Posts

Greatly improve your security using NextDNS

avatar of @themarkymark
25
@themarkymark
·
·
0 views
·
3 min read

NextDNS is more than a tool to block ads. NextDNS is able to be filter out threats and malicious content across your entire network.

I highly recommend checking them out, as it is easy to use and highly effective.

You maybe familiar with Pi-Hole, a service that runs on a Raspberry Pi to block ads on your network rather than just from your browser. NextDNS is similar to this, but does a lot more.

I have found over 10% of the traffic on my network is filtered with NextDNS. This is largely ads and trackers, but there is also a significant amount of dangerous content in there as well.

Setting up NextDNS is really simple, and can be installed within 60 seconds. Once installed you can adjust your own personal configuration page to adjust what settings you want for your network.

In my case, I have most of the features enabled.

I also have a few addition lists enabled for addition protection. One of the things I really like about NextDNS is the ability to block OS level telemetry like Apple and Windows. This prevents a lot of phone home and privacy invasion across your network, not just your machine.

You can even install the client on your mobile device for when you are not on your own network.

Many of the popular uBlock Origin / AdBlock lists are available to use with just a single click. Although many of them are not updated frequently, so keep that in mind when you select your lists. I recommend just sticking with NextDNS Ad & Trackers, AdGuard DNS Filter, and OISD as the most reliable and frequently updated lists.

Another big advantage of NextDNS is encrypted DNS, this prevents your ISP from easily collecting your browsing habbits and injecting ads or snooping. Previously the only way to do this easily was to use CloudFlare's DNS (1.1.1.1) but this did not offer the amount of security that NextDNS does.

Setup is really easy and once you set it up, you have access to a portal that gives you many configuration options for your network. NextDNS provides protection for all your Internet enabled devices. Configuration varies depending on the device you are using, but I recommend looking into the setup options carefully as it is more than just replacing your DNS settings. You want to ensure you use Encrypted DNS which requires additional considerations.

I also recommend you run their client, this will allow for easy configuration, full encrypted DNS support, and the ability to identify traffic on your LAN by device.

If you enable all features, there is a chance you will get false positives (legitimate traffic blocked). This can easily be identified and resolved by looking at the detailed logs filtering by blocked connections and adding specific whitelist entries as needed. If you have used a Pi-Hole device, you likely are already familiar with this. This should be extremely rare depending on how aggressive you do the settings. I have everything enabled with fairly aggressive configration and I rarely ever have to add anything to the whitelist.

There are a few options you can enable to increase performance as well. I recommend enabling these although the difference is minor.

Another nice feature is support for Web 3, this is really cool as many browsers don't have full support for IPFS or crypto domains yet (Brave does), so you can get full support of these features without running a browser plugin for each of them. Even more useful when on mobile where there may not even be support for these features.

While some users can fit in the free account, it is likely you will go through the 300,000 free queries per month using it for your entire household. A paid Pro account is only $20/year and well worth it.

It is one of the best $20 bills you will spend this year.

Oh, and if you haven't been following recent events, Google will be making changes to their browser (and any other browser like Brave that forks off it) that will drastically reduce the effectiveness of AdBlock software by restricting APIs needed to block ads. Once this comes in effect, services like NextDNS will be the only way to effectively block intrustive ads and malicous content.

If you are not doing it already, I highly recommend moving to Brave Browser for additional security and privacy.

All screenshots are from NextDNS website.

Posted Using LeoFinance Beta