Which one is better? I haven't tired that yet maybe its the issue.
Next DNS
- Edited
[deleted]
- Edited
E24 Depends on what you're trying to achieve but VPN with content filtering is best of both words (eg NetShield for ProtonVPN, IVPN AntiTracker, Ad-blocking and tracker-blocking DNS service etc).
In case you're missed discussion from a couple of days ago.
- Edited
They do two different things. In not a matter of which one is better, it depends on what you're trying to accomplish.
The VPN hides your true IP address, it does your DNS request, and it encrypts your traffic.
What you're doing is using nextDNS to handle the DNS requests instead of your VPN. Running the VPN still encrypts the traffic and hides your real IP (people will only see the IP of the VPN server you're connected to). Its just not handling your DNS requests now.
If you use no VPN or DNS service, then people see your true IP address, your data is not encrypted, and your ISP (internet service provider) handles your DNS request, which means your ISP is seeing what you're doing.
The perk of nextDNS is that you have more control over blocklists/firewall settings (things you can't change in some VPN's). The real perk is that you can view live logs and block telemetry, which you can't do with your VPN (I'll assume). This is done by enabling logs, and watching a live feed of domains that are making connections and blocking what you don't want to connect (excess telemetry, tracking, etc).
Its not bad to use your VPN to handle DNS requests, but it won't allow you to set specific blocks.
I believe what @Ddismount2784 is referring to, is the more specific you make security settings, the easier you are to fingetprint. E.g., this person (although we don't know who they are) is doing this, and we can tell because they connect with very specific settings that are specific to them (browser settings, VPN/DNS settings, etc) (dismount correct me if I'm wrong).
[deleted]
Lolsrslybro Just a wild guess the OP read some reddit post somewhere recommending both for no good reason.
- Edited
[deleted] fair enough, I mentioned you in the above comment. That's what you're referring to regarding fingerprinting right? I'm no expert on this shit.
[deleted]
Lolsrslybro Its not bad to use your VPN to handle DNS requests, but it won't allow you to set specific blocks.
It's not some odd technological limitation. There's probably little to no demand for it, but options do exist.
[deleted] sure, but even with that you can't select specific domains.
[deleted]
- Edited
Lolsrslybro We're running circles here. I asked what OP is trying to achieve. My guess OP doesn't know why they're using both. FYI, I love NextDNS and I've been a paid subscriber for many years, but it's not always the right tool for the job.
[deleted]
nrt I don't want to hijack this thread with what Michael Bazzell does or doesn't do (I also haven't listened to the man in what feels like several years) other than just say there's no substitute for educating oneself.
So is using both neccesssry or not? I guess my goal is to hide my IP, encrypt my traffic, and make sure my ISP isn't constantly seeing what I'm doing :)
[deleted]
- Edited
@E24 if you're looking to block most ads and 'trackers' on Android, then generic DNS endpoints from AdGuard, Mullvad etc should do the trick.
If you want above but with more comprehensive blocking and control, you can't go wrong with NextDNS.
If you're looking to hide your IP address from websites and your ISP you need a VPN.
If you're looking to do both (hide your traffic and block ads), you will be well served by a VPN that does content filtering (Proton, IVPN, Mullvad etc). It's both what's recommended by the project and what will give you least headache.
If for some reason you want both VPN and Encrypted DNS (such as NextDNS) you can do that too.
[deleted]
- Edited
E24 So is using both neccesssry or not? I guess my goal is to hide my IP, encrypt my traffic, and make sure my ISP isn't constantly seeing what I'm doing :)
Just using a respectable VPN takes care of that, no need to mess with encrypted DNS.
OK. I'm still new to Graphene and all so what is the big difference between the two? Also is proton or mullvad better and would I have to upgrade to a paid version to do some of the things encrypted DNS would do?
[deleted]
E24 They're both recommended and have similar features. Proton's NetShield is for paid subscribers only and Mullvad doesn't have a free plan but makes its Ad-blocking available to all of its subscribers.
[deleted]
- Edited
[deleted] It's worth noting that just using Encrypted DNS (Private DNS) can mitigate some tracking by the ISP, but it's not an alternative to using Tor or a VPN.
- Edited
Based on your stated goal, a VPN alone without custom DNS will be fine (IMO). The perk of custom DNS is to stop telemetry of things like apps. When you open an app there is a high probability that its connecting to the internet in multiple ways, some of those is because it has to to work, others are because its sending off telemetry about usage and other things. Some people don't want telemetry sent off, those people use something like nextDNS to really tighten down. It doesn't sound like you are concerned about this, which is no big deal.
Your VPN will put your traffic through an encrypted tunnel, it will handle your DNS requests, and will hide your IP. If that's all you're looking for (which that seems to be the case) then just stick with the VPN only.
Lolsrslybro I don't want the telemetry either so
- Edited
E24 then use nextDNS.
I will tell you you have to research domains, because you won't know what you're looking at. Its a game of wtf is that and what does it do when you see random domain request popping up.
The best way to check is close all apps, run DNS logs, open one app at a time, analyze the logs and figure out what is and isn't necessary for the app to function. Block everything else. You'll do this by searching the domain online and seeing if theyre analytics or whatever unnecessary garbletigoop.