NextDNS configuration

Hello! Privacy newbie here.

I presently use quad9 DNS, but am considering switching to NextDNS. What intrigues me is the latter’s capability to block trackers: I’d like to use it on my android phone, to block (at least some of) the apps’ tracking (I am using the DDG app at the moment, but I would gladly get rid of it, also because it occupies the vpn slot).

Have you got any advice for the NextDNS configuration? And should I add more filters to the default ones? I read contrasting suggestions on which should be included. My best guess would be to have the default filter list, plus oisd and fanboy enhanced. I do not care about ads filters (I already block them in my chosen browsers, and I do not use apps that have ads in them).

Thanks in advance!

1 Like

Firstly, welcome to the forum.

Before you switch, I should mention that Quad9 does feature malware blocking. From memory, I think the default address does this. I don’t know how effective it is, but it’s better than nothing.

As for NextDNS. You can use as many blocklists as you want. Even manually entering addresses that those blocklists don’t block, by default. Just read each list, to see what you want/need. I have found that NextDNS can have issues when you enable too many, though.

Also, go over the other settings NextDNS offers. It’s quite a handy service.

Quad9 only block malicious domains that are a danger to users, they don’t block trackers.

1 Like

Huge brain fart writing this. Ignore.

Not sure what you are trying to say, but malware and trackers are not the same.

My biggest tip would be to try and manage your own blocklist and allowlist.
Filters often block domains that break sites (ex. Captchas), so the best thing to do is use NextDNS for a while and take a look at your analytics, block unwanted domains and allow the ones you need, while personally managing your filter lists.

Pro-ish Tip: You can bypass your nextDNS config anytime by using a VPN, so keep it ready just in case a site breaks and you don’t have time to enter your NextDNS config. A VPN widget is perfect.

It might get a little frustrating at first but the end result will be worth it!

2 Likes

NextDNS deserves a video - super neat tool! You’re going to hear tons of different takes on what filters to be using.

Currently I use:

  • OISD
  • Fanboy AL
  • NextDNS Ads/Trackers
  • Notracking
  • Lightswitch05
  • Some of the native OS lists

I’m using this many right now mainly to test how they interact with each other - not for any super well thought-out reason. The most extreme blocklist I tried were the Energized lists, but I was having to make way too make exclusions and so it felt too aggressive.

Quad9 is awesome but NextDNS definitely offers a much more unique use-case for people who want instant access to some of the awesome features it provides (custom lists, parental controls, recreation time, etc.)

Second pro-ish tip: Some VPNs can be used alongside NextDNS with certain configs. So if you wanted to use both at the same time, that’s another possibility if you wanted to explore that option! (Currently I’m using IVPN + NextDNS together on all devices)

4 Likes

Thank you all for your thoughts and tips!

I see that there is still no common consensus on which filters to enable (and that’s probably logical, I guess it depends on each person’s needs). I will try to familiarize myself a bit with the tool, look at the analytics, and see if over time I can strike a good compromise between usability, convenience, and privacy.

Glad to hear there’s going to be a Techlore video on this! I look forward to watch it.

Agreed! can’t wait.

That’s cool to know! I use ProtonVPN to bypass my configuration whenever things go south, will maybe dedicate some time to test other VPNs. Thanks for the tip!

You can see traffic in real-time as well so you can experiment with blocking and unblocking domains to check if things work or figure out why It’s not.

1 Like

I’ve been using NextDNS in conjunction with ProtonVPN on Fedora. You can configure custom DNS with the CLI tool; however, you have to link your IP in order for this to work. I wrote a simple startup script and configured it in Systemd to connect to the fastest Switzerland server, enable the kill switch, and then link my new IP by calling my personal NextDNS link via wget. It’s been a great setup for me!