iCloud Private Relay vs vs NextDNS

Looking to the DNS and privacy MPU experts!

At the moment, I have iCloud Private Relay switched on. Years ago I was using Cloudflare’s app. More recently I’ve heard raves about NextDNS because it includes all apps (not just Safari) and blocks tracking and ads. But it seems it’s one or the other, you can’t really use NextDNS with iCloud Private Relay. Is that correct?

I find all these “new” apps or services confusing in what they actually do, or how they are different. I’d like to land on the best option for me i.e. want a simple yet private way of browsing web, blocking IP and tracking.

I’m new to all of this so explain like I’m five!

I use the AdGuard DNS public servers with Apple Private Relay and it works fine. On my iphone & ipad I installed the profile so get the ad blocking DNS regardless of what network I’m connected to. Have also configured the home router to hand out the AdGuard DNS servers to all connected devices on the home network via DHCP.

The instructions on their site are easy to follow.

Here’s some reading to start things off. Note: Private Relay is Safari only. It doesn’t work if you use Chrome or Firefox, etc. Most (all?) other apps etc. will reveal your IP. I’m not familiar with NextDNS but it appear to be a filter. Hopefully other MPUs can offer more info.

Nothing beats a good PAID VPN for hiding your IP address but, IMO, you can never be 100% certain you aren’t being traced. And they normally do not include filters so you still see all the garbage.

Not entirely sure they do work together, but glad to be wrong…
In the case of AdGuard, they still have in their knowledge base this article which indicates that they don’t. It is my understanding that, if they are running together, then one or the other takes precedence and you don’t get the full benefit of either. Too technical for me to figure out, which is why I use AdGuard all the way…

That article relates to using the AdGuard vpn service, whereas the setup I described is for only using their public and free DNS resolvers in place of say or It’s similar to having an ad blocking pi-hole DNS server on your lan without the effort of setting up and maintaining it yourself.

OTOHI was surprised to learn that private relay only works with Safari and doesn’t handle things for all outgoing connections.

So I’m not sure you can use the app and private relay because the app is basically config and set up for a VPN.

You can use private relay and manually set your DNS to

Correct. This won’t work. As said earlier, private relay only works with Safari. Comparing Cloudflare and NextDNS is like comparing apples and oranges; Cloudflare is more security focused while NextDNS (when I tried anyway) is more ad focused.

You can achieve all 3 outsoles. Just can’t achieve all 3 on the same platform. Could be wrong about doing on same platform but I’m certain you can block ads, run Private Relay, and still use

1 Like

You might want to read the NextDNS “Security” section; they have quite a few security related features by now.

Hi :wave:. Not a programmer or privacy expert here. Just a guy.

I like NextDNS and even paid for it, but so far I’ve not found a way to make it work with Private Relay. Nor can I figure out how to get my router to use it because my router doesn’t accept ipv6 dns stuff.

But I still like it. I don’t have an ad blocker on my computer at my new job and I’m like, “Ew!” All the time all day because I haven’t seen an intrusive ad at home for a while lol

NextDNS does not require IPv6.

(My ISP only offers IPv4 and NextDNS works fine on my router)

I know it offers ipv4 with a “linked IP” and I thought that meant I couldn’t use it because I thought IPs changed from time to time? But you think I could just put the ipv4 stuff into my router’s dns and it’d work?

(This, by the way, all indicates just how much of a “power user” I really am lol)

Yes, you would have to do this every time the IP changes (or use a DDNS instead):

I use their encrypted DNS (via the CLI on my router), so I don’t run into this myself.

1 Like

I was thinking the same but… here is what happened to me. I have private relay ACTIVATED on in all my Apple devices. I started setting up CISCO’S openDNS on my router. When I finished setting up the router I used opera BROWSER for checking out if the opendns service is working using a tool they provide. It came out that I was not using opendns as dns resolver. I then deactivated the private relay and the same tool then confirmed that after the deactivation the dns resolver was openDNS. I don’t get it… I think that the most possible explanation is that opera and Firefox use the safari toolkit so private relay handles all dns queries… but I couldn’t check how traffic from apps is handled….