What are /r/nextdns' favorite Products & Services?

From 3.5 billion Reddit comments

I assume Mullvad VPN probably forces your DNS to their servers rather than NextDNS. Turn the VON on and got to to see if your phone is using the NextDNS configuration or not while on VPN.

I use IVPN along side nextdns, you can set a custom dns on the IVPN app and works like a charm. I’m on iOS 15b2 and WireGuard is broken on Mullvad and IVPN but I’ve managed to get Mullvad working using the oficial WireGuard app and imputing the information generated on the us site. To use nextdns with Mullvad and the WireGuard app you need to delete the dns on the profile and leave it empty.

I heard from the IVPN forum that WireGuard will be working again in the next app release.

It isn't a smartDNS proxy. Those are normally used for getting round geoblocks - allowing you to proxy some sites (like Hulu, perhaps) in countries without it.

You can use a VPN with NextDNS on your Android phone. Set NextDNS up in your settings first (don't use the app); then use a VPN like ProtonVPN. You'll find it still sends all DNS queries through NextDNS, and all traffic through the VPN.

For those laughing about privacy on an Android phone - while Google obviously collects all kinds of information on you, services like NextDNS will help with other elements of privacy like reducing the information leaked to your cell company or your ISP.

Two options:

• Use a free supported DDNS-service and use the hostname you've created in your https://my.nextdns.io dashboard. It will check the associated IP once every minute and correct if necessairy. I use Asus free DDNS-server as I'm running NextDNS CLI Client on my router.
• Below the DDNS settings is an advanced option (collapsed by default) containing a unique address to your profile. Once that's being called, your IP is updated as well. You just have to create something that requests that address (in the background) every x minutes. How to do that is entirely on the OS you're running and whether you're running NextDNS on a client or on a router etc.

Sort of apropos:

https://www.quad9.net/privacy/compliance-and-applicable-law/

The main reason Quad9 moved to Switzerland is because Switzerland has criminal, rather than civil, privacy law. While the US basically has none at all. So if a US company violates its privacy law, it just gives someone a private right of action, if they can demonstrate standing. That's slim succor, after a high hurdle. If a Swiss company violates Swiss privacy law, the Swiss government is the plaintiff, not the individual whose privacy was violated, so the Swiss government doesn't care who the individual was, what country they're in, or their citizenship; they just have to register their complaint with the Swiss federal privacy office.

I would use Firefox with Facebook Container or Firefox Multi-Account Container. What you're trying to accomplish is done by multiple companies that are using your browser's fingerprint and your IP, you can't disable that but only mitigate its effects.

More like a routing problem actually. There's only two OpenDNS DC in South America, both in Brazil, while NextDNS have at least five countries

" 1 When exceeding the free monthly quota, NextDNS will continue to answer DNS queries like a classic non-blocking DNS service. "
Quote from https://nextdns.io/pricing

Ok so I got it to work again without using the TestFlight version of NextDNS and using the normal VPN configuration in iOS. I had to change ProtonVPN to IKEv2, just as /u/nitrohorse suggested.

Does this mean this option won’t work when the new version NextDNS is released?

Lowest latency from your provider to their DC provider. I'm from Belgium and end up in the Netherlands. I agree it would be useful to have a setting that configures the country you want to connect to but like it is implemented now, with anycast (https://www.cloudflare.com/en-gb/learning/dns/what-is-anycast-dns/), this is the result.

If you think they're running a non-profit organization you should volunteer for live tech support.

If you have fewer than 300K queries, there's no cost to you. If you have more than 300K queries you'll know whether you think the price is prohibitive.

I spend WAY too much time online and still have fewer than 300K queries, but I upgraded to 1 year Pro to help offset freeloaders and cheapskates.

Why do you care how many customers they have? Do you want them to grow to the point where they need to hire support staff, more devs, a marketing dept and then sell the whole thing to Logmein.com and triple the price?

Great brainstorming session.

Your're right, no-ip is very annoying with the monthly multiple step confirmation which is basically an ad to upgrade.

https://freedns.afraid.org/ still has a good free plan and decent premium plans

Already added on multiple blocklists - https://energized.pro/blu/formats/domains.txt

Related to https://www.virustotal.com/gui/file/15e3895326e703647b2d0a283d66612b7e6b09c0b108cc565bf6bfed985d091b/details

You would need to set bootstap IPs with 45.90.28.0 and 45.90.30.0 (considering the client support it) but you would lose the benefit of ultra low latency steering.

An alternative is to use NextDNS CLI (https://nextdns.io/cli), it will make sure everything is encrypted while still benefiting from ultra low latency.

