Categories
Links 3

NextDNS iOS 14 build coming soon

Update: It’s available now! In my test with Mullvad app, it doesn’t work. Mullvad’s DNS takes precedence. But it works flawless with Wireguard app instead. So, that’s what I am using, with Mullvad-generated config.


You must know that I am eagerly waiting for encrypted DNS on iOS 14. Last night, I came across NextDNS devs’ comment on reddit that their test build is pending Apple’s approval!

NextDNS test build running encrypted DNS system-wide on iOS 14, without configuring a VPN tunnel

With that news, I updated my iPad to iOS 14 public beta 2. This is my first time running a beta build. Going by Twitter, this beta is stable.

I also reached out to NextDNS devs on their Intercom, to know more about this build. They let me know that it’d be announced on their reddit, when Apple approves it.

Categories
Posts

My network setup

I have written about my DNS setup in the past, but that setup is a bit outdated that I wanted to write a new post. I continue to use NextDNS as my primary DNS service. On the VPN side of things, I have switched from NordVPN to Mullvad.

I have stopped using Cloudflare Warp as well. It’s not a VPN; they disclose IP to websites hosted on Cloudflare. They do claim it’s not a VPN, and I appreciate that transparency.

Android

On Android, I use NextDNS’ DNS-over-TLS (DOT) address on Android’s private DNS setting. That setting is available on Android 9 and above. Marking my private, secure, encrypted resolver as such ensures that it works even when I am connected to Mullvad.

I use Wireguard Android client to use Mullvad, as I have noticed Mullvad’s official app to disconnect often.

Mac

Since I switched from NordVPN (they announced a Wireguard-based implementation as well!) to Mullvad, I started using Mullvad’s Wireguard implementation. It’s as simple as downloading the Wireguard configuration file from their website, and adding it to the Wireguard client app.

Since I run NextDNS CLI, I setup that local resolver address 127.0.0.1 as my choice of DNS on the Wireguard config.

As an additional measure, I use 127.0.0.1 as my resolver on Mac’s network settings as well. This ensures that NextDNS continues to be used when disconnected from Mullvad.

Taking this one step further, I have a Keyboard Maestro macro that periodically ensures that 127.0.0.1 is my Mac’s DNS resolver. This is not a great way to implement DNS leak checks, but it works for me.

Windows

Windows was an issue when I was using NordVPN. I could define NextDNS’ IPv4 addresses, but that’s not encrypted DNS. I wanted both encrypted DNS and VPN at the same time, which is when I learned about YogaDNS. It’s network interface-independent and works great with Mullvad. As usual, I use Wireguard Windows client for Mullvad.

iOS

iOS is an issue at this time. I can either use NextDNS or Mullvad. The problem is, DNS implementation is done as VPN tunnels, and when NextDNS tunnel is active, Mullvad VPN cannot be. This is changing with iOS 14!

Pi-hole

I haven’t shut down my Pi-hole yet. It’s active and running, and serves all guests that connect to my home WiFi.