[HN Gopher] NextDNS Is Out of Beta ___________________________________________________________________ NextDNS Is Out of Beta Author : jrnkntl Score : 97 points Date : 2020-05-26 19:25 UTC (3 hours ago) (HTM) web link (nextdns.io) (TXT) w3m dump (nextdns.io) | greatjack613 wrote: | Really happy to hear this. I have loved next dns since its start, | not only for their product, but also due to the fact is is a | clean sustainable business. No need for ads, a generous free | tier, and a cheap full featured paid tiered. This is the way I | would like to see most SaaS's go | elliekelly wrote: | And they give users incredible control over their data/privacy. | Their privacy policy is fantastic[1]. | | On my dashboard I can: | | - Enable/disable logs and decide whether logs include client IP | address and domains | | - Clear logs and set log retention period (as short as 1 hour | and as long as 2 years) | | - Select the country of the servers that store my logs to the | US, EU, or Switzerland | | I really hope to see more tech companies follow their lead. | | [1] https://nextdns.io/privacy | bretthopper wrote: | I really wanted to like and use NextDNS but my latency was ~200ms | vs maybe 10-40ms for my ISP resolver. I'm fine with paying a bit | of a latency price for the extra features and privacy, but not | that much. And I'm located in Toronto, not somewhere remote. | nextdns wrote: | Looks like a case of bad anycast routing, as we have a PoP in | Toronto! It happens and is usually easily fixable, can you talk | to us via the chat on our website (or at support@nextdns.io)? | | A map of our network for anyone interested: | | https://i.imgur.com/2uenEAZ.png | dewey wrote: | What's the difference between using the macOS app or just setting | the DNS on a router level? Just the attribution to a specific | device in the dashboard? I couldn't figure that out by reading | the (actually very well written) FAQ. | nextdns wrote: | - Encrypted DNS (DNS-over-HTTPS) | | - Ideal routing (low DNS latency) | | - Bypass DNS-level censorship (inside a country, from your | hotel Internet provider, your school, etc.) | | - Being able to identify your device in the logs (if you choose | to) | | - Hardened Privacy Mode (if you are into that) | | Edit: this goes for all our apps | (iOS/Android/macOS/Windows/Router client), not just macOS. | ryan-allen wrote: | The Windows setup doesn't like Windows 10 on ARM, it couldn't | install the TAL driver. Very edge case I guess, I'm going to | install on x86 when I get home :) | dewey wrote: | That's very helpful, thanks! | ianmcgowan wrote: | I literally (not figuratively) setup NextDNS yesterday and so | far it's been great. The documentation is awesome, and love | the features available. The only mild feedback I have is that | the "Setup Guide" doesn't provide enough context about what's | going on, and the implications of setting up on my PC vs | mobile device vs router. It says: | | "Follow the instructions below to set up NextDNS on your | device, browser or router." | | A couple more sentences there would be super helpful.. | PascLeRasc wrote: | "Try it now. No sign up required" | | I love that phrase. This looks like a fantastic service! | lucasverra wrote: | It is, been using it since multiple months. I have no more ads | on my iphone now, for free. The dns request pass throught | Switzerland and i feel i have 007 level privacy. sweet !! | buildbot wrote: | I trialed nextDNS based on other people talking about it here, | and have really liked it - it's really awesome to have an always | on, dns-over-https solution for every device. I think it's really | worth the 20$ per year, just for the slick ui and not having to | manage a pihole somewhere. | 40four wrote: | I was not aware of this service before, but I'm very | interested! The price seems very reasonable, and as you say, | not managing a pi-hole device is very appealing. I have tried | multiple times to setup pi-hole on a dev board on my home | network, and could never get it to work properly so I gave up. | k__ wrote: | I like it, but it's sad that I have to run an extra VPN app on my | Android because Xiaomi doesn't allow me to configure private DNS. | nextdns wrote: | It's a "fake" VPN, it only captures the DNS traffic (that's | just the cleanest/most efficient way to do it). | admax88q wrote: | What I don't get about DNS, is why doesnt every device just run | its own recursive caching resolver. Why ask ISPs and hotspot | providers to resolve your requests? | | What would be the downside outisde of corporate networks? | netcyrax wrote: | But missing the point. If I am worried about privacy from cloud | players, why to trust another cloud player? | | I would setup my own Pi-Hole if I wanted true privacy. | | Missing something? | bad_user wrote: | I'm more worried for my local ISP selling my browsing history, | or exposing it due to incompetence, because something like that | already happened and nowadays I'm worried they send that data | to local authorities too. | | The "cloud players" you're worried of are big targets and the | law protects me, since we have the GDPR and the EU is trigger | happy in giving fines to big companies. Also my data is not | that useful right now to a US company. | | Also the ad blockers for iOS Safari don't work well and I use | iOS Firefox anyway, which can't use Safari's content blockers. | So I'll take any help in blocking ads I can get. | | This will also be valuable for doing some content filtering for | my son, without installing anti-virus crap on his devices. | | It really depends on your threat model. | rsync wrote: | "But missing the point. If I am worried about privacy from | cloud players, why to trust another cloud player?" | | The workflow I am (not quite finished) setting up is as follows | - I run a caching, recursive nameserver (unbound) in my own | colo space. That DNS server, not me or my devices, is the | nextDNS client. | | Then I set all of my own networks and devices to use my | (unbound) DNS server. | | My goal is to receive all of the benefits of a paid nextdns | account, but on the nextdns side, all they see is a single, | fixed IP, in a fixed location, owned by a corporate entity, | doing a bunch of DNS queries. | | In fact, I am a bit worried about this exact setup because | although I am using this for my own, personal use, consistent | with their expectations, I could just as easily be a full-blown | ISP