It is no secret that I am a big fan of DNS and, therefore, it's a no-brainer that I am kicking off the Privacy Cookbook's 'Best of 2021' series with the best DNS services and operators.
That said, DNS is a tricky one, for one, it is simple but when you combine it with firewalls, other apps and ad-blockers, it becomes more complex but way more effective. So, I have divided this up into different categories.
Category 1 — DNS-over-HTTPS and DNS-over-TLS
The first Category goes to simple DNS combined with ad-blocking.
No apps, no customization, just plain DNS.
So AdGuard DNS, BlahDNS, Quad9, dnsforge and Mullvad.
We have tested them all and, of course, it's partially a question of where you are located, so speed might be different based on this and other factors. On this plain DNS services with no customizations option, I give Mullvad the winning hand based on speed, company reputation, it being free and only taking a second to setup.
Set up is possible in browser or on Android phones. The problem is with iOS on this one and when you use an iOS device I would give DNS out of the box to AdGuard, who has a profile file to download and will handle your DNS system-wide on iOS.
This first category is so simple to set up, no-one should really have an excuse not to use DNS encryption.
Category 2 — Same approach with customization
This one is quite the sweet spot when it comes to ad-blocking options and ease of use. here, I have only two nominees, NextDNS and DeCloudUs.
Both services have paid and free options. However, they are very different when it comes to the payment and setup.
NextDNS lets you use the DNS service for free as long you stay under 300,000 queries a month, which is plenty when you use it on a cellphone. I use NextDNS in the paid-for pro version, which has the same features built in but allows unlimited queries. NextDNS is similar to AdGuard Home or Pi-Hole but lives in the cloud. You do not need to install anything, just copy your unique URL to the DNS-over-TLS/QUICH or DNS-over-HTTPS.
NextDNS has a massive list of services and blocklists you can access, and is really second to none when it comes to the power you have in your setup.
The second approach is DeCloudUs which is extremely easy to set up.
You can DeGoogle, DeApple, DeMicrosoft and, of course, block ads and malware with their pre-configured servers. On the paid service, what is really interesting, you can allow and delay domains. DeApple is something new on DeCloudUs and the Google domains they block is second to none!
These are both fantastic options, DeCloudUs is excellent when it comes to blocking Apple, Google, Facebook and the like and in explaining which domains you need to whitelist to receive push notifications or use Apple Music for instance. NextDNS, on the other hand, gives you a full-blown setup where you have more options.
These two are very close and are probably already your personal choices for your treat level.
And as fascinating and easy as the setup for DeCloudUs is, I'm still going to give this category to NextDNS. Just because you have more options and can (if you so choose) see your traffic and block and allow as you go. It is still worth repeating that these are both excellent and both offer computer, browser and cellphone setups including iOS profiles.
Category 3 — Advanced with apps/firewalls
This is the category most privacy advocates use, and the beauty is that you can combine in this category with any of the winners from the previous categories.
In this category, we're focusing on mobile and the nominations are RethinkDNS & AdGuard.
I didn't include other firewalls such as NetGuard or AdAway because today it's about DNS, and AdGuard and RethinkDNS are covering this category the best and most comprehensively.
This category, for Android, goes, hands down, to RethinkDNS. DNS with a firewall and then in a possible combination with Tor (orbit) is just outstanding and, unlike AdGuard, you don't need to download a certificate. RethinkDNS is my daily drive in 2021 and because I am (occasionally) a little crazy I combine it with NextDNS. I know, it's probably overkill, but It works for me ;)
Sadly, RethinkDNS does not yet have an iOS version, so I need to split the winners. RethinkDNS is the king of DNS/firewall on Android and AdGuard takes it for iOS. And here is where AdGuard shines most, as it lets you delete and block objects and scripts on websites and remember that when you visit them the next time. Combine it with DeCloudUs and the DeApple domains and you will have an almost 'Apple-free' Apple device.
I could have gone on to include a 4th category and feature DNS/firewall combinations along with your Raspberry Pi. But, as I said before, today is more about DNS. Overall, my love goes out to all of these services and apps. You guys are making the internet a better place and every single person who uses your services, a less 'spied-on' individual.
Privacy is a basic human right! DNS is a good, first step towards getting a little bit of that right back.