OCS banner and logo
Keeping clients' computers safe and profitable for over 30 years

Home Forms About Current Newsletter subscribe 
Search All Articles

Browse by Category

powered by pmc2m


Better safety with NextDNS

NextDNS offers another layer of protection for all your devices. It protects you whether you are at home, work or elsewhere. Here's how it can help protect you.

A client called me and reported that his website was hacked. I wasn't the web builder, but told him I'd take a look. When he went into his message center, he was forced to a malware site instead. He couldn't get into his message center. He was unable to access the messages his clients and potential clients were sending him. When I popped in, everything was normal. So, I figured his browser was infected. We tried to find the problem and couldn't. A different browser had the same problem. Maybe his computer? But, instead, I decided to check my NextDNS logs. They clearly showed what happened. When I went to his message center, a link tried to send me to the malware site. But NextDNS grabbed the link and smashed it, recording where it tried to send me, the time and how it knew to stop it. I was oblivious. The site worked perfectly. The malware couldn’t affect me.

This isn't the first or only time NextDNS has stopped malware attempting to grab me. This isn't to say that my antivirus might not have stopped the attack, or seeing the malware site, I'd bale, but instead, I didn't even notice the issue. NextDNS also stops a lot of ads and tracking. I've been using it for about 2 years and am pleased.

What is DNS and how can it help?

DNS stands for Domain Name server. The domain name is a name like steveshank.com or homedepot.com. However, it is a bit like saying to an Uber driver, "I want to go to Steve's house." It won't get you there. You have to have an address. The Domain name servers translate your names into addresses the computer can use. For example, a DNS server will translate steveshank.com into the address: Then your browser can visit my site.

There are some things a DNS service can do which are very helpful.
  1. Fast. Give me the results quickly.
  2. Return an accurate address.
  3. Not record every place I go for later resell.
  4. Block malicious sites.
  5. Verify that we have a secure and authenticated connection like the bank does. It prevents anyone from jumping between us. It checks that no one tampered with the address received.
There are some excellent free DNS server services and I've written a summary of them. I always choose one of these when I set up a computer, rather than relying on whoever you connect with to use their DNS service.

But NextDNS goes a thousand miles further. However, this requires some setup and some small amount of user effort. It is a firewall in the sky.

What do I do, and what do I get?

You set up an account with them. Then log in to your account and configure your settings. This setup will have an ID. There are some security options you can enable to enhance your security. Then under the privacy tab, you can choose from many block lists maintained by good Samaritans to block ads and trackers. I only subscribe to NextDNS's own list and to the WindowsSpyBlocker list which blocks many Microsoft's special Windows trackers. It also does Native tracking protection for my Windows computer and my Samsung Tablet. There are a couple more privacy settings.

The Parental Control tab offers protection from Porn, Gambling and other site categories you might wish to avoid. You could set up a different configuration for your children than for you.

Deny and Allow lists. If some site doesn't work, you can add the tracking or ad site it uses to the allow list or you could simply ban any site you want.

The Analytics tab lets you see what's happening. For example, in the last 30 days, my devices have made 177,964 queries to their DNS servers. They blocked 11,298 of them or 6.35%. That is nearly 6,000 queries a day and 376 sites blocked per day. Far and away the most common tracker was Google with 6,366 blocks this month. Followed by Microsoft and then Amazon. It explains what options did the blocking. For instance, they have a special option for disguised third-party trackers, and that blocked 334 requests. Even Facebook (185 blocked queries) and Apple (150 blocked queries) tried to track me and I don't have an account with either one.

The analytics tab can be shown cumulative or per device.

The Logs tab is a simple list of each query, where it went, the device making the query, when and whether NextDNS blocked it.

They have an app for Windows, Mac, Android and iOS. Simply install their app on each device you own, computer, phone, tablet, laptop, etc. You fill in your configuration ID and that's it.

What can and has gone wrong?

  • Something doesn't work, either a link or a website. All the programs, Desktop or mobile, have simple off buttons to turn off the blocking. This is important if you want to allow some ads or tracking in order to use a site. For example, my Paramount+ streaming service wouldn't work because it has a short advertisement before each show (on the ad-free account!) I had to turn off NextDNS to stream those ads so I could watch the program.
  • If something doesn't work, and if you have time, you can look at your logs and see what domain is getting blocked, then use the allow list for that domain.


  • Free account: If you use fewer than 300,000 queries per month, the service is free. So, at 177,964 queries per month I could be getting this service for free. However, to support them, I pay for the Pro account. The free account offers all the services, other than queries, there are no limitations.
  • Pro account: Offers you unlimited queries and devices for $19.90 per year.
  • Business and Education accounts are available for larger enterprises at $199/year for every 50 employees or 250 students.

Further reading

Date: August 2022

Creative Commons License
This article is licensed under a Creative Commons Attribution-NoDerivs 3.0 Unported License.

  Please direct questions/suggestions about website to the webmaster