Question about VPN and DNS

Hello Techlore community,

I plan on start using ProtonVPN all (or most) of the time. My main reason for wanting to use a VPN is that I don’t trust my ISP and my cellular provider at all. I don’t consider websites trying to track me based on my IP address a threat.

Right now I use NextDNS with custom configuration on my iPhone and I really like the control it gives me over what domains I wish to block.

My question is: How can I setup correctly ProtonVPN and NextDNS together on my iPhone? Is that possible?

Based on my threat model, I don’t care if the websites and my ISP know that I use NexDNS. I just don’t want my ISP knowing which websites I visit.

Thanks in advance

Edit: Maybe this is possible only with third party clients such as the WireGuard client?

I haven’t looked TOO much into this, but I’ve tried to set this up on a family members device. I was under a time limit, so I couldn’t do too much research. What I found was that the phone cannot use both NextDNS and VPN, at the time time. It’ll say that everything is configured properly, but it’ll either be sending DNS quarries to both VPN and DNS, or it’ll just be using the VPNs own DNS. I could not have it setup to use the VPN to connect to sites, and NextDNS for quarries.

So, what I ended up doing was remove NextDNS, and just use the VPNs own DNS. It makes it less identifiable, and I found the network to be more stable. If someone else managed to get both working correctly, I’d love to know how. I’d bookmark the page, and use it for reference in the future.

I don’t think you are able to use another DNS while using a VPN but, there is not really any need to use NextDNS if you are using (and trust) Proton VPN as they use their own first-party DNS over you ISP’s - this is almost standard across reputable VPN’s.

Thank you for your answer. The reason I want to use use NextDNS is that it allows me to choose exactly what domains to block. I know ProtonVPN has an ad blocker (“NetShield”) but as far as I know, you can’t add custom rules.

Your welcome!

I think that is the case, it is just a ‘general’ ad blocker.

As far as I know there is no way to use a custom DNS resolver and a VPN together because the VPN will connect to its own Domain Name System.
Try using Nextdns on your router if you can, I’ve never tried it but you theoretically might be able to use a VPN on your phone while applying the Nextdns benefits from your machine.

I use both NextDNS and ProtonVPN on two Android 13 phones and two Windows 10 PCs. Though the versions have changed slightly, I’ve run both concurrently for a few years now without issue. On my Android TV device (Android 11) I have both installed, but am only able to run one at a time.

Like you, I appreciate the ability of NextDNS to fine-tune the blocking of unwanted web communication.

1 Like

FYI- I have no knowledge of the Apple ecosystem, but happened to run across this post in the NextDNS Help Center.

macOS & iOS: VPN Conflict

“When a VPN is connected, the Encrypted DNS profile is ignored in favor of the DNS server advertised by the VPN with no option to change this behavior.”

I posted a question concerning routers and how to set them up securely. Maybe it would be of interest to you.

You can use Proton VPN with custom DoH (including NextDNS) with an app called Passepartout for iOS and MacOS. AFAIK custom DoH is only supported in the app with the OpenVPN protocol and not Wireguard.

If you don’t need streaming capabilities from your VPN provider, the IVPN apps on iOS and MacOS also support custom DoH.

1 Like

Thank you! This is the kind of thing I was looking for. Do you know if the app is good and trustworthy?

Thank you! This is the kind of thing I was looking for. Do you know if the app is good and trustworthy?

I am not a programmer or infosec professional so I am not qualified to answer definitively. But, the app is open source and the developer is active on Reddit. It is supported through one-time purchases.

As @Shok has said, it is open-source so if you have the ability to inspect the code yourself you definitely should, otherwise, I would research thoroughly about it before using it. Make sure you fully trust it before you use it.