Next DNS

E24

They do two different things. In not a matter of which one is better, it depends on what you're trying to accomplish.

The VPN hides your true IP address, it does your DNS request, and it encrypts your traffic.

What you're doing is using nextDNS to handle the DNS requests instead of your VPN. Running the VPN still encrypts the traffic and hides your real IP (people will only see the IP of the VPN server you're connected to). Its just not handling your DNS requests now.

If you use no VPN or DNS service, then people see your true IP address, your data is not encrypted, and your ISP (internet service provider) handles your DNS request, which means your ISP is seeing what you're doing.

The perk of nextDNS is that you have more control over blocklists/firewall settings (things you can't change in some VPN's). The real perk is that you can view live logs and block telemetry, which you can't do with your VPN (I'll assume). This is done by enabling logs, and watching a live feed of domains that are making connections and blocking what you don't want to connect (excess telemetry, tracking, etc).

Its not bad to use your VPN to handle DNS requests, but it won't allow you to set specific blocks.

I believe what @Ddismount2784 is referring to, is the more specific you make security settings, the easier you are to fingetprint. E.g., this person (although we don't know who they are) is doing this, and we can tell because they connect with very specific settings that are specific to them (browser settings, VPN/DNS settings, etc) (dismount correct me if I'm wrong).

[deleted] fair enough, I mentioned you in the above comment. That's what you're referring to regarding fingerprinting right? I'm no expert on this shit.

Lolsrslybro We're running circles here. I asked what OP is trying to achieve. My guess OP doesn't know why they're using both. FYI, I love NextDNS and I've been a paid subscriber for many years, but it's not always the right tool for the job.

@E24 if you're looking to block most ads and 'trackers' on Android, then generic DNS endpoints from AdGuard, Mullvad etc should do the trick.

If you want above but with more comprehensive blocking and control, you can't go wrong with NextDNS.

If you're looking to hide your IP address from websites and your ISP you need a VPN.

If you're looking to do both (hide your traffic and block ads), you will be well served by a VPN that does content filtering (Proton, IVPN, Mullvad etc). It's both what's recommended by the project and what will give you least headache.

If for some reason you want both VPN and Encrypted DNS (such as NextDNS) you can do that too.

[deleted] It's worth noting that just using Encrypted DNS (Private DNS) can mitigate some tracking by the ISP, but it's not an alternative to using Tor or a VPN.

E24

Based on your stated goal, a VPN alone without custom DNS will be fine (IMO). The perk of custom DNS is to stop telemetry of things like apps. When you open an app there is a high probability that its connecting to the internet in multiple ways, some of those is because it has to to work, others are because its sending off telemetry about usage and other things. Some people don't want telemetry sent off, those people use something like nextDNS to really tighten down. It doesn't sound like you are concerned about this, which is no big deal.

Your VPN will put your traffic through an encrypted tunnel, it will handle your DNS requests, and will hide your IP. If that's all you're looking for (which that seems to be the case) then just stick with the VPN only.

E24 then use nextDNS.

I will tell you you have to research domains, because you won't know what you're looking at. Its a game of wtf is that and what does it do when you see random domain request popping up.

The best way to check is close all apps, run DNS logs, open one app at a time, analyze the logs and figure out what is and isn't necessary for the app to function. Block everything else. You'll do this by searching the domain online and seeing if theyre analytics or whatever unnecessary garbletigoop.