As far as I am aware, adblocking DNS servers (“Netshield” is Proton speak") are almost always a premium/paid feature. I believe one exception is Windscribe which offers limited blocking in the free plan.
Re: Mullvad DNS I am talking about Mullvad DNS inside the Mullvad Browser settings, not their secure DNS service. There is a setting to turn on DNS over HTTPS, at various levels of protection and use their DNS.
Yeah, this is a feature built into Firefox (and inherited and used by Mullvad Browser). But I am almost positive that Mullvad recommends you disable this if you are using Mullvad VPN (or any other VPN). You can check their documentation. As a generalization, it is usually recommended to use your VPNs internal DNS servers when you use a VPN unless you have a clear reason not to and understand the tradeoffs. Fortunately all of the top VPNs offer internal DNS servers that can do Ad, Tracker, and Malware blocking, so you should be able to use your VPN’s DNS servers to accomplish your goals without the added complexity of an external DNS.
- ad and tracker blocking/general web privacy from surveillance capitalism (as well as blocking malware and other threats)
EIther a VPN with an ad/tracker/malware blocking internal DNS (like Mullvad, Proton, AirVPN, Windscribe, iVPN(?)), or another 3rd party adblockign DNS server, or service like NextDNS will help with this objective. But a good Browser based blocker like uBlock Origin or Adguard is an important layer of protection as well.
- block all Apple telemetry
No Blocklist can be expected to reliably and consistently block all telemetry, ads or tracking, especially not first party telemetry, but they can cut down on it substantially. If you want to understand why its imperfect you can search for the term “badness enumeration.”
For reference here are the domains that NextDNS blocks if you enable the “Native Tracking Protection” for Apple
- stop my ISP from seeing my web traffic
A VPN on its own will accomplish this. If not using a VPN, then DNS-over-HTTPS (or TLS) in combination with HTTPS only Mode is a step in the right direction.