NextDNS Setup Guide

Setting up NextDNS Profile

1. Sign up and Log In

2. In the dashboard, go to the Setup tab

• This will show you what IP addresses you will use to point your devices to NextDNS.

3. In the dashboard, go to the Security tab

1. Check Use Threat Intelligence Feeds
2. Check Enable AI-Driven Threat Detection
3. Uncheck Google Safe Browsing - it's been known to cause false positives
4. Check Cryptojacking Protection
5. Check Enable Homograph Attacks Protection
6. Check Enable Typosquatting Protection
7. Check Enable DGA Protection
8. Check Block Newly Registered Domains (NRDs)
9. Check Block Dynamic DNS Hostnames. I uncheck this because I use one (DuckDNS). Otherwise it should be fine to check it.
10. Check Block Parked Domains
11. Check Block Child Sexual Abuse Material

4. In the dashboard, go to the Privacy tab

1. Add Blocklists. Here are some I recommend:
   • HaGeZi - Multi NORMAL
   • Steven Black
   • AdGuard DNS filter
   • AdGuard Tracking Protection filter
   • NextDNS Ads & Trackers Blocklist
   • notracking
   • Anudeep's Blacklist for ads and trackers
2. Native Tracking Protection:
   • Add Windows, Apple, or any others that relate to devices you may own (e.g. Amazon Alexa)
3. Check Block Disguised Third-Party Trackers
4. I check Allow Affiliate & Tracking Links because unchecking it tends to break some links I need. You can always uncheck and change it if you find you need to.

5. The Denylist and Allowlist tabs

Use these as you go.

• Add things you want to block to the Denylist
• Add things you need unblocked to the Allowlist.
  • Add nextdns.io as a failsafe so that it can't block itself.

6. In the dashboard go to the last tab, the Settings tab

1. Uncheck Enable Block Page. When checked, blocked pages will redirect to a blue page telling you that it was blocked. It's been known to cause issues iwth Paypal 2FA, iCloud Private Relay, Microsoft Teams, Yahoo Mail, and some banking apps.
2. I uncheck Enable Anonymized EDNS Client Subnet. I found checking it led to much slower DNS resolution. If you don't notice any lag, leave it checked.
3. Check ✅ Cache Boost.
4. Uncheck ❌ Enable CNAME Flattening.

Setting your WiFi router to use NextDNS

Your router is already using some other DNS server for DNS resolution (i.e. the IP address of google.com is 142.251.46.174). Whatever router you have, it uses a network IP address (only accessible on your network) that allows you to access the router settings.

1. In a web browser, go to the the address for your router settings. (often 192.168.1.1 or 192.168.0.1)
2. Find the DNS settings.
3. Set the DNS servers to the two addresses NextDNS provides at my.nextdns.io (for example, 45.90.xx.xx).
4. Save the settings.

Configuring iPhone to use NextDNS

1. Make sure you have already set up a NextDNS account and configured the basics above.
2. Use their Apple Configuration Profile Generator to export the configuration file. You can specify networks you don't want to use NextDNS with (e.g. your home WiFi network if it has different filtered DNS you want to use)
3. Send to your iPhone. I texted it to myself.
4. Open it on the iPhone and it will ask you to confirm importing the settings.
5. Now NextDNS should filter all incoming traffic when your smartphone is out in the world.