Return to Level1Techs.com

Thoughts on NextDNS?

I came across this in another thred on this forum and ran a quick search but, didn’t find any type of review. So I thought I would ask for one?

Have you used NextDNS? How safe is it to use their free services available? Is this easy to setup for beginners?

I believe I have it running, activated. It says connected, but when I did a dnsleak test I did get a result showing two ip, one for the nextdns and the other for Performive. Interestingly, I noticed different ip prior to activating though it was still connected to nextdns. I assume different servers? It does not show my real ip. I did get Mullvard for a month to test the waters. So far I like it, and I had 0 issues setting up either. I did the nextdns after the vpn was established.

Report back later

So I watched a few videos but they were all for windows configuration. I have the dns updated inmy host linus os, and I see it in systemd-resolve --status. I am using nextdns primary and alternative dns ip addresses. I also get the confirm in nextdns status that it is running. What I can’t figure out is why I can’t get the nextdns webpage to say, you are using nextDNS bla bla bla . . .

I have linked the ip, and I have used dnsleaktest and all checks out, where ever I put my vpn, the dns and ip location moves as it should. Just not sure what to make of the webpage status. If anyone has a guide for Debian, Ubuntu, or PopOs for nextDNS that would be great if you could share. I am trying to pick up the rest in other videos using various configurations.

Never heard of NextDN—


Wait, wut? It seems I did.

Reading their website, it seems like a corporate version of Pi-Hole / NoTrack, marketed as yet another kid’s content filtering, “think of the children” DNS blocker.

After watching some videos about dns and how that information is being collected and used, I wanted to help better protect myself and prevent these digital pimps from making any $$$ off my internet activity. Seems they do stuff to help? You can block porn, bad sites, ads, etc. also they do no logs . . . iirc

Haven’t read in-depth about NextDNS, but you can do that with Pi-Hole and some additional content-filtering lists. I’m guessing they make that easy? But then again, there’s a custom CloudFlare DNS that blocks that kind of stuff

tl;dr:

There are now three free public DNS options to choose from through Cloudflare:
Cloudflare's original unfiltered DNS service focused on privacy and performance:
    Primary DNS Servier: 1.1.1.1
    Secondary DNS Server: 1.0.0.1
Cloudflare Family malware filtering:
    Primary DNS Servier: 1.1.1.2
    Secondary DNS Server: 1.0.0.2
Cloudflare Family malware and adult content filtering:
    Primary DNS Servier: 1.1.1.3
    Secondary DNS Server: 1.0.0.3

But some may find cloudflare to be a dubious business and / or dislike centralization of the internet, so I guess NextDNS would be an alternative to that? Can’t really tell, I’ll have to research some more.

I’ve been using the paid version of NextDNS for a few months now and have found it quite effective at adblocking and other content filtering. You can set it up on individual devices or on your router as the default DNS in your home. Setting it up on individual devices provides granularity in the DNS analytics and provides a way to identify problem devices on the network.

Its a good service for those who don’t want to do this themselves. What they do isn’t magic or revolutionary. You can do it with a raspberry pi :joy: and a little know how

I’m glad someone offers a service like this though. Over that of say harvesting all your DNS like cloudflare likely does

Granularity isn’t difficult and it shouldnt require per client setup to implement. Not sure why nextdns galaxy brained that one but hey it’s their product

2 Likes

There are other ways to do the same thing through Pfsense’s pfblockerng as well. I’ve found pfblockerng to be fairly easy to use, but it can be time consuming to learn, tune, and manage. I think NextDNS is great for folks who don’t have the time or desire to do that. Not poopoo-ing on raspberry pi, pfsense, or other implementations at all… Just good to know the options that are out there.

i always thought a pi hole over VPN with DNS TLS would be the way to go so your mostly pulling DNS from local. that or VPN with it’s own DNS which i think most do?

Apparently I made over 3M requests in the last three months.

I have no sense of scale.


1 Like