I’ve seen several posts about NextDNS. I’m intrigued. I’d appreciate an assessment from those who have or are using it.
Before installing to try it, I want to know if it creates friction and problems that would cause me to regret installing it.
Thanks in advance for any insight! 
As always, there’s an app for that 
I have the app on my all devices, Mac, iPhone and iPad.
For me totally friction free.
Works really well. I put on a set of fairly aggressive blockers so I sometimes have issues with sites (e.g. clicking a link on an email, some business sites), but on desktop I have the NextDNS toggle in my task bar and just toggle it off if an issue arises. You can also set certain URLs as “safe” so it won’t block traffic to/from that site. I’ve been really happy with it. It blocks so much junk.
If I do turn it off momentarily and happen to forget to turn it back on, it doesn’t take long to notice. When I’m on the web and think “what is all this junk all of a sudden!”, then I know I forgot to turn NextDNS back on. One sure signal is ads within Apple News. If you see those, it’s off.
Could this effectively replace my ad blockers?
I’ve been a customer for years. It doesn’t solve every problem but it adds a helpful layer of protection and the logs can be useful. It’s easy to set up on any desktop OS.
NextDNS is a great service (I’m a paying customer since their launch), but like any DNS service it can only filter on domain names, not on the full path in a URL.
Ads that are served from the same domain as the main content can therefore not be blocked by a DNS service, which means that they cannot fully replace your current ad blocker.
Naive question perhaps but … How does this all replace or add to Little Snitch (as another app that I hear praised)? Especially for someone such as me contemplating whether and when to add such blocking services (on my macOS)?
–
JJW
I love it. Basically it’s a pi-hole with extra convenience. Integrates with Tailscale as well.
They have overlapping functions in some respect. Both block access to websites that serve ads (and indeed malware).
Little Snitch gives you more fine grained control on an app by app basis, but only on a Mac.
NextDNS will let you block at the router level, and thus will block ads on every device attached to your WiFi router.
I use both, for various reasons, but I think NextDNS covers more bases.
I use NextDNS along with uBlock Origin. FYI, they now have a Lite version as an extension for Safari in case folks missed it.
NextDNS is set up on all of my family’s devices. I use different profiles for kids, grownups, myself, etc.
I am likely going to also set it up at the router level one of these days as a catch all in case I forget to assign a more restrictive profile.
I do have Little Snitch on my Macs but disabled the ad blocking filters for now since they are handled elsewhere.
I’m also using both (NextDNS on my router and Little Snitch on my MacBook Air).
Do you also use NextDNS as the custom DNS Encryption option in Little Snitch?
I do, for when I’m using my Air outside of my home, but lately (since upgrading to macOS Tahoe?) I’m experiencing problems with that setup that I never had before: domains sometimes stop to resolve (in particular my own domain that I use for self-hosted stuff…).
Fraid not. I use a Tailscale mesh, so it handles the routing to NextDNS whenever I’m out and about.
Specific to your question of friction: If you use their .mobileconfig files instead of the App Store Apps (as described here, it’s very simple), then NextDNS will work alongside of (not instead of) Private Relay.
This method also brings the latency from “barely detectable” to “undetectable”. Some argue that site load times can even end up lower than before, because fewer page elements are being loaded. I don’t know about all that, but it’s certainly not anything I notice.
I would not say it replaces a browser-level ad blocker. NextDNS alone will remove many types of ads from websites, but a browser-specific one will still be better at getting all the different web-specific types of ads. NextDNS is more “broad spectrum”.
I am using OpenDNS which is configured on my router. For years this has been configured and works in background. Once in a while I do get message saying website is blocked which reminds me that I have OpenDNS configured.
Is there any specific advantage NextDNS provides over OpenDNS?
NextDNS is better imo. You can add your own blocklists (I use Steven Blacks excellent lists) so it’s much more comprehensive. It has better analytics, you can see in the dashboard which devices are accessing which sites. It has apps for most devices so you can use it everywhere, rather than just in places you can enter the dns manually. Plus it’s run by an independent company in the EU, not by a big tech firm in the US.
OpenDNS is fine if you want to put it in your router and never think about it, which seems to be how you use it. But if you want more control and options, NextDNS offers that.
I use Tailscale as well on that Mac…
Which DNS service do you use in Little Snitch’s DNS Encryption settings? ((Tailscale’s MagicDNS (100.100.100.100)?)
Or don’t you use that feature at all?
I’ve never bothered. Since I’m always on Tailscale, what would the benefit be?
Before I started using Tailscale I used this Little Snitch feature to encrypt DNS requests from my Mac to the NextDNS server (adding a little privacy protection?).
However, I’m indeed not sure it adds anything when also using Tailscale. Need to think about that…
Maybe that I can use HTTP3 or Quick instead of DoT or DoH (which might be a bit faster, though I doubt I would notice…)?
Maybe device identification?
Will my Air still be listed as such if I don’t use a specialized link that contains the device name and just use 100.100.100.100 instead?