What do you want advice about?
How NextDNS can be used in conjunction with iCloud Private Relay
What have you considered or looked at already?
Many posts on forums, including this one and NextDNS’s community pages
In brief, tell us about your privacy threat model?
I’m mostly concerned about companies tracking my activity on the Internet. I used to use a VPN service (ProtonVPN) but have stopped using VPNs from non-public wifi networks (e.g., locations I trust, such as my home) since pretty much every website I visit is an https:// website. I thought using a DNS service such as NextDNS would be a good approach rather than a VPN. I am trying NextDNS now on macOS and iOS using Profile installs. But macOS doesn’t appear to be using NextDNS, whether Private Relay is active or not (in Safari, NextDNS dashboard light is red). On iOS, NextDNS appears to work only when Private Relay is deactivated.
I’m quite confused and any help based on your own experience would be most appreciated.
Try the macOS NextDNS client from the macOS app store and remove the NextDNS profile, for some reason it has stopped working on new versions of macOS.
According to Apple’s Security Whitepaper you should be able to use custom DNS settings with iCloud Private Relay:
Custom DNS settings
If a user has configured custom-encrypted DNS settings using a profile or an
app, the DNS server specified will be used instead of ODoH. Safari connections
and all unencrypted HTTP connections will also resolve names using the
specified DNS server prior to routing through Private Relay.
An unencrypted DNS server provided by a local network or manually edited
in Settings (iOS) or System Preferences (macOS) will not be used for iCloud
Private Relay traffic.
From my personal testing you can use NextDNS with iCloud Private Relay on iOS. Your devices IP address should show up as that of iCloud Private Relay IP address in your NextDNS logs.
Make sure you follow the intructions on the NextDNS website and install the configuration profile from apple.nextdns.io on your iOS device.
Make sure to update your device to the latest version of iOS and if that doesn’t help I would recommend resetting your network settings:
Settings -> General -> Transfer or Reset iPhone/iPad -> Reset -> Reset Network Settings
Jordan. Thanks so much for your suggestions. Installing the macOS client and uninstalling the profile is the next thing I’ll do. As for iOS, I’ll definitely play around to see why it isn’t working as advertised. I know others have it working as well. I might even try a similar approach in iOS as you suggested with macOS. Thank you again.
Hi, Jordan. Quick update here. Thanks to your help, I was able to successfully get NextDNS running on macOS simultaneously with Private Relay by downloading the macOS app - so all good!
On iOS (and iPadOS), I still had some issues but they now appear resolved. The way I was able to get NextDNS working with a profile installed was to change the Safari Settings “Hide IP Address” option for Trackers and Websites to Trackers Only (Settings → Safari → Privacy & Security → Hide IP Address → Trackers Only). NextDNS seems not to be activated if Trackers and Websites is the active option.
I’m hoping this is a reasonable workaround on iOS. If you have any experience/thoughts, I’m open to them. Otherwise, thank you again for your quick response and help.
Techlore community … I have one follow up question to this topic for anyone who might be able to provide guidance. If NextDNS is running on my Mac, it is my understanding that it operates OS-wide and not only within, for example, Safari, as is the case with iCloud Private Relay. Given this, is there even a reason to have iCloud Relay active at all if NextDNS is doing its job? It seems redundant to me, but I don’t have the technical knowledge to know for certain.
Next DNS and the private relay provide separate services. They overlap a little bit but you still get additional benefits using both. NextDNS helps prevent your web browsing habits from being tracked by your ISP or the wifi networks you connect to. It also helps block trackers and malware. The private relay helps reduce tracking by websites you connect to with Safari by hiding your real IP address from them.
