Tutorial NextDNS: a DoH/ DoT guide

As Lenny_Fox request a NextDNS guide with pictures, here we go - based on Your NextDNS settings thread.

First, info about NextDNS can be read at: official Website & GitHub

I use and recommend using their service in easiest way you can implement. For me that is on router level so i don't need any software on Clients.

Setup Webinterface:

setup.png

The red marked is the one i use in my Fritzbox router DNS settings. Also you should add both DNSv4 from right side ("DNS Servers") and DNSv6 from left side ("IPv6") into your router if for some reason the encrypted DNS has problems.
If that's done, take a look at top and if "All good!" is listed, your setup is finished! (y)

Now we will increase the setup to maximum protection

Security Webinterface:

security.png

Privacy Webinterface:

privacy.png

Parental Control Webinterface:

parental control.png

Denylist Webinterface:

denylist.png

Allowlist Webinterface:

allowlist.png

Settings Webinterface:

settings.png

Done!

Also don't forget to activate 2FA for your account!:

account.png
___________________________________________

Update February 2021:

Changes:
  • moving from NextDNS default list + Unchecky filterlist to "OISD" filterlist for less false positives and better maintained list
  • enable "Allow Affiliate & Tracking Links"
  • add "Dating" to Parental Control

Since Lenny_Fox asked for a NextDNS tutorial with pictures, here it goes - based on the thread Q&A - Your NextDNS settings

Information about NextDNS can be read on the official website and GitHub on.

I use and recommend implementing NextDNS in the simplest way possible in your own setup. For me, it's at the router level, so I don't need any software on the clients.

NextDNS web interface -> Setup:

Setup.png

The data marked in red are the ones I use in the DNS settings of my Fritzbox router.

Both DNSv4 from the right side ("DNS Servers") and DNSv6 from the left side ("IPv6") should be configured in the router if for some reason the encrypted DNS causes problems. This way you have a fallback.
Once this is done, the web interface should say "All good!" at the top and the basic setup is complete! (y)

Now we will increase the whole thing to maximum protection:

NextDNS web interface -> Security:

Security.png

NextDNS web interface -> Privacy:

Privacy.png

NextDNS web interface -> Parental Control:

Parental Control.png

NextDNS web interface -> Denylist:

Denylist.png

NextDNS web interface -> Allowlist:

Allowlist.png

NextDNS web interface -> Settings:

Settings.png

Done!

You should also activate two-factor authentication (2FA) for your account!:

2FA.png
 
Last edited by a moderator:

motox781

Level 10
Verified
Apr 1, 2015
458
Great post. I am confused on setting up my router to use NextDNS. I have Google WIFI, which I believe doesn't allow complex DNS entries, so I used IPv4 DNS servers. Afterwards, I linked my IP from my provider.

It displays "All good" now when I use that IP. When I use a VPN (I set my VPN server to NextDNS also), it says " This device is using NextDNS with no configuration. ". I am sure this is correct and working as intended?
 

Soulbound

Moderator
Verified
Staff member
Jan 14, 2015
1,775
Thank you for your guide.

One question:
If you decide to stay on the free plan, NextDNS will simply behave like a classic public resolver after reaching the 300,000 queries limit.

300k Queries, how many queries per month will a general browsing user and a gaming + browsing user would achieve?
 

EndangeredPootis

Level 10
Verified
Sep 8, 2019
452
Thank you for your guide.

One question:
If you decide to stay on the free plan, NextDNS will simply behave like a classic public resolver after reaching the 300,000 queries limit.

300k Queries, how many queries per month will a general browsing user and a gaming + browsing user would achieve?
My computer habits fit the bill, and I have an average of 175-225k queries a month, or around 50k a week, sometimes 70k.
 

Andrew3000

Level 7
Verified
Feb 8, 2016
343
Thank you for your guide.

One question:
If you decide to stay on the free plan, NextDNS will simply behave like a classic public resolver after reaching the 300,000 queries limit.

300k Queries, how many queries per month will a general browsing user and a gaming + browsing user would achieve?

I only use it on my smartphone thanks to Doh/Dot and mobile network support because I use AdGuad Home for my home network. For now, I'm on 100k queries. Depends a lot on what you do, I think you should try it.
 

SecurityNightmares

Level 37
Verified
Jan 9, 2020
2,661
@security123

Two qestions:

1 Do I have to sign up to save my settings?
View attachment 245495


2. Where did you enter the Kees1958 Top3000 list?
1: I never see that message but it say what you need to do :D

2: in Edge "other" list but of course you need to change it before for making it compatible. I simple do that with search&replace in notepad.
 

Lenny_Fox

Level 21
Verified
Oct 1, 2019
1,060
Ok thanks

EDIT: I have copied your setup, with these blocklists, because the default NextDNS blocks something in NU.NL (d Dutch news website), which Adguard DNS did not. I did not copy Kees1958 Top3000, so currently using only Edge Anti-Tracking on strict (with 5 domains added through OTHER) and NextDNS. I really like the idea of native ad blocking in the browser with doing the bulk of blocking at the servers of NextDNS.
1598219017206.png


Copied this setup on my girlsfriend's laptop. She only has three extensions in Edge: Blank Tab, Trustpilot and Netcraft (because Netcraft also shows when a website was first seen (websites which are new have a higher risk of being malicious, phishing or fake website), combined with Trustpilot it helps her to stay away from bad webshops.
 
Last edited:

JoyousBudweiser

Level 11
Verified
Aug 22, 2013
538
NextDNS blocks something in NU.NL
Flush the windows dns, delete ( clear) the current logs in the Nextdns account and disable the cache boost. Now go to your nu.nl domain from your nextdns linked device. inspect the logs by switching to "blocked queries only". now you can pin point what's getting blocked by nextdns with respect to the Nu.nl domain. Add those to the allow list. Re-enable cache boost
 

Lenny_Fox

Level 21
Verified
Oct 1, 2019
1,060
1. Remember that allow this on DNS level allow it everywhere. On all sites.

2. Also you can make more profiles in NextDNS with e.g. one for your girlfriend and one for you
1. Yes, but that is the beauty of using build-in Edge anti-tracking as a second layer. DNS level blocking is like uBlockOrigin using strict blocking, MS anti-tracking seems to work like uBO with strict blocking disabled (no-strict-blocking: * true)

2. No, my ISP allows me to have 10 aliases on one email address, so I am using an different email alias for every device, this way every device is allowed 300.000 queries free :)
 

Lenny_Fox

Level 21
Verified
Oct 1, 2019
1,060
Would this setting in NextDNS not be enough?
View attachment 245507

Well she recently bought stuff from a seemingly Dutch website, hosted in Canada, which company originated from the UK and existed three months with no trustpilot reviews. The clothes she bought were send to her after 30 days, but synthetic in stead of the cotton advertised, also prints somehow resembled the ones pictured on the website . It was her first bad buy on the internet, so now she checks the trustpilot extensions and "seen since date" of Netcraft. I told her to not buy from websites which were less than a year active or have a lower than three stars rating on trustpilot.
 

SecurityNightmares

Level 37
Verified
Jan 9, 2020
2,661
2. No, my ISP allows me to have 10 aliases on one email address, so I am using an different email alias for every device, this way every device is allowed 300.000 queries free :)
That's very nice!
For my girlfriend and me the 300k queries would be enough but I buy Pro as I like supporting them. 20€/ year isn't soo much for such a great service
 
Top