ceven

Nextdns

Automates DNS security policies and monitors network traffic by syncing blocklists and analyzing query logs across your profiles.

Try Nextdns in Ceven

Ask Ceven anything
Standard

Why use Ceven?

  1. AI native Nextdns integration

    • Describe the outcome and Ceven picks the right Nextdns calls, fills the parameters, and checks the result.
    • Structured, agent friendly tool schemas so each call runs reliably instead of by guesswork.
    • Rich coverage for reading, writing, and querying your Nextdns data, across all 68 of its actions.

  2. Managed auth

    • Built in OAuth with automatic token refresh and rotation.
    • One place to manage, scope, and revoke Nextdns access.
    • Per user and per environment credentials instead of shared keys.

  3. Agent optimized design

    • Actions are tuned from real success and error rates so reliability climbs over time.
    • Full execution logs so you always know what ran in Nextdns, when, and on whose behalf.
    • The agent pauses and asks when Nextdns is unclear instead of plowing ahead.

  4. Enterprise grade security

    • Fine grained access so you control which agents and people can reach Nextdns.
    • Least privilege by default, read scopes first and only the writes a workflow needs.
    • A full audit trail of every Nextdns action to support review and sign off.

Supported tools

Every action Ceven's agents can run on Nextdns, and when to use it.

Add Denylist Domain
Use this when you need to block a specific domain under a profile after obtaining its ID.
Add Blocked TLD
Use this to add a top level domain to the security blocklist for a nextdns profile.
Get Logs
Pull raw or filtered DNS logs for a specific profile using its ID.
Get Analytics Domains
Retrieve per domain query stats for a specific profile to identify top traffic sources.
Update Linked IP
Apply the current public IP to a profile to ensure filtering remains active for that user.
Set AI Threat Detection
Enable or disable AI based threat detection for a specific DNS configuration.
List Configurations
Pull a list of all available DNS profiles associated with the account.
Remove Denylist Domain
Remove a domain from a profile denylist to restore access to that site.
Toggle Cryptojacking Protection
Turn on or off protection against unauthorized crypto mining domains.
Get Analytics Devices
Retrieve query metrics aggregated by device within a specific time frame.
Clear Logs
Permanently remove all existing query logs for a given profile.
Create Profile
Set up a new distinct configuration set for DNS filtering and security.
List Security Settings
Review all active security options for a specific configuration ID.
Set Safe Browsing
Enable or disable Google Safe Browsing for malware and phishing protection.
Toggle Block Page
Tool to enable or disable block page for a configuration. use when you need to toggle whether dns blocks show a block page.
Delete NextDNS Configuration
Tool to delete a nextdns configuration profile. use when you need to remove an existing profile by its id. use after confirming the profile exists.
Download Logs
Tool to download dns logs for a profile. use when you need the url of the exported logs. use after confirming the profile id is valid. supports getting a redirect url or json.
Get Analytics IPs
Tool to retrieve analytics aggregated by client ip addresses. use when you need to analyze dns query distribution per client ip for a given profile.
Get Analytics IP Versions
Tool to retrieve analytics grouped by ip version within a specific profile. use after you have a profile id to see ipv4 vs ipv6 query counts.
Get Analytics Query Types
Tool to retrieve dns query counts broken down by query type. use after selecting a profile and specifying date filters to analyze distribution by type.
Get Analytics Reasons
Tool to retrieve dns query counts broken down by classification reason. use after selecting a profile and specifying date filters to analyze reason distribution.
Get Analytics Status
Tool to retrieve analytics status for a specific profile. use when you need counts of dns queries broken down by status categories.
Get Profile Details
Retrieves the details of a specific nextdns profile. it requires a 'profileid' as a path parameter and returns the profile details including name, security, privacy, parental control, denylist, allowlist, and general settings.
Get Setup Info
Tool to get setup information for a provided configuration (profile). use after obtaining a profile id to fetch its current settings.
List Denylist Domains
Tool to list domains in the denylist for a profile. use after confirming the profile id to review all blocked domains. example: "list denylist domains for profile abc123."
List Settings
Tool to list settings for a nextdns profile. use when auditing or inspecting all enabled settings before applying changes.
Log Client IPs
Tool to enable or disable logging of client ips for a nextdns configuration. use when you need to toggle whether client ips are recorded in dns logs.
Toggle Domain Logging
Tool to enable or disable logging of domains for a nextdns profile. use after retrieving profile settings when you need to adjust domain logging. example: "enable domain logging for profile abc123."
NextDNS Login
Tool to authenticate to the nextdns api. use when you have an api key and need to verify credentials and obtain session headers and cookies for subsequent requests.
Get Monthly Queries
Tool to get the number of dns queries made in the current month for a profile. use after selecting a profile.