I thought that, but I haven't changed anything for a couple of weeks and it only started yesterday 😞

I've tried adding nextdns.io into the allowlist too, but nothing changed sadly!

I would not recommend it. It would split your filtering and logging in two places, making it difficult to debug false positives. You will also have to whitelist domains in each systems.

If what you miss is LAN device identification in your logs & analytics, replace pihole with our cli. It will do just that and much more.

I’ve been working on a NextDNS user guide on Craft that includes detailed setup guides for a couple devices, but I’ve halted working on it now that my new semester of college has started. You’re welcome to take a look at it and I’ll post the link to it in this post. https://www.craft.do/s/FlHV4k4PEZEdD0

UPDATE 2: I did the exact same Google search ("wifi 6 router") on other browsers to see if I could get different results.

I used different combinations:

• NextDNS only
• Mullvad only
• NextDNS with Mullvad

Browsers tested:

• Brave
• Bromite
• Chrome
• Edge
• Firefox
• Opera
• Samsung
• Vanilla Chromium
• Vivaldi

Sometimes the ads showed if the VPN was active and making the site appear in a different language (not English). Other times, mispelling the word (wifo instead of wifi) made the ads appear, regardless of the DNS used. Brave and Vivaldi offer better ad & tracking protection, and Firefox lets you install extensions like uBlock Origin, therefore they didn't show ads after enabling the extra protection.

My conclusion is that Google ads and trackers bypasses NextDNS or Mullvad DNS's, except where the browser is implementing it's own filtering methods. So, either change browser or search provider if those pesky ads bother you.

The domain is not being blocked by any of the lists I'm using. Seems like you are using a very aggressive blocklist. Care to share which ones you use? Then we can help to find out which list it is exactly and you can report it upstream. Mullvad itself is not blocked by NextDNS.

Try using Passepartout. Works with ProtonVPN for me. Probably just as easy with NordVPN

/r/Passepartout

You should open up a live log window and see what requests are being blocked when you attempt to activate TunnelBear. It's possible a necessary host request is being filtered by one of your adblock lists, or security settings. One you see what's being blocked, you can figure out what needs to be allowed in order to successfully initiate TunnelBear.

I'm using Mullvad by itself (no YogaDNS as it's unnecessary on linux etc) and it works fine.

Granted, I've been trying to figure out a minor issue where NextDNS still shows my (leaked) real IP on a tiny handful of queries with the help of Mullvad staff and they've been awesome.

I use IVPN and you can choose a custom DNS inside the app and it installs a sort of configuration profile that allows you to choose IVPN as a dns resolver inside settings on iOS. In the IVPN app you can choose what dns to use when connected and disconnected from the VPN. It’s awesome!

I'd say you don't require a VPN if you just want to avoid your ISP tracking your activity. If you want to hide your IP or bypass geo restrictions, you can try ProtonVPN with it.

You can try with any OpenVPN configuration as well.

Normally the install is very straight forward, so I don't know what went wrong:

​

>NextDNS for Windows
>
>Download the installer here.
>
>After installing, right-click on NextDNS icon in the Systray then open the Settings. Set <insert your config ID here > as Configuration ID.
>
>Right-click on NextDNS icon in the Systray, then click on Enable.

That should be it. And yes, it normally should use DoH by default. It needs the virtual TUN adapter to function properly, so don't remove or disable it. Components are installed for a reason, you know. You can try to uninstall and re-install. If that still doesn't work, give YogaDNS. Without a VPN-client installed, the native client worked fine, but as soon as I started using the ProtonVPN app, which installs it's own TAP or TUN adapter by default, trouble started.

Private internet access' DNS servers will be what their customers use when they use their VPN service by default, unless they manually specify an alternative.

I don't know what their DNS server addresses are or whether they are routable outside of their VPN network.

Do you understand the difference between DNS and VPN? VPN encrypts all your traffic (apart from the initial handshake), DNS is just merely the look up of server addresses, converting web addresses in words (that humans can remember) to IP addresses.

Based on your initial post it sounds like you're looking for a VPN not a DNS provider.

Stay clear of free VPN providers ("there's no such thing as a free lunch") and DYOR on the various providers e.g. PIA, NordVPN, ExpressVPN, IPVanish....... there are loads to choose from.

What do you mean by payloads - is it those warnings?

Firefox Preview and Firefox for Android allow you to use uBlock Origin which is an adblocking extension. In uBlock Origin, you can find lists that hide those anti-adblock warnings.

> I don’t run a concurrent VPN. If I did everything would go through my VPN DNS servers. Otherwise what’s the point?