passing through my nameservice to nextDNS ... how do they | deal with that ? | | Do they care ? | cj wrote: | 70% of HN readers probably don't have the technical knowledge | (or hardware on hand) to set up pi-hole without investing 10+ | hours. | | For those of us with a raspberry pi or intel nuc on hand, sure, | it only takes 30 minutes. | | This service is for people who want to kill ads at the DNS | level without dealing with the hardware / setup of pihole. | | Also, not many people are going to bother setting up a VPN to | access their pihole DNS when traveling or on cellular, which | makes NextDNS attractive. | | The other argument is "just use ublock matrix". The counter- | argument is it doesn't block native app ads / tracking. (One of | the #1 blocked domains on my pihole is from Dashlane's MacOS | app, constantly wanting to phone home) | buildbot wrote: | You aren't missing anything, your setup would be more private. | | There is a valid niche between no privacy and completely self | hosted dns-over https, that a service like nextdns solves well. | Just as Apple solves a by default more secure yet still not | without flaws phone, or how using a vpn provider is a midpoint | between a self hosted vpn and no vpn. I think the privacy trade | off here is good for many. | noodlesUK wrote: | Whilst I completely agree with your comment, I have a nit to | pick about the self hosted VPN part. What commercial VPN | providers sell is _plausible deniability_ through multiple | users having access to the same set of endpoints. A self | hosted VPN does not provide that. If I have a server | somewhere and route my traffic through it, that server doing | something can easily be tied to _me_ doing something. Hence | why you probably shouldn't self host a VPN. Now, if you're | only afraid of your ISP or neighbours snooping, then a self | hosted VPN makes sense. If you're afraid of advertisers or | the MPAA, then a commercial VPN makes sense. | ianmcgowan wrote: | They're pretty upfront about this in the excellent | documentation: | https://help.nextdns.io/en/articles/3941241-what-is-the-adva... | | """ To be fair, there are also some advantages of using Pi- | hole(r) over NextDNS: | | 1) You know who runs it. We can't ask you to trust us more than | yourself. We can provide all the guarantees you want, show who | we are and make promises, it is understandably easier to trust | a solution you manage yourself. Keep in mind though, that all | your unblocked DNS queries are still visible by your upstream | DNS. So there is still someone you need to trust with your | data. | | 2) It's free with no limits. NextDNS is cheap, very cheap, but | it's still a paid service if you use it over a certain limit. | Pi-hole(r) is free to use. You still have to pay about $35 for | a Raspberry Pi + an SD card, which is equivalent to several | years of NextDNS subscription. You should also consider | donating to the Pi-hole(r) project if you use their solution. | After a few years though, yes, Pi-hole(r) should become less | expensive than NextDNS. """ | halfmatthalfcat wrote: | How do you block unwanted DNS requests outside of the Pi-Hole's | radius (e.g. Home Network)? If I'm on mobile, NextDNS let's you | disable on user specified WiFi networks and then re-enables | when you leave range. | | NextDNS can also be used as a fallback if your Pi goes down for | whatever reason too. Might as well have options in this space. | bauerd wrote: | Dynamic DNS and a redundant Pi-Hole setup | moreorless wrote: | VPNs are generally pretty easy to setup these days. If | redundancy is needed, can always run it on a cheap VPS | provider. | chickenpotpie wrote: | Am I alone in the feeling that a lot of privacy related | solutions are just paying for a promise? For example, a VPN can | record all my requests, they just promise not to and I can't | verify it. | dewey wrote: | You are not, at some point you'll just have to trust someone. | Just like that the app you submitted to the App Store is the | same one you are downloading and hasn't been tampered with. | | As always it's a matter of tradeoffs, if you just don't want | to get tracked by ads it's probably a good solution. If you | are afraid of some nation state trying to track you down, | then probably not. | m-p-3 wrote: | I'm a fan of their service, and because most browsers support | DNS-over-HTTPS natively I can put the configuration right into my | browser settings and have the same level of DNS filtering even | when I'm outside of my home network without VPN. | nextdns wrote: | Google Chrome (and some Chromium forks) will also be supporting | custom DNS-over-HTTPS providers very soon (it's already being | rolled out to some users). | Already__Taken wrote: | It's in my chrome://flags/#dns-over-https currently | 81.0.4044.138 (Official Build) (64-bit) | nextdns wrote: | I meant this: | | https://i.imgur.com/tZh6p0x.png | | As far as we know, it's slowly being rolled out and not | behind any flag (unfortunately). | firloop wrote: | Signed up for a year as soon as I got the email announcement. | Love NextDNS and excited to see where they go -- particularly | would love some sort of time-based scheduling or API for rule | automations. | Gimpei wrote: | I've been using NextDNS and really enjoy it. I've found it a lot | easier to manage than pihole. Only issue I have is that it | doesn't seem to work with the Economist. | foob4r wrote: | That's awesome and I've tried nextdns and loved it. But - and | this is just me - I just don't trust anyone to delete my logs or | not log in the first place. | | That's why I'll probably not move off of my pihole | bad_user wrote: | This is cool. | | NextDNS appears to implement DNS over HTTPs (DoH) and Firefox | ships with it as an option, next to Cloudflare. | | UPDATE -- Took it for a test drive: | | * Logs are concerning, but look good for optimizing the traffic | and notice odd communications; I already noticed telemetry sent | by my browser that I switched off | | * Ad blocking seems to work, not as good as desktop uBlock | Origin, but I'll take anything for my iPhone | | * Latency is around 30 - 100 msec, which seems a bit high? | (server I connect to seems to be 400 km away) | pvg wrote: | A year to the day: https://news.ycombinator.com/item?id=20012687 | | Making this a perfect snee-less dupe! ___________________________________________________________________ (page generated 2020-05-26 23:00 UTC)