security123

Level 24
Verified
What are your NextDNS settings and why did you use this instead of default?

Mine are:
- under Security i enabled everything, block Top 10 Most Abused TLD's + ".club"
Reason: i like enhanced security and also the .club domain is used by some streaming sites

- under Privacy i use NextDNS Recommended Ads & Trackers Blocklist, AdGuard DNS filter, UncheckyAds and only have "Block Disguised Third-Party Trackers" enabled
Reason: While the default list is good, i also like the AdGuard list. The Unchecky list is small and maybe useful for some user's in my network

- under Parental Control i block "Piracy" and "Gambling" and only have "Block Bypass Methods" enabled
Reason: This is a default config every device is used in my network (as i config this encrypted DNS at router level) so i don't want restrict to much

- under Denylist i added "*.ampproject.org", "*.ampproject.net" and "*.amp.cloudflare.com" which block Google AMP crap

- under Allowlist i added "*.microsoft.com" as i use Windows so it doesn't make sense to restrict any domains

- under Settings i enabled "Enable Logs", "Log domains", "Anonymized EDNS Client Subnet", "Cache Boost" and disable "Log client IP" & "handshake" & "enable block page" and also change storage location to "EU" and change "log retention" to 1 month
Reason: best privacy

Now you!
 

rockstarrocks

Level 21
Verified
I have added AdGuard DNS filter along with default one. Block Disguised Third-Party and Block Bypass Methods are also enabled.
I can't seem to figure out why there is a DNS leak on the system (even though NextDNS seems to be working fine, tested by enabling parental control)? Is there any option to enable DNS over HTTPS/TLS to prevent this?
 

security123

Level 24
Verified
I have added AdGuard DNS filter along with default one. Block Disguised Third-Party and Block Bypass Methods are also enabled.
I can't seem to figure out why there is a DNS leak on the system (even though NextDNS seems to be working fine, tested by enabling parental control)? Is there any option to enable DNS over HTTPS/TLS to prevent this?
What DNS settings did you use and where?
I don't have any leaks here.
NextDNS provide all types of DNS.
 

rockstarrocks

Level 21
Verified
Try adding NextDNS to Windows DNS settings. They're currently not compatible for DoH or DoT (Windows will get that in future) but just to check if that help against leaks
Will try that.

You should not expose your nextdns servers publicly. Anybody can hope on your dns server ip and eat to your allotted 300K queries. Please remove the third image you have attached, it contains your unique Nextdns server address.
Are you sure about that? Providing separate DNS servers to each user seems like a lot of work on the part of NextDNS. I deleted that image though.
 

Jan Willy

Level 3
under Privacy i use NextDNS Recommended Ads & Trackers Blocklist, AdGuard DNS filter, UncheckyAds
Adguard DNS filter and UncheckyAds are already integrated in NextDNS Recommended Ads & Trackers Blocklist.
See nextdns/metadata
I don't use Parental Control and Google Safe Browsing.
Native Tracking Protection: only Windows (abusive tracking).
In the last 30 days is 5,34% of the queries blocked.
 

security123

Level 24
Verified
Adguard DNS filter and UncheckyAds are already integrated in NextDNS Recommended Ads & Trackers Blocklist.
See nextdns/metadata
I don't use Parental Control and Google Safe Browsing.
Native Tracking Protection: only Windows (abusive tracking).
In the last 30 days is 5,34% of the queries blocked.
Nope. That are only all the lists they provide.
by default these privacy lists are used:
- https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts
- https://raw.githubusercontent.com/jdlingyu/ad-wars/master/hosts
- https://raw.githubusercontent.com/VeleSila/yhosts/master/hosts
- https://raw.githubusercontent.com/tiuxo/hosts/master/ads

See nextdns/metadata



Still getting DNS Leak :(
I think I will uninstall the NextDNS app and try out the NextDNS through YogaDNS.
First try without any app. Just change Windows settings.
 

JoyousBudweiser

Level 9
Verified
Will try that.


Are you sure about that? Providing separate DNS servers to each user seems like a lot of work on the part of NextDNS. I deleted that image though.
Yes because of two reasons
1.They offer only 300k queries for free per month, anything over that you need to pay $2 or the filtering service ( not the dns service) will stop. So they need to identify you to log the number of queries.
2. There is query counter ( click on the down arow on your user name) as shown below, the query counting will not stop even if you use the ipv4 dns address in router or windows dns setting that simply means the dns server address is pretty unique.
Untitled-1.jpg
 

rockstarrocks

Level 21
Verified
That doesn't work cause of my scummy ISP. Any unencrypted DNS with be hijacked by them.
This is their excuse to do this.
 

JoyousBudweiser

Level 9
Verified
You can shift dns server on the fly in yoga dns or use a separate dns server for some specific address. it is so versatile. You just need to go to configuration> first start wizard and add each dns servers one by one. then to change dns servers on fly go to configuration> Rules, click down on "Dns server" tab and select your preferred dns server from the list.
Untitled-1.jpg
 

rockstarrocks

Level 21
Verified
You can shift dns server on the fly in yoga dns or use a separate dns server for some specific address. it is so versatile. You just need to go to configuration> first start wizard and add each dns servers one by one. then to change dns servers on fly go to configuration> Rules, click down on "Dns server" tab and select your preferred dns server from the list.
View attachment 244448
Yeah, I know. I was already using it. Just not with NextDNS. It seems like Adguard DNS but with better privacy and very low latency (I get over 160ms with adguard DNS)
 
Top