Setting Up Next DNS

You might ask: “Don’t I already have DNS?”. The short answer is “Yes”, in most cases your ISP (the company that you buy your internet from) does give you a DNS which they own and can see and sell all of your data to third-party companies. This gives your ISP a lot of knowledge about you that you might not want them to have: Where you go, what you search, and who you talk to. There is a much more private and secure way to take control of your DNS (Domain Name System – like the Internet’s phone book). It is a cloud service called Next DNS. We will be setting up Next DNS and learning what advantages it offers.

Privacy and Control

Next DNS is a cloud service you can configure from your browser. It offers free and paid tiers, but the free tier suits most people. If you want to help them out, it is only about $20 a year.

 

Once you set up your account the first page that you see is the setup page. Scroll down to “setup guide”. Here you can see that there are many devices that you can configure. Just follow the steps for your device. Many of them have installer programs that make it simple. Once you do that you will see a green checkmark in the “linked IP” field.

NextDNS is very configurable and you can tailor it to your needs and those of your family. I am going to go through the pages where you can modify things.

 

NextDNS – Security Page

 

After you set up your account, you can start to make it your own. The first place is the “Security Tab”. This is where we are going to start filtering out all of the bad stuff before we download it.

Choices

• Threat Intelligence Feeds – This uses real-time threat intelligence to stop malware and other things and will stop you from seeing or downloading things that could be harmful. Turn this ON
• AI-Driven Threat Detection — This is officially in Beta, but it works very well in most cases. Give it a try and see how it works for you. I like it.
• Google Safe Browsing — This is for malware and phishing domains. Unlike the one that comes with your browser, this one does not associate your public IP address with threats and does not allow bypassing the block. Turn this ON.
• Cryptojacking Protection — If you do this on your router, those IOT devices (or any others) won’t get hijacked to eat up your bandwidth with traffic if they are or get infected. To be safe, turn this ON.
• DNS Rebinding Protection — Click this “ON” to prevent that.
• IDN Homograph Attacks Protection — It is best to turn this on with all of the problems with Russian hacker groups out there. Click this one “ON“.
• Typosquatting Protection — There are malicious domains out there that mimic the real sites that are there and popular. If you mistype the URL in the address bar, you may encounter this. To prevent that from happening click the “ON” slider.
• Domain Generation Algorithms (DGAs) Protection — Block domains generated by Domain Generation Algorithms (DGAs) are seen in various families of malware that can be used as rendezvous points with their command and control servers thus cutting them off from doing anything. Click this “ON“.
• Block Newly Registered Domains (NRDs) — If you have or are planning to register a new domain and want to work on it, then leave this “OFF“. If you have no plans to do that you may choose to turn it “ON“.
• Block Dynamic DNS Hostnames — This is still in BETA, so you may wish to leave it “OFF”.
• Block Parked Domains — Parked domains are single-page websites often laden with ads and devoid of any value. Click this “ON”.

 

NextDNS – Privacy Page

This is where you can start to filter out and customize what gets to your computing devices and electronics. The important things for you are Blocklists,
Native Tracking Protection, Block Disguised Third-Party Trackers.

• Blocklists — Click on “Add a blocklist“. There are a lot of choices there. It is best to start with a simple one such as “NextDNS Ads & Trackers Blocklist” and see how things work. If you are satisfied keep it there, if not there are more to choose from.
• Native Tracking Protection —  Still in BETA, but it seems to work well. What this does is help out the operating systems you have and protect your privacy. Choose the various things you have in your home.
• Block Disguised Third-Party Trackers — Blocks disguised third-party trackers. This is a good one and should be turned “ON“.

 

NextDNS – Parental Controls Page

I would suggest that you do this in a separate account. Duplicate what you have on the one for your network, but add things that you feel are appropriate for your family. You may wish to have one account for younger children and one for teens.

 

NextDNS – Deny List Page

Denying a domain will automatically deny all its subdomains.

NextDNS – Allow List Page

Allowing a domain will automatically allow all its subdomains. Allowing takes precedence over everything else, including security features.

 

 

NextDNS – Analytics Page

If you have logging turned on (usually I only do this during setup or if I am troubleshooting) you will have statistics on this page.

 

 

NextDNS – Logs Page

This is a great feature to turn on when you are just starting out. It lets you see what your devices are doing and where they may be running into problems. It is also great for troubleshooting.

 

 

NextDNS – Settings Page

You can name your profile, enable logs, set a block page, speed up your performance, and even duplicate your settings.

 

Conclusion

I have used Next DNS for several years and it is one of the best providers that I have found. They don’t sponsor or contribute to this site, so you are getting an unbiased opinion here (rare in today’s world). I urge you to give them a try. With all of the things that are stacked against us this is one of the easiest ways to filter much of the things out before they show up. Less things to deal with gives you an easier threat landscape to deal with by other measures.

---