Apologies, should have clarified initially -- the point here would be that it's possible to concurrently run an IPSec ("Personal") VPN and NextDNS through AdGuard in Split mode for resolving the DNS requests. And depending on which profile is enabled last, some DNS requests could be resolved by the IPSec VPN profile and not the AdGuard split tunnel profile. It's a fragile setup but possible is all.

Also, do you have a source that only "Split Tunnel" profiles suffer from leaking DNS requests for push notifications and Siri activity? The only leaks I'm aware of are what ProtonVPN shared in March related to IPSec/OpenVPN/WireGuard VPN profiles:

>Internet connections established after you connect to VPN are not affected. But connections that are already running when you connect to VPN may continue outside the VPN tunnel indefinitely. There is no way to guarantee that those connections will be closed at the moment you start a VPN connection. 

Worth a try is setting ProtonVPN to connect via IKEv2 (which will create a profile under Settings > VPN & Network > Personal VPN) and NextDNS via its normal VPN profile (creating a profile under Settings > VPN & Network > VPN Configurations).

I suspect the issue is potentially ProtonVPN and NextDNS both having VPN profiles under the same “section” (VPN Configurations) and thus Proton’s profile overrides NextDNS’. The key for getting both to work in conjunction is enabling one profile per section (one under Personal VPN and the other under VPN Configurations).

From my testing, an encrypted DNS profile (new to iOS 14) won’t turn on if any VPN profile exists under either section.

Thank you for the kind words. Glad to hear that it's useful to you.

ELI5:

The specified DNS addresses force the WireGuard/Mullvad app to use NextDNS via Apple's native encrypted DNS.

The specified allowed IPs force all traffic—except for the above encrypted NextDNS traffic—through the WireGuard tunnel.

Passerpartout quit working for me after I updated the App 2 days ago. Using NordVPN on iPad. For the time being I added NextDNS DNS servers to VPN and the from NextDNS homepage I link my IP address. It’s a pain as I have to do this every time my IP changes.

Still look for a permanent solution.

I also use Mullvad but I use it with the VPN Client Pro app.

You might give that a go and see if it gives you the desired results. It has both Wireguard and OpenVPN implementation. Mullvad's website lets you easily dump a zip containing whatever configs you want and you can import them in.

Thanks for your input. I have tried this setup before, but I just checked it again. NextDNS log shows my real IP address for the first few queries after the phone's startup, i.e. the DNS is not routed through the VPN tunnel.

Also, I think Mullvad does not use secure DNS, this also means that this setup is vulnerable to DNS spoofing.

For now, I have settled with the default Mullvad DNS plus secure DNS with NextDNS in the browser in order to get adblock and some privacy from Google and Facebook.

Set the IPv6 addresses for your NextDNS config in the Mullvad Client. Ensure that secure dns is disabled in android since you don’t have to worry about Mullvad snooping on your unencrypted DNS traffic to NextDNS. Lastly manually configure your HTTPS config in your browser’s secure DNS settings. Since Chrome tends to grab any configured dns servers including the ones set by your network when secure dns is enabled but not manually disabled or configured.

I am using NextDNS with Torguard, Windscribe, PIA and Proton VPN without issue. All on Android and desktop. (sorry, not an Apple user here). You either have to turn off the dns in the vpn or set a custom dns server in the vpn.

You can even set it up with AdGuard and its version of a VPN. It is not really difficult.

Which dns were you using previously? Compare the ping/query times with that dns provider and nextdns. I use the following app to compare multiple providers, both ipv4 and ipv6:

https://play.google.com/store/apps/details?id=com.catinthebox.dnsspeedtest&amp;hl=en\_GB&amp;gl=US

Try enabling the Block Bypass Methods under parental control?

Like others said, use a VPN when on public WiFi. Unlike DNS, this punches a tunnel through the public hotspot and encrypts the traffic to be resolved by the VPN, not the shady hotspot.

Mullvad has options to use filtering in conjunction with their VPN, and built on wireguard it works very well without unnecessary overhead.

This illustration shows the difference between QNAME Minimization supporting resolver vs those that don't. The benefit is if say, the name server for isn't the same one for , the nameserver doesn't know that is being queried.

Cloudflare, Quad9, AdGuard, Mullvad, AhaDNS, OpenDNS, and ControlD supports QNAME minimization.

