Which setup type to use?
There are different ways to setup NextDNS on your device or router. Each solution has pros and cons.
IPv4 with Link IP
This is the most basic and most compatible way to setup NextDNS. It consists of changing the DNS settings of you local system or your router. In this mode, you need to link your IP with your configuration. This can be problematic if your IP is dynamic, or if you ISP is using carrier grade NAT. It is also not suitable for mobile devices for which it is rarely possible to change DNS settings for cellular.
Did you know?
- If your IP is dynamic, you can use DDNS or call the provided update URL from a script to automatically update the linked IP.
- Each configuration has a different set of DNS IPs. This way, you can link different devices behind the same public IP with different configurations.
Pros
- Easy to setup
- Compatible with almost all OS and routers
Cons
- Requires IP linking
- Does not work with CGNAT or multi-IP setup
- Traffic is not encrypted
IPv6
Unlike IPv4, IPv6 does not require IP linking because each configuration has a globally unique IPv6. Although, IPv6 is not always supported by ISPs or routers. When possible, prefer IPv6 over IPv4.
Pros
- Easy to setup
- Does not require IP linking
Cons
- Not compatible with all ISPs or routers
- Traffic is not encrypted
DoH or DoT
DNS over HTTPS (DoH) and DNS over TLS (DoT) are two evolutions of the DNS protocol which add some welcome benefits. Both protocols are very similar, please check our article about their differences for more info.
The main advantage of those protocols is the added security, thanks to the encryption and server authentication provided by TLS (DoH is HTTPS which is itself HTTP over TLS).
Another advantage is the ability to send some additional information with the query, either via the hostname with DoT (using SNI) or via the URL path with DoH. NextDNS takes advantage of that ability to pass the configuration ID information, so IP linking is not necessary, would your network be IPv6 compatible or not.
Most modern OS nowadays are supporting encrypted DNS protocols. Check the "Setup" tab on https://my.nextdns.io for instruction on how to set it up.
Pros
- Easy to setup when supported
- Traffic is encrypted and server is authenticated
- Does not require IP linking
Cons
- Some OS or routers may not be compatible without extra software
- Depending on the OS/software, it can be harder to setup
NextDNS Apps
Because DoH and DoT are not well supported on most OS and routers, NextDNS developed application for mostly all platforms to add this ability. The NextDNS app is an obvious choice on mobile, but it is often missed that our software can also run on some routers to provide the best NextDNS experience to your entire network.
Pros
- Easy to setup
- Traffic is encrypted and server is authenticated
- Does not require IP linking
- Advanced routing / fallback mechanism
- Network wide device identification when installed on the router
Cons
- Not all routers can install a custom software
3 replies
-
The link to the article https://help.nextdns.io/en/articles/3941234-what-is-dns-over-tls-dot-and-dns-over-https-doh lead to: Page not found
I think the new link is this one: https://help.nextdns.io/t/x2hmvas/what-is-dns-over-tls-dot-dns-over-quic-doq-and-dns-over-https-doh-doh3
I want to thank you for your work and service, it makes a great impact on my life. I use it since the beta and I think it is a shame that so many people don't know or understand how great it is.
All the best.
-
Can anyone share a script to call the URL to update the IP in DDWRT?
-
Can you please provide an DOT config mechanism rather than just http through the Apple config generator? I’m only seeing https when TLS and Quic are also offered.