3 minutes reading time (632 words)

Privacy Cookbook - Chapter 2.1 - nextDNS

nextdns
NextDNS - easy adblocking with DoT and DoH

On paper, nextDNS would appear to be the Holy Grail when it comes to DNS services, but let’s not get carried away ;)

nextDNS is basically a DNS service that has an "integrated pi-hole" to the cloud.
They use their own proprietary software, so it is not actually a Pi-hole.



The service comes with easy setups for routers, every OS and it even has apps for iOS and android.


So you can have a dynamic DNS setup on your router that automatically updates your IP address on the server.
You can then use it on any devices within the network including your desk or laptops, tablets, mobiles or another internet enabled device.



It is similar to Pi-hole in that it blocks domains across networks, however, Pi-hole needs to be installed locally and only functions when the device is running whereas nextDNS provides those cloud-based features without the need for installation or any maintenance.

It also provides IPv6 coverage, DNS over TLS (DoT) and DNS over HTTPS (DoH) as standard. They are privacy-friendly and their terms & conditions state that they do not retain any user data.



Their UI (user interface) is straightforward with a dashboard accessible via any internet connection.



Setting up is reasonably simple, all well detailed on their site and you can start to quickly build up your black and whitelists.



nextDNS’s adblock DNS Service – Special & Noteworthy Features


Lists of categories to block


It is possible to choose from lists of categories of areas which you want to block or allow and in the advanced set up mode you can identify individual URLs for ‘treatment’.

This is something really cool as you can select a big amount of blockers and have literally millions of websites, trackers and analytics blocked before it ever reaches your device.




You can also select services like WhatsApp, Instagram, Facebook and the like for blocking (if you so choose) and even have that featured time-barred i.e. only blocked for a specified period.

Redirecting domains by rewrites


The rewrite feature allows users to redirect a domain to a differing domain or IP and their analytics can be set to provide graphs and lists of the blocked and most accessed domains.




These settings allow you to monitor logging, data retention periods, DNS Rebinding Protection and the DNS blocking modes.



The iOS version now also has a feature where you can select a nearby but private destination, in our case we have recently ‘moved’ to Hong Kong!



This sounds all really good, does it not? Well yes and no........so why we don't love it like we should?


First of all, when you dig deep you find the 3rd party cookies from Google including google analytics, googlapis and other ‘googly’ s**t’ in there.
Ok, we understand that's for stats, but if you offer privacy...that is not the kind of stuff you want to see!



Additionally, the service is registered and hosted in the USA and that a big No-No for us. But the final and biggest NO! is Cloudflare!
The service uses Cloudflare and if you don’t know about them, maybe read this article. 

 (As a side experiment, try accessing their white paper via TOR......that is of course triggered by the cloud fair protection ;))



Overall, a good job, guys, and definitely a step in the right direction, but we can't give you the double thumbs up that you would deserve if your service actually delivered privacy in a cloud ;)



Endnote: For adblocking, we recommend a Pi-hole or Adguard Home setup which we will cover soon here in DECENTRALIZE.TODAY and back link to here.



If you have an iOS device, we will have something pretty cool covered for you tomorrow - DNSCloak

 

Comments (0)

Rated 0 out of 5 based on 0 voters
There are no comments posted here yet

Leave your comments

  1. Posting comment as a guest. Sign up or login to your account.
Rate this post:
Attachments (0 / 3)
Share Your Location