F
ForgottenSeer 85179
Thread author
What are your NextDNS settings and why did you use this instead of default?
Mine are:
- under Security i enabled everything, block Top 10 Most Abused TLD's + ".club"
Reason: i like enhanced security and also the .club domain is used by some streaming sites
- under Privacy i use NextDNS Recommended Ads & Trackers Blocklist, AdGuard DNS filter, UncheckyAds and only have "Block Disguised Third-Party Trackers" enabled
Reason: While the default list is good, i also like the AdGuard list. The Unchecky list is small and maybe useful for some user's in my network
- under Parental Control i block "Piracy" and "Gambling" and only have "Block Bypass Methods" enabled
Reason: This is a default config every device is used in my network (as i config this encrypted DNS at router level) so i don't want restrict to much
- under Denylist i added "*.ampproject.org", "*.ampproject.net" and "*.amp.cloudflare.com" which block Google AMP crap
- under Allowlist i added "*.microsoft.com" as i use Windows so it doesn't make sense to restrict any domains
- under Settings i enabled "Enable Logs", "Log domains", "Anonymized EDNS Client Subnet", "Cache Boost" and disable "Log client IP" & "handshake" & "enable block page" and also change storage location to "EU" and change "log retention" to 1 month
Reason: best privacy
Now you!
Mine are:
- under Security i enabled everything, block Top 10 Most Abused TLD's + ".club"
Reason: i like enhanced security and also the .club domain is used by some streaming sites
- under Privacy i use NextDNS Recommended Ads & Trackers Blocklist, AdGuard DNS filter, UncheckyAds and only have "Block Disguised Third-Party Trackers" enabled
Reason: While the default list is good, i also like the AdGuard list. The Unchecky list is small and maybe useful for some user's in my network
- under Parental Control i block "Piracy" and "Gambling" and only have "Block Bypass Methods" enabled
Reason: This is a default config every device is used in my network (as i config this encrypted DNS at router level) so i don't want restrict to much
- under Denylist i added "*.ampproject.org", "*.ampproject.net" and "*.amp.cloudflare.com" which block Google AMP crap
- under Allowlist i added "*.microsoft.com" as i use Windows so it doesn't make sense to restrict any domains
- under Settings i enabled "Enable Logs", "Log domains", "Anonymized EDNS Client Subnet", "Cache Boost" and disable "Log client IP" & "handshake" & "enable block page" and also change storage location to "EU" and change "log retention" to 1 month
Reason: best privacy
Now you!