When using a VPN, it's best to just use the VPN's DNS. Third-party DNS, even encrypted ones, doesn't hide the domain you visit since SNI exposes that to the VPN (or the ISP if you're not using VPN). There is ECH to encrypt SNI but it's still in draft, currently only supported on Firefox (Chrome and its derivatives support are on the dev channel), and only used by a few websites (even Cloudflare, the one who pushes the standard, only deploy it on very limited region). Even if the VPN's DNS doesn't have QNAME minimization, the nameserver would only see the VPN's DNS IP, not your VPN's assigned IP.

Context:

Using NextDNS in standard config apart from using Swiss Logs to test Astril VPN Leak Test shows this many DNS resolvers?

&#x200B;

If I use my default VPN, ProtonVPN using the same DNS, ProtonVPN DNS adds to the list even though Im using NextDNS as a Custom DNS within ProtonVPN.

&#x200B;

Router DNS is CloudFlare and If I set PC to Auto DNS settings, itll ofcourse just show the router DNS in the test, or just the ProtonVPN DNS if Im using that for example, I'm just confused why NextDNS shows so many resolvers when connected?

&#x200B;

Router DNS is CloudFlare and If I set PC to Auto DNS settings, itll of course just show the router DNS in the test, or just the ProtonVPN DNS if Im using that for example, I'm just confused why NextDNS shows so many resolvers when connected??

>1Hosts Xtra is way too good that I’m only going to use it on Mullvad

That's a sensible approach. You'll get maximum ad/tracker blocking when using the VPN and can disconnect before you do stuff like OS updating.

My guess is that this is. Mullvad problem rather than a NextDNS problem. Try enabling only one at a time to see if it’s reproducible in one scenario or both. For the record, I have no trouble making comments on YouTube while using NextDNS.

Here's an alternative solution that I have been successfully using:

First, delete all VPN and DNS profiles from your device.

Download AdGuard for iOS, go to "DNS Protection" (implementation must be set to "AdGuard"), go to DNS Servers and add your NextDNS server/profile as a custom server using DoH or DoT.
Go to with Safari to verify you are now using NextDNS as your DNS server.
Next, go back to AdGuard, enable Advanced Settings, configure the app to use Split Tunneling, which will work along VPN protocols like IKEv2.

Once this is done, open NordVPN and enable the VPN using IKEv2.

In the iOS settings, you will now notice that two VPNs are active simultaneously. Your DNS queries are now being sent to NextDNS, while using NordVPN in parallel.

You can do this with Macrodroid.

I can quickly switch between AdGuard and NextDNS. Used the public DNS servers for an example. If you're interested, let me know and I can share how or share the macro with you.

You didn't say how did you configure NextDNS.

Personally I installed NextDNS configuration profile. Also, I added in macOS Wi-Fi settings NextDNS IPv4 and IPv6 adresses. Finally, but I don't think you can do it with TunnelBear, I added in Windscribe settings NextDNS IPv4 address as my main DNS.

omg I thank you so much! I’ve been trying to use AdGuard Pro + NextDNS with a VPN for a week. I wasted money with ProtonVPN and Passepartout. Countless searches on Google.

But your method works perfectly! I have an iPhone 12 Mini and the latest iOS version.

The trick is really to set NordVPN with IKEv2 and “always auto connect”.

Thank you!

Adding NextDNS (as DoQ or DoT, or even DoH) in AdGuard makes it so AdGuard’s DNS server doesn’t override your NextDNS configuration so that AdGuard acts as a local on-device filter.

It doesn’t conflict with AdGuard. AdGuard should be setup as Split-Tunnel so you can use it with any other VPN such as NordVPN or whatever else you use. NextDNS should NOT be setup as a “VPN”, unless you’re running an obsolete version of iOS that doesn’t have a custom DNS setup.

There is no conflict. I’ve been using this setup for over a year without any issues. See attached photos.

Your VPN App may be overwriting the DNS query, hence it doesn't work with Android's Private DNS Setup.

I suggest downloading the openvpn config and load it to this app

It should work with the Private DNS setting.

If it still doesn't work. Your VPN provider is doing something shady, since VPN shouldn't be that overbearing on overwriting DNS queries. I suggest switching to Mullvad or Windscribe.

Yes, IPv6 is not supported by NordVPN so it is defaulted to IPv4. So perhaps it is something else? NextDNS verifies this: "Your network IPv6 not support IPv6" when I go to the setup page.

It only seems to happen about 50% of the time that I can see my real IP in the logs. The rest of the time is is the VPN data center IP.

You might be wondering what IPv6 has to do with VPNs. Well, many major VPN providers don't actually support IPv6, including NordVPN. If you're using an IPv4 address, however, that should work perfectly with your VPN; your data will be protected as it travels through the encrypted tunnel with the IPv4 protocol.

