A CLI tool for managing NextDNS profiles
Project description
nextdnsctl
A community-driven CLI tool for managing NextDNS profiles declaratively.
Disclaimer: This is an unofficial tool, not affiliated with NextDNS. Built by a user, for users.
Note: While
nextdnsctlhandles API rate limiting and retries, it is not recommended for importing very large blocklists. For large-scale filtering, prefer using NextDNS's built-in curated blocklists under the Privacy tab, and use thedenylistfeature for specific overrides or fine-tuning.
Features
- Bulk add/remove domains to the NextDNS denylist and allowlist
- Import domains from a file or URL
- Export current list to a file for backup
- List and clear all entries in a list
- Parallel API requests for faster bulk operations
- Dry-run mode to preview changes before applying
- Use profile names or IDs interchangeably
Installation
pip install nextdnsctl
Requires Python 3.10+.
Quick Start
# Authenticate (find your API key at https://my.nextdns.io/account)
nextdnsctl auth <your-api-key>
# List your profiles
nextdnsctl profile-list
# Add domains to denylist (using profile name or ID)
nextdnsctl denylist add "My Profile" bad.com evil.com
# Preview changes without applying them
nextdnsctl --dry-run denylist import myprofile blocklist.txt
Authentication
The API key can be provided in two ways (in order of priority):
-
Environment variable (recommended for CI/CD):
export NEXTDNS_API_KEY=your-api-key nextdnsctl profile-list
-
Config file (created by
authcommand):nextdnsctl auth <your-api-key> # Stored in ~/.nextdnsctl/config.json with secure permissions
Global Options
| Option | Description |
|---|---|
--concurrency N |
Number of parallel API requests (1-20, default: 5) |
--dry-run |
Show what would be done without making changes |
--retry-attempts N |
Number of retry attempts for API calls (default: 4) |
--retry-delay N |
Initial delay between retries in seconds (default: 1) |
--timeout N |
Request timeout in seconds (default: 10) |
Profile Identification
All commands accept either a profile ID or profile name (case-insensitive):
# Using profile ID
nextdnsctl denylist list abc123
# Using profile name
nextdnsctl denylist list "My Profile"
Denylist Commands
List entries
nextdnsctl denylist list <profile>
nextdnsctl denylist list <profile> --active-only
nextdnsctl denylist list <profile> --inactive-only
Add domains
nextdnsctl denylist add <profile> domain1.com domain2.com
nextdnsctl denylist add <profile> domain.com --inactive
Remove domains
nextdnsctl denylist remove <profile> domain1.com domain2.com
Import from file or URL
nextdnsctl denylist import <profile> /path/to/blocklist.txt
nextdnsctl denylist import <profile> https://example.com/blocklist.txt
nextdnsctl denylist import <profile> blocklist.txt --inactive
The import file format supports:
- One domain per line
- Comments starting with
# - Inline comments (e.g.,
example.com # reason) - Empty lines (ignored)
Export to file
nextdnsctl denylist export <profile> backup.txt
nextdnsctl denylist export <profile> # outputs to stdout
nextdnsctl denylist export <profile> --active-only > active.txt
Clear all entries
nextdnsctl denylist clear <profile> # asks for confirmation
nextdnsctl denylist clear <profile> --yes # skip confirmation
Allowlist Commands
All denylist commands are available for allowlist with the same syntax:
nextdnsctl allowlist list <profile>
nextdnsctl allowlist add <profile> good.com trusted.com
nextdnsctl allowlist remove <profile> domain.com
nextdnsctl allowlist import <profile> allowlist.txt
nextdnsctl allowlist export <profile> backup.txt
nextdnsctl allowlist clear <profile> --yes
Parallel Requests
By default, bulk operations run 5 concurrent API requests. Adjust with --concurrency:
# Faster (more concurrent requests)
nextdnsctl --concurrency 10 denylist import myprofile blocklist.txt
# Sequential mode (verbose per-domain output, like v0.2.0)
nextdnsctl --concurrency 1 denylist import myprofile blocklist.txt
Dry-Run Mode
Preview changes before applying them:
$ nextdnsctl --dry-run denylist add myprofile bad.com evil.com
[DRY-RUN] Would add 2 domain(s):
- bad.com
- evil.com
[DRY-RUN] No changes made.
Contributing
Pull requests welcome! See docs/contributing.md for details.
License
MIT License - see LICENSE.
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file nextdnsctl-1.1.0.tar.gz.
File metadata
- Download URL: nextdnsctl-1.1.0.tar.gz
- Upload date:
- Size: 20.2 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.11.9
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
44a350f877eb0b89836025fcf3afe121b45c52ffd9b9de20efa4c384816aa323
|
|
| MD5 |
80b364821e5e8de566e6e3916ee38aaa
|
|
| BLAKE2b-256 |
7787a3ed1fb89be232b0d3abb5575124e276698a4e1786123a6ec1c26130b55a
|
File details
Details for the file nextdnsctl-1.1.0-py3-none-any.whl.
File metadata
- Download URL: nextdnsctl-1.1.0-py3-none-any.whl
- Upload date:
- Size: 21.9 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.11.9
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
ecc5113a5f3ac2a2e926d5ab6439cae3f126d64ed28d9082cdab235ab58f0faf
|
|
| MD5 |
f1716e61355165fc97ada69eede52d49
|
|
| BLAKE2b-256 |
b62876244088cbbe65b39eaff3e3a8d65ec16183504e4989c7157462d9fb5c12
|
