Hello everyone, beginner here. I bought NextDNS premium almost a year ago and love it; I set it both in the browser and system wide on all my devices. I then recently bought proton VPN and thought that I could just use proton VPN with nextdns. I started reading the proton article regarding custom DNS - apparently it isn’t recommended to use PVPN with a third party DNS as PVPN already has netshield and this might cause DNS data leaks. I use windows PC and android devices.
What advice do you guys have for me? Keep my current next DNS configuration and continue using PVPN with netshield off? Or remove all traces of NextDNS on all my devices and enable netshield?
My threat model - Average hobbist who doesn’t want his data collected and being tracked.
Another related question - if I were to use a custom DNS with PVPN, do I have to enter it into the custom DNS setting inside the app, or can I just leave that blank and enter the custom DNS in my browser/system settings instead? Or it doesn’t make a difference?
I started reading the proton article regarding custom DNS - apparently it isn’t recommended to use PVPN with a third party DNS as PVPN already has netshield and this might cause DNS data leaks. I use windows PC and android devices.
There are two problems with DNS Provider + a different VPN:
- It makes you vulnerable to possible DNS-leaks
- Websites might be able to track you better.
What advice do you guys have for me? Keep my current next DNS configuration and continue using PVPN with netshield off? Or remove all traces of NextDNS on all my devices and enable netshield?
If you use the VPN, don’t use NextDNS. If you don’t use the VPN, use NextDNS.
My threat model - Average hobbist who doesn’t want his data collected and being tracked.
Then do you even need a VPN all the time?
For most people outside an authoritarian surveillance state DoH (NextDNS) + strict HTTPS (setting inside the browser) is enough.
It might come handy to bypass geo-blocking, protect you in a public and open network or bypass blocking of sites if some of your networks block websites.
Or it might mitigate the surveillance of an authoritarian state.
1 Like
Thank you for the reply! I don’t live in an authoritarian state, but I like knowing that my ISP can’t track my network activity. You mentioned that my current configuration risks having dns leaks where my real IP might be revealed, but how is that different from not using a vpn, where I’ll be using my real IP everywhere?
I would like to counter that: For that threat model (tracking/surveillance) a Trusted VPN is not useless, your ISP could be monitoring your dns traffic if not the IPs of the websites if using Encrypted DNS, VPNs mitigates that whole problem (thats just one example)
Also if you take a look at the other thread, while it is true that it could make you unique using it, if the behavior is expected it cant exactly be considered dns leaks, by defintion it is but it is at this point on a case-by-case/individual basis.