In fact, the majority of VPN software operates on IPv4. If you were to attempt using IPv6 over an IPv4 only VPN, it would probably redirect your IPv6 traffic through the default gateway and ISP. Your IPv6 traffic would travel outside the secure VPN tunnel.

At this time, part of our solution involves disabling most IPv6 traffic to ensure that user traffic is secure. However, NordVPN is planning to support IPv6 in the future.

I wouldn't read much into M247 - they're a hosting company. In fact, many of Mullvad's VPN endpoints are hosted there. If you're using a Mullvad DNS connected to a M247 hosted VPN endpoint then NextDNS will also say you're using M247 Ltd for your DNS.

In general, you should be fine.

Alright. To do this you can't use the Mullvad iOS app. You have to download indiviual Wireguard configurations and import them to the genuine Wireguard app. Then you have to delete the DNS entry in the Wireguard profiles you imported. In the NextDNS app you have to deactivate the low-latency servers. That's it. Mullvad Wireguard with NextDNS DoH. I like it.

I have not used ProtonVPN custom dns, but if it only provides you the option to use "custom DNS" via an IPv4 address then that address will only link to NextDNS' generic public endpoint (with no blocking) instead of your specific configuration.

In order to use a specific NextDNS config you need to use DNS-over-TLS or DNS-over-HTTPS.

You haven't specified the os. If it is iOS: I wrote a guide last year for ProtonVPN and NextDNS. You'll need an app calledpassepartout and if ExpressVPN has openvpn config files available for download, the tutorial will work for you to. Just import the ExpressVPN config by 'opening' it with Passepartout or import it from Files. You'll find it here: _nextdns_and_protonvpn_working_like_a_charm/ No DNS leaks to worry about.

thank you very much! windows defender smart screen flags it as malicious. but virustotal and any.run reports seem to be okay:

https://app.any.run/tasks/cdcaeef0-dd28-47f9-9769-f1bf9b682427

https://www.virustotal.com/gui/file/f2b7d1ba65a996571e2f624f5cdf668d85eeece410db611c48ab793aefafb45f

Go to nextdns.io and use a temporary account. Enable all options/lists you think are relevant under Security, Privacy, Parental Control, etc. In the Setup tab, you see an ID. Enter the ID in the iOS app to link your account. If you like how everything works, turn the temporary account into a real account to save your settings.

No, an app already exist and generally gives the same functionality as website shortcut. So no idea why anyone would like to pay for it unless you have some other idea?

https://play.google.com/store/apps/details?id=com.doubleangels.nextdnsmanagement

Ah, I see. I think I got custom dns and private dns confused. I have Mullvad but use the private dns to use NextDNS blocklists which seem a bit more thorough as far as I can see for tracker blocking. Thanks.

Because your dns query can go through Mullvad’s vpn tunnel which is encrypted anyway. Your ISP won’t be able to see it then either. And if you trust Mullvad it wouldn’t matter if it is an ordinary ipv4 dns address.

That said, I myself use the nextdns CLI on Linux, the nextdns apps on Mac and iOS, for DNS-over-HTTPS as I might turn Mullvad’s WireGuard on and off depending on what I’m doing or where I am. I have set Mullvad WireGuard vpn in my router at home and don’t need to run the clients on battery powered devices then. Actually, I run a local dns resolver with the nextdns cli for all clients on the lan too for those devices that don’t have a nextdns client. So just a few situations left where I need to run both nextdns DOH and Mullvad WireGuard.

Depends on your OS. I got it working on Android, Linux, iOS and latter two need separate apps. You can use it on Android natively and on Linux with the NextDNS CLI. I'm talking about DoH and DoT. Unencrypted is even easier. Just type in the NextDNS IPs in the Mullvad custom DNS section.

Are you familiar with Tasker? It's an app that lets you automate all kinds of stuff on your phone but it takes a bit of setup. I can share a "project" with you after you decide how involved with Tasker you want to get.

https://play.google.com/store/apps/details?id=net.dinglisch.android.taskerm

I am actually with a really great VPN that I trust and is a 'top 3'. IVPN

Outside the logging that article is still quite valid. But we can agree to have differing opinons. I was a huge VPN advocate and spent quite a bit of time setting up IVPN w/wireguard on my router - so I get it.

Setting up it for Firefox only is a bit different. You need to follow the guide listed for browsers in the setup tab

1. Open Preferences.

1. Scroll down to the Network Settings section and click on Settings.

2. Scroll down and check Enable DNS over HTTPS.

3. Select Custom, enter ;your config ID> and click OK.

4. Enter "about:config" in the address bar (and click on I Accept the risk! if asked).

5. Set to 3.

Also, check if you have "Block Bypass Methods" enabled on the parental control tab in your NextDNS configuration. That one might be why webpages are not displaying.

