NextDNS is a service you should look into using: it blocks malicious websites, ads, and trackers, gives you full control over your privacy, bypasses censorship mechanisms, makes your requests more secure, lets you enable parental controls, provides real-time analytics, and more. Plus, much of it is open source, which is always a big plus for software that you trust with your data.
If abstract notions of privacy and security haven’t been enough to motivate you to change your DNS before, the massive boatload of features that NextDNS has rolled out to everyday users just might. Companies like Cloudflare and Google have been providing high-quality resolution with varying privacy and security protections, but the level of privacy and control now offered by nextDNS was previously hard to get without setting up your own self-hosted Pi-hole.
What is DNS and why does it matter?
DNS (Domain Name System) is essentially the phonebook of the Internet. When you enter the name of a site into your browser, your machine asks a DNS server what IP address that name corresponds to. That server will look up the number corresponding to the name in its list and will tell your computer exactly where to connect.
Conventionally, these requests haven’t been protected or encrypted at all, so whoever is looking up those sites for you (probably your ISP) can get a pretty good idea of your browsing habits even if you’re using an otherwise-encrypted connection. Other third parties can also snoop on your browsing or even hijack the DNS and change the address you get routed to, making it look like you’re on the right webpage while actually directing you to a malicious clone to steal your login information.
Getting started with NextDNS
NextDNS has a setup guide for most of the popular systems, including Windows, macOS, Android, iOS, Linux, and Chrome OS, along with multiple browsers and routers. To get their encrypted DNS and hardened privacy, you’ll need to install a very lightweight program that runs in the background and sends out your DNS requests.
Once you have the program or app installed, you’ll need to configure it via its web interface. You can do that at my.nextdns.io. Creating an account is optional, but recommended, as it’ll help save your settings and manage them in the future, as well as get analytics if you want them.
In the “Setup Guide” section you should see a “Configuration ID.” You’ll want to enter that into the apps you’ve installed, as that’s how they know what settings to apply and how to treat logs and analytics. Once you have the ID set up in your apps, you should see a confirmation at the top of the “Setup” page that shows your device is using NextDNS.
Here, NextDNS allows you to select lists of sites that you want to block, from continuously updated threat intelligence feeds to sites that are typosquatting or using international characters to masquerade as other sites. Going with the defaults on this one is a safe bet, but they could inadvertently block a legitimate site you want to visit. In that case, you don’t need to disable security protections – just add that site to the whitelist a few tabs over.
The top option here is the ad and trackers blocklist, which essentially prevents ads from appearing on websites and stops third-party trackers from phoning home. The default blocklist is quite comprehensive, but if you find content slipping through that you want to put a stop to, you can add even stricter blocklists from their built-in selection.
You may also want to “Allow Affiliate & Tracking Links,” as those don’t really come with a huge privacy cost, and you may need them to get certain deals or so that a site gives kickbacks to someone you want to support.
Don’t want someone on your network to access a certain website, app, or game, or even an entire category? You can pick from a pre-compiled list here, blocking apps like TikTok, Fortnite, Steam, Netflix, and Amazon, as well as whole categories of sites, including porn, piracy, and social. You can even force search engines into safe search mode, block mature YouTube content, and prevent people on your network from using bypass methods like VPNs or Tor.
This is pretty self-explanatory: if you want to access a domain but can’t, put it on the Whitelist. If you don’t want to access a domain but can, put it on the Blacklist.
Depending on your logs settings, you could have a record of every site you visit or a completely blank slate. If you have logs turned on, though, the analytics section shows you which sites your machine is sending the most requests to, how many requests are being blocked (and where the blocked requests are headed), which devices are making queries, where your traffic goes on the planet, and how many of your queries are secure.
There’s even a GAFAM meter that shows you how much of your traffic is going to properties owned by Google, Microsoft, Facebook, Amazon, and Apple. Even if you want to maintain your privacy, keeping your logs turned on for a month or so may yield some interesting browsing insights.
Don’t skip this one! One of the most important privacy settings lives here: your logs. You can disable them completely, meaning NextDNS won’t store any information about your activity at all, or you can enable them and tweak the settings to your liking. You can keep logs for as little as one hour or as long as two years, and you can even choose to store them in the United States, the EU, or Switzerland (which is a pretty good choice for privacy).
It’s also a good idea to enable the EDNS Client Subnet, as this gets you a speed upgrade without really sacrificing privacy. The Block Page is pretty much just a cosmetic choice – it may slow you down a little bit, but it’ll let you know why the site is being blocked.
Testing your NextDNS setup
Once your settings are configured the way you want them, it’s time to check for DNS leaks and make sure your DNS requests are going to the right place. You can do that by going over to DNSLeakTest.com and hitting “Extended Test.” Ideally, you should not see any servers from your ISP appearing. If you do, you may also want to change your browser DNS settings and even your router’s DNS. Firefox actually supports nextDNS in its options, so you can enable it there fairly easily.
Despite still being free and in beta, NextDNS already has a better value proposition than the more established alternatives like Quad9, Cloudflare, etc. They provide better privacy and better control at a lower cost and less setup time than pretty much any existing competitor. It takes maybe ten minutes and no money to set it up and try it for yourself, and it almost certainly won’t make your life any worse.
Image credit: DNS Server