Private DNS AND/OR VPN

Ingonimania

Hi folks, newbie here, case is that i read a lot about the importance of using a provate DNS like QUAD9. Other say tha it is more important to use a VPN llike PROTON.
Currently im using 2 profiles in Graphene OS, the MAIN PROFIL which i only use to install apps and the DAILY one which i use a lot more with many of the daily usage apps.
My configuration is: MAIN PROFILE has private DNS activated: dns.quad9.net and my DAILY profile has in addition a Proton VPN activated.
Does that mean that in my MAIN profile the traffic goes thought the private DNS and in the DAILY profile the traffic run throught private DNS & VPN?
I read a lot that its better to choose either one or the other...
WHATS THE BEST WAY TO USE THEM WITHOUT GETTING EXPOSED?
(i use Pixel 9 pro)
Thanks

Litmus9

Ingonimania

In order to provide answers to your questions, I will be quoting the GrapheneOS FAQ.

Does that mean that in my MAIN profile the traffic goes thought the private DNS and in the DAILY profile the traffic run throught private DNS & VPN?

Yes. Private DNS takes precedence over VPN-provided DNS.

I read a lot that its better to choose either one or the other...

If you're using a VPN, we recommended against having a Private DNS server configured. If you want to filter traffic while using a VPN, use a VPN service app able to do both such as RethinkDNS. Private DNS also interacts strangely with multiple profiles since each profile has their own VPN configuration but Private DNS is global. Either leave Private DNS on the default Automatic mode or set it to disabled when using VPNs.

WHATS THE BEST WAY TO USE THEM WITHOUT GETTING EXPOSED?

Using the network-provided DNS servers is the best way to blend in with other users. Network and web sites can fingerprint and track users based on a non-default DNS configuration. Our recommendation for general purpose usage is to use the network-provided DNS servers.

Apps and web sites can detect the configured DNS servers by generating random subdomains resolved by querying their authoritative DNS server. This can be used as part of fingerprinting users. If you're using a VPN, you should consider using the standard DNS service provided by the VPN service to avoid standing out from other users.

Ingonimania

Litmus9 OK, thanks a lot. I will use the internet providers standard DNS and the en each profile ii will use a VPN, i have proton, hope that is ok. Thanks a lot, im still learning.

Litmus9

Ingonimania i have proton, hope that is ok

If you're asking whether Proton VPN is a good choice, it might be, depending on certain criteria. Proton VPN lacks the same level of transparency and accuracy that Mullvad and IVPN demonstrate in their representation of their VPN services. Additionally, the business practices of Mullvad and IVPN are more ethical and honest than those of Proton VPN.

You may also want to search for 'Proton VPN' in this forum to see what other GrapheneOS users have to say about it.

That said, please remember that the only VPN apps recommended in the GrapheneOS FAQ are the official WireGuard app and the official Mullvad app.

Litmus9

Ingonimania Thanks a lot, im still learning

You're welcome. As you're still learning, have you considered whether you need a VPN? This website might help you make that decision. I bring this up because tests have revealed that some VPN marketing can be misleading, and if you take it at face value, you might think you have more protection than you do. It's essential to understand the benefits and limitations of using a VPN.