And does turning off ProtonVPN allow you to access websites and use NextDNS correctly? It might help in understanding if this is a NextDNS problem or a ProtonVPN one.

I use NextDNS on my Firefox browser. In Firefox settings, I enabled the DoH option and changed the default Provider to Cloudflare to NextDNS but I couldn't log in. Web pages no longer loaded. I haven't changed the ProtonVPN settings. Do you have any advice for me to activate NextDNS and that web pages in Fiefox load correctly?

Thank you very much!

I'm a GrapheneOS user.

I know this because of facts from research. Pixel phones are the only recommend Android devices for best native security and privacy hardening. That's why they're the only one usable for GrapheneOS. Samsung phones are also only provide 1 to maximum 2 years while Google provide minimum 3 years of support.
Also iPhones are best beside Pixels.

https://grapheneos.org/
https://madaidans-insecurities.github.io/android.html

Thanks, changing the config to router true seems to have fixed the problem. All the traffic appears though as coming from the router, not the specific devices?

https://www.screencast.com/t/W4zdNWPwH

u/archangelique Tinkering with the DNS Cloak for IOS, and the custom config needs a "stamp". Do you know what values to put into the Stamp calculation for NextDNS DOH with my configId?

https://www.screencast.com/t/u1VPqAw6

"With anycast DNS, a DNS query will go to a network of DNS resolvers rather than to one specific resolver, and will be routed to whichever resolver is closest and available." https://www.cloudflare.com/learning/dns/what-is-anycast-dns/

If the closest server is busy (= not available), the answer will come from a distant one.

I am also able to find inappropriate content in ecosia.org by manually turning safe search off while using nextDNS. It does load default with moderate safe search setting but doesn't block changing the setting. Also search.brave.com has the same issue

If you want to gain control over some filterlists set up Adguard home within your home network. With Adguard Home you can customise the lists. https://adguard.com/en/welcome.html

And on https://filterlists.com/ you have the choice. There are several block lists for Microsoft services and trackers.

You can use Adguard at the same time because it's LAN sided and the NextDNS is on the WAN side of your network.

Use AdGuard instead. NextDNS can't tell the difference between the YouTube content and ads because they're served from the same domain.

If you are using ios 14 or Big Surr, just follow this:

https://adguard.com/en/blog/encrypted-dns-ios-14.html

No need to install anything. Not unless you want to do some cosmetic changes, use ublock origin or adguard for safari (or any browser) extensions

Technically speaking, it's impossible.

Depends heavily on how the website sets up the ads.

&#x200B;

u/dbomber05
Use Adguard.com (they support most if not all of the platforms). Be it browser plugin, Android/iOS app or other. They provide cosmetic filtering.

I forgot to mention that simultaneously with my use of NextDNS, I use a
VPN (ProtonVPN) and it is possible that the problem comes from there but
I do not have the skills to find a solution alone... so thank you again
for your help.

PS: How would it be possible to get in touch by email
directly with the NextVPN team?

No problem :) and answering you query, you can't set DNS over https in mobile phones right now. Only TLS is possible currently. But you can use a 3rd party app like Nebulo https://play.google.com/store/apps/details?id=com.frostnerd.smokescreen

And to use DNS over https on PC, you could use YogaDNS.

Since I don't have experience with MAC os or iOS, I have no idea on that. Hope my comment helps.

Do you mean the applications whose requests are blocked? That's not in the jurisdiction of the DNS provider. You need OS support to collect application information.

However, what you can do is this. For example, you see a suspicious domain "big.bad.com" is frequently blocked in NextDNS log. You can download some DNS inspection app (such as PrivateWin10 and check on that domain. You will find which program sent those requests.

Try a DNS benchmarking tool and decide for yourself which one is faster - you could even try other options like Quad9, Google... see also GRC’s benchmark page for more details.

I’d recommend a service like DNS-o-Matic: https://www.dnsomatic.com/, for example. With no-ip you have to confirm your domain regularly, which I always found annoying and I don’t know whether that has changed. DNS-o-Matic is really easy to setup, just use an available custom name (NOT the one used in your screenshot for security reasons) and then fill out the DDNS setting pages on your router. As mentioned, the only thing left to do is to tell NextDNS on the config page which url redirects to your IP and that’s all there’s to it.

What makes you think quad9 has been audited? The only mention of an audit is on there “your-data” page which date from 2018 and talk about an hypothetical future audit: https://www.quad9.net/quad9-yourdata/

At the moment, this AdGuard update is for Windows only. Perhaps, they will add it later to their Linux Client.

