NextDNS

What is NextDNS?

NextDNS is easy to set up and works on every device regardless, Linux, Mac, Windows, iOS or Android. And the best of all is that you can even make it work with your existing VPN.

NextDNS is basically a DNS service, with an 'integrated Pi-hole' to the cloud. They use their own proprietary software (parts of which are open-sourced) but it is not actually a Pi-hole. It is similar in that it blocks domains across networks, however, Pi-hole needs to be installed locally and only functions when the device is running whereas NextDNS provides those cloud-based features without the need for installation or any maintenance.

It also provides IPv6 coverage, DNS over TLS (DoT) and DNS over HTTPS (DoH) as standard. They are privacy-friendly and their terms & conditions state that they do not retain any user data. Their UI (user interface) is straightforward, with a dashboard accessible via any internet connection.

Setting up is reasonably simple, all well detailed on their site and you can start to quickly build up your Deny and Allow list.

Special & Noteworthy Features 

NextDNS’s adblock DNS Service – Special & Noteworthy Features lists categories to block. It is possible to choose from lists of categories or areas which you want to block or allow and in the advanced setup mode you can identify individual URLs for ‘treatment’.

This is really cool as you can select a large number of blocks and have literally millions of websites, trackers and analytics blocked before they ever reach your device. 

The blocklist also has No Facebook and No Google as an option. It has blocklists for Smart TVs which are sending metadata "home".

Overall, even with a Pi-hole setup you won't get many lists easier to pick and all without the headache of searching through github or forums to make your home safe, it's easy, just select what you need and what you don't and you are set!

Native Tracking Protection

On the same page, you can also select some Block Native Tracking Protection:

This includes Xiaomi, Huawei, Samsung, Amazon Alexa, Windows, Apple, Roko and Sonos. On the same page again, you can also block third-party trackers or allow (not recommended) 'Affiliate & Tracking Links'.

Parental Control

On Parental Control, you can deselect services like WhatsApp, Discord, Twitch, TikTok, Instagram, Facebook and the like, if you so choose, and even have that feature time-barred to 'on and off' when you want to allow your kids to use it.

Categories

There is a Categories section that includes Porn, Gambling, Privacy, Dating and Social Media.

The rewrite feature allows users to redirect a domain to a differing domain or IP and their analytics can be set to provide graphs and lists of the blocked and most accessed domains.

These settings allow you to monitor logging, data retention periods, DNS Rebinding Protection and the DNS blocking modes.

Which brings me to the Allow and Deny list. If you have, like me, a kid at home but have blocked everything Google, you might have a hard time as YouTube won't work! So, you can add the needed domains to the Allow list or, of course, introduce and explain Invidious to your kids and give them a link to proxified instances, so you do not need to have any Google servers on the Allow list.

The stats will show you what happened and what was blocked the most:

Overall, I still say that Pi-hole or AdGuard Home are the best solutions when it comes to privacy setups at home, but if you'd like one for 'on the go' at home and DNS encrypted and which doesn't need much skill and/or knowledge to set up then NextDNS is a solid solution for all your devices!