NextDns used with VPN on iPhone 12 IOS 14.6 -not working
anyone knows why any VPN when started on iPhone totally bypasses Next dns, either the profile or the app. Nothing seems to work. I trust next dns but I feel weird not knowing what is blocked or not. I already noticed that even with those vpn advertising blocks that many trackers are going through
Any ideas how to fix this? HELP!
add info: I tried with 2 different vpn providers with on or off the features for clean web or whatever they call it. I tried... Wireguard, OpenVPN UDP, IKE2
Nothing. WORSE: once you shutdown the vpn, you would think nextdns would take over... NO it is now going to whatever DNS is on your network. Going to airplane mode or shutting down WIFI or cellular doesn't work. The only way seems to reboot the iPhone. That means you're going out clear...
For ALL: I reached out to my 2 VPN providers , all based in Europe, countries with strong privacy laws.
Both mentioned that they are blocking the dns queries of nextdns for a simple reason: Nextdns is based in the USA and has complied with subpoenas. already, so letting dns traffic pass from nextdns through them would render their VPN insecure as all your dns queries would be "clear" with traffic followed in some cases etc... so we cant use nextdns and hope for privacy. Nextdns can only be can be used as anti spam in a way
lets not be paranoid nor be fools... I have now tested on IOS and MACOSX and the results for IOS are always the same. NO matter the VPN providers: Mullvadd, Surfshark, ProtonVPN, HMAVPN...I think nordvpn and expressvpn were also but my free trial ended before testing completely.
So... I upgraded one iPhone to IOS 15 beta, to see if the relay function would do anything (especially as the DNS entry is now separate). Added the profile from apple.nextdns.io.
When relay is off... nextdns seems to work. Once the relay is enabled, however, again same story, nextdns doesn't work. Actually the dns used shifts to cloudflare -most of the time during relay. This is like 14.6, beta 14.7. Difference is when you turn the relay off, nextdns takes over. no need to reboot. But you use a VPN... same as previous generations of IOS, reboot is needed.
Shifting to the app instead of profile, doesn't help when you have been using a VPN. it still uses the DNS of the provider whatever gave you that IP. Actually even after I shutdown my VPN, shutdown wifi and go on cellular.. or any variation like airplane and then back, Nextdns is completely sidelined. it now uses any dns that comes with whoever is giving me an IP. Tried cloud flare app (1111) but no warp. Same as next dns it seems. So either the IOS or the VPN apps manage to remove the use of encrypted 3rd party dns.
I have to reboot the iPhones (no matter the IOS) to make cellular or Wifi use nextdns again. So every time I use a VPN, reboot. I asked support and each time they told me they do not want to have clients use another DNS provider, and said it will not work (or a variation thereof with some privacy sprinkled)
However, I remember months ago nextdns was able to continue working, so clearly things have changed
No issues on Mac if you enable the next dns app after the VPN is connected. (IKE2 or open VPN) but that may change
Has NextDNS reviewed why this happens and how to counter that? I have to use multiple VPNs some at work some privately, and don't need to be running them constantly, and the privacy lists of nextdns are critical for me (less spams) some explanation would be great. I will test cloud flare 1111 more extensively also.
I now decided to shell out $10 for the adguard on iPhone and other apple devices. I noticed playing with the setting that it actually manages to recover after a VPN on a specific wifi or cellular. The issues seems to be that if you engage the VPN on either cellular or a specific which, the VPn disables nextdns but when it cuts, nextdns doesn't re-engage and reasserts itself. Adguard app seem (most of the time 85%) to reengage and establish himself. Shifting to another wifi also forces a reengage of adguard. There is an option to create a pseudo vpn, which seems to help.
Looks like adguard is a win especially if you purchase the argued Pro version with about 10$ one shot (no subscription)
I wish Nextdns would fix its software or approach on apple devices, because otherwise its not going to go far, but they don't even acknowledge the issue, and people think they are protected but are not