But I have a suggestion, AdGuard's latest DNS Module update for DoH and DoT is powered by DNSCrypt.

You can review their software and find potential application for your Linux distro:
https://dnscrypt.info/implementations

I am running it through the config profile and it still pings Brazilian and Viena DNS servers in addition on cellular connection its leaking my ISP. I used the Adguard app to provide a ping example. It has nothing to do with my device. See it for your self https://browserleaks.com/ip

Yogadns have Suspicious Indicators Anti-Reverse Engineering PE file has unusual entropy sections Environment Awareness Possibly tries to evade analysis by sleeping many times External Systems Found an IP/URL artifact that was identified as malicious by at least one reputation engine General Found a potential E-Mail address in binary/memory Unusual Characteristics Imports suspicious APIs Input file contains API references not part of its Import Address Table (IAT)

https://www.hybrid-analysis.com/sample/a65c0def11e88343aa5ad4ee2e0806c699d4f8532e4286e2cdde3d159fbc43f8/611ef1d3a9ba514118251f7c

I used Ubiquity Edge Router X a while ago, now using FritzBox + Netgear XR500.

Your solution would be Simple DNS CryptBetter than Yoga. Also you can put your NextDNS config in Edge Chromium and Firefox-

No, I wouldn't count on that (unfortunately). Although the concept is great, Olivier and Romain (mostly) don't have a clue about interacting with their customers, specifically when it comes to technical matters. Although I must give Romain some credit, he has been very generous, but that was on an administrative matter. Technical support is honestly dreadful. If you're have technical issues, your best bet would be to visit https://nextdns.io/diag.exe, download the app, run the diagnostics, provide the requested info and give them (mostly) a couple of weeks to investigate and fix it. It will get fixed, but don't count on a response, just check again after a while. They do see the diagnostics reports and act on them.

How will this fix the problem? Has the URL for the repo changed?

My nextnds.repo file points to baseurl=https://nextdns.io/repo/rpm. Is this corrupted?

Why would re-installing fix the problem?

Where exactly do you want this 'switch'? The CLI is a process inside your UDM, so that's where it would get stopped/started.

If you want it on nextdns.io config page, how would that be implemented? The UDM still goes to NextDNS for every DNS request... (best you can do from the config page a rewrite but not sure if it works for a global '*' wildcard).

You could automate your ssh from your phone. Or probably UDM PHP but that's overkill...

Unlike the other comments, you can use the app on iOS 14 as well. It creates the DNS configuration profile and adds it to the iOS for you with the version 2.0+. So app uses built-in private DNS feature of iOS and saves you creating the profile by yourself.

If you go to Setup Guide on nextdns.io, App is the recommended one, Configuration Profile comes second unlike Android in which Private DNS comes first.

&#x200B;

>Version History
>
>2.0
>
>Sep 23, 2020
>
>On iOS 14, this version uses the new native Encrypted DNS setting and does not require running a "fake" VPN in the background anymore.
>
>IMPORTANT: You must open the app and re-enable NextDNS once after this update or after upgrading to iOS 14 to migrate.

I made quick script for ubuntu LTS, but it probably works on other distress as well that use systemd if you modify lines 6 through 10 for your preferred package manager.

#!/bin/bash
NEXTDNS_CONFIG=put your nextdns config here
NEXTDNS_DISCOVERY=put your routers ip here
NEXTDNS_LISTEN=put your host ip here:53
wget -qO - https://nextdns.io/repo.gpg | sudo apt-key add -
echo "deb https://nextdns.io/repo/deb stable main" | sudo tee /etc/apt/sources.list.d/nextdns.list
sudo apt-get update && sudo apt-get dist-upgrade -yqq
sudo apt-get install nextdns -yqq
# systemd-resolved conflicts with nextdns so we disable it
sudo systemctl stop systemd-resolved && sudo systemctl disable systemd-resolved
sudo nextdns install \
-config $NEXTDNS_CONFIG \
-discovery-dns $NEXTDNS_DISCOVERY \
-listen $NEXTDNS_LISTEN \
-report-client-info \
-setup-router \
sudo hostnamectl set-hostname ubuntu
echo -e "127.0.0.1 localhost\n127.0.1.1 ubuntu.local ubuntu\n# The following lines are desirable for IPv6 capable hosts\n::1 localhost ip6-localhost ip6-loopback\nff02::1 ip6-allnodes\nff02::2 ip6-allrouters" | sudo tee /etc/hosts

When I install the profile I made for my Apple TV 4K on apple.nextdns.io via Apple Configurator 2 the DNS Profile installed disables all my network connections... The only way I have figured out a way to make it "work" is without the profile, but instead just setting your WiFi DNS to manual and setting it to your personal IPv4 DNS IP address. The Apple TV 4K isn't identified as a device I can specifically track in logs, but it does show its traffic on the NextDNS.io website when you view logs from all devices.

