Introduction

From my previous article like Tutorial to setup your own DNS-over-HTTPS (DoH) server or Tutorial to setup DNS-over-TLS (DoT), you gather how to setup your self a full DoT or DoH solution. This is not always easy, neither always worth the time to do.

Through the time, I realized I couldn’t keep up with the different component that needed to be updated and wanted a full solution that would handle everything for me. From ADBlocking to DoT and DoH. That how I found NextDNS.

What is NextDNS

So NextDNS, is a free, secure, easy, fast solution providing you with a DNS endpoint that you can configure to your needs. Going from choosing what ADBlock list to use, to what to whitelist while passing throught seeing the log for each device.

Pricing

NextDNS is free for up to 300k monthly request, then 30$ per year for unlimited request. In my case, I opt to pay for the service, it’s such a breeze to use that I felt it worth it’s price.

Adblocking

The first feature is called “Privacy”, basically you can choose from a myriad of blocklist to block ads and other type of trackers. It’s easy to use, just click “Add” and that’s done.

NextDNS add a blocklist setting in privacy tab

Logs

A great feature for me, a clear UI to see the log, what device done what request, was it blocked, why was it blocked etc …

Log UI, filterable by device, searchable by domain

For privacy, you can also disable logs completely, change how long they keep them and in which part of the world (Like Switzerland). This is great when privacy matters to you. You can also download the logs and clear them at anytime in the Settings UI.

Installation

In my case, I decided to directly install their client in my router. This way I can have it gather the name of the different clients automatically and I don’t have to install it on each device.

I have a Ubiquity UDM, so the installation was pretty straightforward as explained on their wiki. Just had to install the client, and now all DNS traffic is redirected to NextDNS.

Android

As said at the beginning, they provide DoT and DoH out of the box. So you can directly configure your Android device (after 9.0) to use their service without needing to install their application.

All you need to do is check to scroll a little on the setup page, they’ll give your unique server ID that you can personalized to recognize the device.

Example: AAAA12.dns.nextdns.io

So if you want to set it up for John android device: John-AAAA12.dns.nextdns.io.

This way you’ll see a device called John in the logs.

Browser extension

Chris in the comment section pointed me toward a great extension to manage NextDNS directly from your browser, like whitelisting domains directly from the logs, sorting the whitelist, etc …

A lot of quality of life improvement of their UX: https://github.com/hjk789/NXEnhanced

Dark Mode

NXEnhanced (this link opens in a new window) by hjk789 (this link opens in a new window)

Adds “quality-of-life” features to NextDNS website for a more practical usability

Review

I have been using NextDNS for more than a year, it I’m really happy with it. They have an extensive list of blocklist for ads/privacy. The whitelist (allowlist) is easy to use and get applied nearly instantaneously.

My only negative point is the lack of proper UX to set configuration per device. You don’t have the concept of a main configuration that can be overridden. You need to setup a full new configuration and then assign it to the specific device. That mean you’ll have everything separated for that device, logs, whitelist, blocklist, dns endpoint, etc …

But other than that, it works flawlessly, it replaced my PiHole with DoT/DoH setup and personally, I won’t go back to have everything setup myself. It was always a pain when something broke, here, NextDNS just works.