DOH over VPN

Calvin_Hobbes
2 yrs ago
5replies

I’ll say right up front, I’ve made no attempt to use NextDNS or any specific DNS provider over a VPN.

However, I see many posts (here and elsewhere) from people asking how to use NextDNS with various VPN services.

I have to ask….doesn’t DOH make it so all DNS traffic appears as https traffic and therefore indistinguishable from other https traffic? Wouldn’t it also be difficult for a VPN provider to prevent users from using DOH to connect to a DNS server of their choice?

I know I should just try it for myself but I’ve never really felt the need to use a VPN. I have been considering trying a few VPN services, but not if that makes it difficult to use NextDNS.

Please, what am I missing? Is there some underlying reason that it’s difficult to use NextDNS with a VPN?

- R_P_M
- 2 yrs ago
- Reported - view
In theory, yes it should work but it all depends on the implementation.

If you can capture the DNS requests before going through the VPN, you’re all good. Not all devices can be set up to go this route.

DNS>DoH proxy>VPN>Internet
- Hey
- 2 yrs ago
- Reported - view
It's never been difficult for me on my end with Windows 11 and Android 10/11/12 (used all of them.)

For Android Private DNS takes over and usually everything is perfect. But there are some VPNs that have weird implementations that cause leaking like behavior, someone had messaged me and a VPN that they use was giving them the VPNs DNS instead of NextDNS in leak tests, NextDNS was still fingering just fine, but it was just an odd behavior that didn't happen with my testing of other VPNs.

There is also one VPN that can bypass any DNS settings applied, from Private DNS to NextDNS Windows app.

So I'd say use their trial first then if it's not having issues, go with their plan but don't go long term without actually using it.

I'd also advise asking yourself if you would use it and for how long. Most people barely use it but since the VPNs make their lon term plans far more appealing, they end up with 2+ years of a service that they'll rarely use.
- Calvin_Hobbes
- 2 yrs ago
- Reported - view
Thank you. It appears to me that most of the vpn services require their client to be used rather than a generic client. I use iPadOS for regular browsing, so it’s really a matter of finding a vpn client that allows custom dns?

I’ve been looking at support and help pages from ProtonVPN, Mullvad, PIA. Looks like Mullvad says to use custom dns, use ipv6 (because it contains config id within the address) making it reasonably straightforward.

@hey, yes…I noticed many vpns offer great prices if sign up for 2 years!

@r_p_m thanks for the dns proxy tip. I hadn’t considered that.

time to start at experimenting I guess

thanks
- Hey
  
  2 yrs ago
  
  Reported - view
  Calvin Hobbes Sorry for the grammar errors since I'm getting used to a new Phone/Keyboard but, I didn't mean to say the 2 year plans were a good deal.
  
  I mean it as, people try a VPN and end up paying for it then barely ever using it but having a subscription that's going to end up being active for 2 years. I'd just try to avoid that, if you find it useful great, if not, I 2 years isn't a little bit of time.
  
  Also, I'd read up on the entire Apple and VPNs being problematic issue. Pretty sure there is a thing where some things can bypass the VPN on iOS and it's not fixed so somehow Private Relay ends up working a tiny bit better than VPNs because of that silly issue, this is just what I've heard from a few videos though, not an iOS user but wanted to let you know.
- Calvin_Hobbes
  
  2 yrs ago
  
  Reported - view
  Hey I completely understood what you meant….people sign up for 2 years but stop using it shortly after. They likely count on that.
  
  ill be trying the various services, one month at a time, until figuring out which one works for my use.
  
  thanks for everything you do

Content aside

2 yrs agoLast active
5Replies
394Views
3 Following

DOH over VPN

5 replies

Content aside

Home

Tags