TL;DR
The author tested several DNS options and settled on NextDNS, a relatively new resolver that meets requirements for low latency, secure DNS protocols, device support and DNS-level ad/tracker blocking. The service is in beta, offers apps and a CLI, provides per-device statistics and filtering, and has shown low latency and no observed outages during three months of use.
What happened
After evaluating Pi-hole, Cloudflare 1.1.1.1 and AdGuard DNS, the author began using NextDNS and found it satisfied his checklist: low latency, reliability, global availability, support for secure DNS (DoH and DoT), DNS-level ad and tracker blocking, configurability and usage statistics. NextDNS is a young service founded in May 2019 by two French founders registered in Delaware; the author reports using it for about three months and describes it as still in beta. He measured about 3 ms latency from his home to a Paris endpoint and did not notice outages during his monitoring window. NextDNS publishes client apps for major platforms and a cross-platform CLI that can auto-activate the resolver locally, report client info, log queries, and forward specific domains to internal IPs (split-horizon). The author notes the CLI initially lacked local caching but an update added caching support.
Why it matters
- DNS-level blocking can reduce tracking and many ads before web rendering, improving privacy and page load behavior.
- Support for encrypted DNS protocols (DoH/DoT) prevents cleartext resolver queries and mitigates ISP-level monitoring or tampering.
- Cross-device clients and a local CLI let users apply consistent DNS policies across mobile and desktop environments without constant VPNs.
- Per-device statistics and configurable blocking rules give users visibility and control over DNS traffic.
Key facts
- NextDNS was founded in May 2019 and is registered in Delaware; founders are two French engineers.
- The service is described by the author as rapidly evolving and was in beta at time of writing.
- Supports classic DNS plus encrypted protocols: DNS-over-HTTPS (DoH) and DNS-over-TLS (DoT); DNSCrypt is also mentioned as a secure option in general.
- Client apps are available for Android, iOS, Windows and macOS; a Chrome extension exists for ChromeOS and a cross-platform CLI is provided.
- Author measured about 3 ms latency to a Paris NextDNS server from home and points to ping.nextdns.io for measurements.
- No outages were observed by the author during three months of personal use and simple ICMP monitoring.
- NextDNS offers per-device statistics and logging; device identification can be set via the endpoint to separate metrics.
- CLI features include auto-activation (setting resolver to localhost), reporting client info, toggling query logging, and forwarding specific domains to internal IPs (split-horizon).
- The CLI initially did not cache queries but a subsequent update added caching support.
- NextDNS can be integrated into existing recursive resolvers (example: forwarders in Unbound) to centralize logs and stats for servers.
What to watch next
- Pricing details and tiers — not confirmed in the source.
- Exact backbone and cloud-provider partners that underlie NextDNS’s infrastructure — not confirmed in the source.
- Ongoing beta feature rollouts and stability as the service matures (the author notes the project is rapidly evolving).
Quick glossary
- DNS-over-HTTPS (DoH): A protocol that sends DNS queries over HTTPS, encrypting them and often using port 443 to help hide DNS traffic from passive observers.
- DNS-over-TLS (DoT): A protocol that wraps DNS queries in a TLS session, encrypting DNS traffic and using a dedicated port (853) for secure resolver communication.
- Anycast: A routing technique where the same IP address is announced from multiple locations; traffic goes to the nearest instance, reducing latency for distributed services.
- Pi-hole: Open-source software that runs on a local network to filter DNS queries and block ads and trackers at the DNS level; typically deployed at home.
- Split-horizon DNS: A configuration that returns different DNS answers depending on the requester or network context — for example forwarding some queries to private internal addresses.
Reader FAQ
Does NextDNS block ads and trackers?
Yes — the author uses NextDNS for DNS-level blocking of ads and trackers.
Does NextDNS support encrypted DNS?
Yes. The service supports DNS-over-HTTPS and DNS-over-TLS; the author also references DNSCrypt as a secure option.
Is NextDNS reliable and fast?
The author reports about 3 ms to a Paris endpoint and no observed outages during three months of use, though broader reliability metrics are not provided.
Do I need to use a VPN to get the same setup everywhere?
No. The author selected NextDNS specifically to avoid needing a VPN to get consistent DNS filtering across devices.
What does NextDNS cost?
Not confirmed in the source.
NextDNS is my new favourite DNS service 10 April 2020 · 2258 words · 11 mins privacy featured security network dns Table of Contents Pi-Hole: sorry, I do leave home…
Sources
- NextDNS is my new favourite DNS service · Stan's blog
- NextDNS – The new firewall for the modern Internet
- NextDNS is my new favourite DNS service | Hacker News
- NextDNS pros and cons
Related posts
- Sauron hires Sonos product exec as CEO to lead high-end home security push
- Private equity is ending private ownership: housing first, now PCs
- Samsung’s 2026 audio lineup pairs refined design with upgraded features