuration ID. This would resolve a long-standing NextDNS user request - the ability to temporarily disable blocking.

To accomplish this currently:

I have two NextDNS configurations, one for standard blocking and one for no blocking (i.e. no blocklists are specified, but other protection remains in place).
I have a Raspberry Pi running the NextDNS CLI and use an MQTT message from Home Assistant to execute a CLI command to change the configuration; specifically, “sudo nextdns install -config XXXXXX”.
Using a helper switch, anyone in the household can say “Alexa, turn off blocking” and a script or Node Red flow sends the no blocking configuration ID to the Pi and, 30 seconds later, sends the blocking configuration ID to reenable it

Family members are much more accepting of blocking now that they have the ability to temporarily turn it off.

The configuration IDs are 6 characters and are associated with the account (thus should be able to use the same API key).

Note: There are activate/deactivate options in the NextDNS CLI but I could not get them to work. If reliable, that would be useful also.

I would be happy to help test if this is developed.

Nuuki · August 17, 2022, 8:52am

Agreed.

I’m currently using AdGuard Home and I similarly expose a helper to allow it to be disabled temporarily. Discovering I can’t do that with NextDNS has put a halt on my plan to fully migrate over.

I gather than you can deactivate via the NextDNS CLI but I’ve not got that working yet. If it does work, then I can have NR SSH into the router. Its not exactly elegant but if it works then that would be fine. Not something the integration could handle of course…

Bieniu · August 18, 2022, 6:28pm

If I understand correctly you want to change the NextDNS profile that the device is using. This is not possible via NextDNS API. You can enable or disable blocking features using the switches, you can create an automation to temporary disable some NextDNS features.

JoeHA · August 18, 2022, 8:37pm

I could not get activate/deactivate to work either, but NextDNS allows one account to have multiple “configurations”. Each configuration has a unique 6 character id you can view on the NextDNS web site Setup tab. I created a second configuration with no blocklists. I switch between the blocked configuration id and the unblocked by executing this command on the Pi “sudo nextdns install -config XXXXXX” where XXXXXX is the 6 character id I want to use. It’s all under the same account. Even though it invokes install, it executes immediately with no user input required.

I also switched from Adblock Home and almost gave up until I discovered this capability. I can use NextDNS on my iPhone and iPad when traveling and connected to the cell network, a big benefit.

JoeHA · August 18, 2022, 8:40pm

Can you change the “configuration id” with the API? See my response to Nuuki. If possible, it opens up quite a few possibilities.

I’ll experiment with the switches to see if I can get similar behavior.

Bieniu · August 18, 2022, 9:01pm

This is a big difference between HA integration using official NextDNS API and running the nextdns binary with root privileges.

Nope.

JoeHA · August 18, 2022, 9:15pm

Thanks Maciek.

JoeHA · September 2, 2022, 9:17pm

I realized the flaw in my original request. If Home Assistant is not the NextDNS network device, it cannot possibly change the configuration that NextDNS is using. For anyone else looking to disable NextDNS running on a separate Raspberry Pi, the method I described earlier does work. I hope this is helpful to others.

spry-salt · January 4, 2023, 4:50am

Is it possible (or planned?) to be able to add or remove a single domain to the list of permitted domains or the list of not-permitted domains?

daxy · March 27, 2026, 3:23pm

Reviving this topic as it is one of the first search results.

I’ve accomplished this by using the API functionality and remove/add blocklists using REST commands. Hope this is useful for others reading this.

Tip: I’ve created a new profile in NextDNS just for testing purposes.
I’m using aabbccdd as example. Also, under your profile, make sure you have an API Key.

Step 1: Get your current blocklist IDs:
Run this on your cli:
curl -X GET "https://api.nextdns.io/profiles/aabbccdd/privacy/blocklists" -H "X-Api-Key: <YOUR API KEY>"

This is my output:

{"data":[{"id":"nextdns-recommended","name":null,"website":null,"description":null,"entries":88667,"updatedOn":"2026-03-25T19:31:40.000Z"},{"id":"oisd","name":"OISD","website":"https://oisd.nl","description":"Internet's #1 domain blocklist. Blocks Ads, Mobile Ads, Phishing, Malvertising, Malware, Tracking, Telemetry, CryptoJacking, Analytics, Spyware, Ransomware, Exploit, Fraud, Abuse, Scam, Spam, Hijack, Misleading Marketing.","entries":335581,"updatedOn":"2026-03-27T14:15:24.000Z"},{"id":"easyprivacy","name":"EasyPrivacy","website":"https://easylist.to","description":"EasyPrivacy is an optional supplementary filter list that completely removes all forms of tracking from the internet, including web bugs, tracking scripts and information collectors, thereby protecting your personal data.","entries":46344,"updatedOn":"2026-03-27T14:47:24.000Z"}]}

Note down the different IDs.

This is the nextdns.yaml package I’ve created:

rest_command:
  nextdns_disable_blocking:
    url: "https://api.nextdns.io/profiles/aabbccdd/privacy"
    method: patch
    headers:
      X-Api-Key: !secret nextdns_api_key
      Content-Type: application/json
    payload: '{"blocklists": [{"id":"easyprivacy"}]}'

  nextdns_enable_blocking:
    url: "https://api.nextdns.io/profiles/aabbccdd/privacy"
    method: patch
    headers:
      X-Api-Key: !secret nextdns_api_key
      Content-Type: application/json
    payload: '{"blocklists": [{"id":"nextdns-recommended"}, {"id":"oisd"}, {"id":"easyprivacy"}]}'

script:
  disable_nextdns_30min:
    alias: "Disable NextDNS Blocking (30 min)"
    sequence:
      - service: rest_command.nextdns_disable_blocking
      - delay: "00:30:00"
      - service: rest_command.nextdns_enable_blocking

  nextdns_disable_blocking_manual:
    alias: "Disable NextDNS Blocking (manual)"
    sequence:
      - service: rest_command.nextdns_disable_blocking

  nextdns_enable_blocking_manual:
    alias: "Enable NextDNS Blocking (manual)"
    sequence:
      - service: rest_command.nextdns_enable_blocking

Of course an entry should be in your secret.yaml file for nextdns_api_key, alternatively add your API key instead of “!secret nextdns_api_key”.
Unfortunately you cannot refresh the configuration because of the rest_command entries so a full Home-Assistant is required.

This will remove the OISD nextdns-recommended blocklists, leaving easyprivacy in place.
Use it to your advantage