30 actions · scroll to see them all

Frequently asked questions

Ceven uses your NextDNS API key to authenticate requests. When you first connect, you provide the API key which is then stored in an encrypted vault. Every single request the agent makes to the NextDNS API includes this key in the header to verify your identity and permissions. We never share this key with the language model or store it in plain text. You can rotate your API key in the NextDNS dashboard at any time, though doing so will require you to update the connection in Ceven to restore workflow functionality.
Yes. You can build a workflow where Ceven monitors a threat intelligence feed or a security alert system. When a new malicious domain is identified, the agent calls the Add Denylist Domain action for every active profile in your account. This ensures that your entire network is protected in seconds. You can also set up a reverse workflow where certain domains are automatically unblocked after a set period, which is useful for temporary testing or time limited access grants for specific contractors.
Deleting a profile is a permanent action. When the agent calls the Delete NextDNS Configuration tool, it removes all settings, denylists, and logs associated with that profile ID. There is no recycle bin or undo feature within the NextDNS API for this operation. To prevent accidental deletions, we recommend building a confirmation step into your workflow or restricting the agent's ability to call delete actions unless a specific high level authorization is provided within the conversation context.
Ceven pulls data from the various analytics endpoints, such as Get Analytics Domains or Get Analytics Devices. The agent then processes this raw JSON data to summarize trends, identify the most active devices, or spot unusual query spikes. Because this data is pulled in real time, the reports reflect the current state of your network traffic. You can ask the agent to compare data across different time frames to see if a security policy change reduced the number of blocked queries over a week.
While NextDNS supports large lists, the API is subject to rate limits to ensure platform stability. If a workflow attempts to push hundreds of domains in a single loop, NextDNS may return a 429 Too Many Requests error. Ceven handles this by implementing an exponential backoff strategy, meaning the agent will wait and retry the request automatically. However, for massive blocklist updates, it is more efficient to use the native NextDNS blocklist import features rather than individual API calls for every single domain.
Yes. For users with dynamic IP addresses, Ceven can run a scheduled workflow that checks your current public IP and compares it to the one registered in NextDNS. If they do not match, the agent uses the Update Linked IP action to sync them. This prevents your devices from losing filtering protection when your ISP rotates your IP address. This is especially useful for home based employees who do not have a static IP but require the same security policies as the main office.
No. Ceven does not store your DNS logs on its own servers. When you ask for a log report, the agent fetches the data directly from NextDNS using the Get Logs or Download Logs tool. The data is processed in memory to answer your question and is then discarded. This ensures that your sensitive network traffic data remains within the NextDNS ecosystem and is not replicated across other platforms, maintaining the privacy standards that NextDNS is built to provide for its users.
Yes. You can create a scheduled workflow that changes your security posture based on the time. For example, you could have the agent enable stricter settings like Newly Registered Domains blocking during business hours and relax them during the weekend. The agent uses tools like Set Safe Browsing or Toggle DGA Protection to flip these switches. This allows you to balance high security during high risk periods with more open access when the risk profile is lower or when performing network maintenance.

Alternatives to Nextdns

Other tools that solve a similar problem. Ceven supports these too, so you can switch or run more than one at once.

Cloudflare logoCloudflarePi hole logoPi holeAdGuard logoAdGuard

Try Ceven on your stack

Plug Ceven on top of the tools you already run. Connect Nextdns and the rest of your stack, describe the outcome, and its agents handle the work end to end, days of it in minutes.

Get started for free