security123

Level 27
Verified
Nextdns took over google DNS



(y) :emoji_beer:
 

security123

Level 27
Verified
It varies from location to location though. Even ISP to ISP. Here I get exact same ping for Cloudflare, NextDNS, OpenDNS, Adguard DNS, Cleanbrowsing DNS which 66 on average now. Pinging Google's main DNS server shows better at result at 39 but the server it actually connects if I use it is worse, 80+.
Sure that depends on own location. That's why the "World" statistic is nice.
 

valvaris

Level 4
Verified
I am relatively new to NextDNS but a veteran in Networking. ;)

What I like in terms of NextDNS allot is offloading the Adblock features from "PFblockerNG" / "Pihole" to NextDNS. That just gave my network a nice boost. Not that I run a potato Firewall but how PFblockerNG handles massive amounts of packets to look in to. Just imagine a Proxy to Proxy service - So traffic comes from one port and needs to travel thru the Rules and PFblockerNG then it can go to the Uplink servers.

In my case it was Cloudflare Sec. DNS over TLS - 1.1.1.2 and 1.0.0.2 @853 TCP

Had major DNS spikes from 10ms - xxxxxms

So the idea was to offload everything that has to do with DNS filtering to NextDNS -> Here is my Guide for Pfsense firewall boxes. <- MalwareTips Guides Forum :D

In the Guide I mention a Client that handles DNS over HTTPS very good without clogging Windows 10 Event logs! Offload DNS to your Router or other network device. That will handle Dynamic IP registration and verification to NextDNS services.

Why not use DNS over TLS like stated in the Guide I had DNS Leaks and will research this in the future. To make a second Guide with DNS over TLS config. Here for the MalwareTips Community!!!! ^^

If more information is needed I am happy to help out.

Sincerely
Val.
 

valvaris

Level 4
Verified
Is it true? Privacytools says something else.
View attachment 248180

Here is a Video that explains DoH and DoT:

->

AND

->

To sum it up DNS is Encrypted with DoH or DoT - What makes you anonymous? Not even VPNs are anonymous coz like DNS Traffic it has to come from somewhere? That is the reason I hate VPN Providers that claim it makes you anonymous that is not right!

Example:

PC ----> Router (VPN Client IP) ========VPN Tunnel====== (VPN IP Client Information) VPN Gateway Provider (Forwarding to Pulic IP of VPN Provider) -------- (Destination Server)

So the one that knows it all is the VPN Provider. Now if the VPN Provider supports DNS Encrypted traffic passing thru. It will look something like this.

Router (With DoH or DoT and VPN Client) =====VPNTunnel===(VPN IP Client Information) VPN Provider (Forwarding to Pulic IP of VPN Provider) ===DoH or DoT Traffic === DNS Provider === Site

Now the VPN Provider can not see DNS Requests since they are encrypted but as all things in the internet still can see from who it came from and were its going to.

1603966890650.png


My verdict is for Home use DoH or DoT is good enough. For Geo unblocking content VPN is the solution. Since the ISP can not look inside the DoH or DoT traffic. Plus the overhead for VPN is gone = Faster internet speeds...

If more information is needed I am here to help.

Best regards
Val.
 

oldschool

Level 57
Verified
Then NextDNS is a good step for you
NextDNS is working with Edge and Brave Nightly because they both have the Secure DNS setting. It's not working in Brave Release with the secure DNS lookup flag enabled. It still shows my system DNS as Cloudfare. I'm using the Next DNS app but no go. Any ideas? 🤔
 

security123

Level 27
Verified
NextDNS is working with Edge and Brave Nightly because they both have the Secure DNS setting. It's not working in Brave Release with the secure DNS lookup flag enabled. It still shows my system DNS as Cloudfare. I'm using the Next DNS app but no go. Any ideas? 🤔
You can config your router using NextDNS. Even if encrypted DNS isn't supported, you still can use their system with filtering. Encrypted DNS is just a nice to have feature.
 

oldschool

Level 57
Verified
You can config your router using NextDNS. Even if encrypted DNS isn't supported, you still can use their system with filtering. Encrypted DNS is just a nice to have feature.
I can't customize my DNS since my ISP doesn't allow it.

But, I figured out the problem was OS hardening: disallowed Elevation of Unsigned Executables. Now the NextDNS app works.

Even simple OS hardening is not always problem-free.
 
Top