NextDNS—Worthwhile?

Kraftwerk · November 27, 2025, 5:28pm

Is there a pre-built one that one can just drop at relatives’ houses?

majorgear · December 3, 2025, 2:24pm

if you want to make it easy for them ( not for you , heh ) then a few ideas are

Build it on an rpi 4 or cheaper device , and then ship it to them. Use cron for running automatic pi-hole and system package updates.
Host it on a VPS for them ( and yourself while you are at it!). The hard part is restricting access to it. If they have a static IP, you can open port 53 to their ( and your!) public IP address. This is what I’m doing. Another, more difficult, more reliable, and more secure way, is to run a VPN server on the VPS and connect their network ( and yours!) to it.

There are free VPS’s out there, but I pay $4 / month to host a bunch of apps on a Hetzner VPS.

Kraftwerk · December 3, 2025, 5:11pm

Thanks!will get one and see how easy/hard it is to set up

MacExpert · December 6, 2025, 4:53pm

I am running NEXT DNS since about a year and its great.
I was able to enable it on my Synology router so all network traffic is protected.

However sometimes you need to turn it off. The easiest way is to Switch to your Guest network that is setup with unfiltered DNS.

thombehrens · January 30, 2026, 2:04pm

A technical note for posterity:

Since getting an iPhone 17 earlier this month, I’ve had a hard time getting iCloud Private Relay and NextDNS to “play nice” together.

This was never a problem on my iPhone 15 Pro. But on the 17, having NextDNS enabled would result in the message “Your wifi network does not support Private Relay” or “Your cellular plan does not support Private Relay” when not on WiFi.

I’m not sure if this is an issue with my config, or Apple if becoming more hostile to third-party DNS providers, since I’m using it to block ads served to me by Apple’s business customers.

Regardless, I was able to restore harmony by adding these domains to my NextDNS allowlist:
*.mask.icloud.com
*.mask-h2.icloud.com
*.mask.apple-dns.net
*.mask-api.fe.apple-dns.net
*.mask-t.apple-dns.net
*.icloud.com

This tells NextDNS to let iCloud Private Relay traffic through when I’m using Safari, while still blocking ads in Apple News and elsewhere.

I saw two other domains mentioned in various troubleshooting threads:
*.apple.com on the allowlist
*.iadsdk.apple.com on the blocklist

I did NOT end up using these two; adding the former to the allowlist continued to let ads in, and adding the latter to the blocklist prevented all images from rendering in Apple News. For me, letting NextDNS default settings handle subdomains for these entries fits my needs.

I hope no one runs into this same issue! It was a bit of a headache, especially because there is a 30-90 second lag before block/allow policies take effect, so testing and debugging was fraught. So if you do face this issue, hopefully this can save you some grief

rob · February 8, 2026, 7:29am

But this means no more ad-blocking (and protection) in Safari?

(By NextDNS; a Safari extension like AdGuard can still block ads?)

thombehrens · February 8, 2026, 8:51pm

Ad blocking in Safari still works!

I also have Wipr turned on, though, so I’m not sure exactly what is covering what.