Yes correct, my bad on the typos. I have since disabled YogaDNS, now using the NextDNS application (previously was not working), flushed DNS Cache and changed DNS settings inside on Windows (TCP/IP) to default. Here is the output of the diagnostic tool:

https://nextdns.io/diag/f5842210-4201-11eb-b280-39fcd97bf2d6

&#x200B;

Things seem to be improved atm

I'm not trying to convince anyone either way... the facts are here and everyone can judge it for themselves.

I will mention that it's funny that you're defending the removal of "share", when they actually added that part back after my post. Based on your post, their recent privacy policy revision is incorrectly stated on https://nextdns.io/privacy

According to this link students still have to pay https://nextdns.io/pricing Except that it's 20 USD for 250 students (I'm not sure I understand this, are they expecting 250 students to share the same account?)

I've tried both methods, Install and manual provided by nextDNS. Both fail. I've also tried to run the debug. Results as follows: $>sh -c 'DEBUG=1 sh -c "$(curl -sL https://nextdns.io/install)"' ERROR: Unsupported OS: Linux ERROR: Unknown bin location for INFO: OS: INFO: GOARCH: amd64 INFO: GOOS: linux INFO: NEXTDNS_BIN: INFO: LATEST_RELEASE: 1.7.0 ERROR: Cannot detect running environment.

so I've installed nextdns on my pfsense box using sh -c 'sh -c "$(curl -sL https://nextdns.io/install)"'

it installed fine. I also setup conditional forwarding to set different mac addresses to point to my different nextdns configs but that part doesn't seem to work. has anyone had any luck with that?

Unfortunately there is no way we know of to fix that at the moment. That is why we don’t recommend using unbound as a forwarder. We opened an issue on unbound’s github about that: https://github.com/NLnetLabs/unbound/issues/132. Do not hesitate to +1 to get their attention.

BTW, the best solution to connect to our service from a router is to use our cli client: https://nextdns.io/cli.

It is explained in their faq.

>In order to associate a configuration with a network or a device, NextDNS uses different tricks depending on the DNS protocol used. For DNS over TLS (DoT), the configuration id is embedded into the hostname, for DNS over HTTPS (DoH), it is in the URL path and for UDP over IPv6, it is in the last bits of the IP. Unfortunately, for legacy UDP over IPv4, there is no such easy trick. Because IPv4 is a scarce resource, it would not be possible to attribute 2 IPv4 to every configuration. Instead, you have to associate the IP of your network with your configuration. We use a pool of IPv4 to let you link the same IP with different configurations if needed. You only need to link your IP when using unencrypted DNS over UDP/IPv4.

Have run sh -c "$(curl -sL <code>https://nextdns.io/install</code>)" on a OpenWRT Device and followed the prompts but get an error on Automatically configure host DNS on daemon startup? [Y|n]: which returns

Cannot write config: uci set nextdns.main.report_client_info=1: exit status 1: uci: Invalid argument

Any ideas ?

Not that I’m aware of. They state on their website that you can created an unlimited amount of configurations. Scroll down on the homepage and you should see the section.

Here

Go to https://nextdns.io/ and scroll a bit down. They have a map of all their servers across the world. It seems it only sucks to live in northern Canada, Greenland, northern part of South America and north eastern region of Asia since there aren't any nearby servers. The rest is covered pretty well.

This is what worked for me. On your server, in my case a Rapberry Pi Zero.

1. Setup Wireguard (https://www.wireguard.com/) - setup clients
2. Install CoreDNS (https://coredns.io/)
3. Configure the CoreDNS config Corefile

.:53 {
ratelimit 50 {
    whitelist 127.0.0.1 192.168.1.88
}

  any
  errors
  log

    forward . tls://45.90.28.215 {
       tls_servername <my nextdns code>.dns.nextdns.io
       health_check 5s
}
cache 30
}

1. Install Wireguard clients on devices and connect. This will give you the same facing IP with all you devices.

Always the latest? It's not like they can't afford it. adv.neverbuy.com were added in last release and my NextDNS log show it's being blocked by Steven Black (among others). If you mean which variant, it's Unified hosts = (adware + malware) since it's the same URL from the Steven Black readme.