0

NextDNS & VPN on BigSur

Hi!

I think it's known that NextDNS & VPNs are troublesome to setup. On Android it's easy, on iOS it's possible in combination with Adguard Pro, but on MacOS it stopped working since the last update.  I tried the profile, but it does nothing - only shows up deactivated in network settings, When I activate it manually, it just switches to "not running". (tried to re-install the profile and activate, but still not working)

When I use the app, I previously had to deactivate my VPN, connect and then activate DNS. This worked since the Big Sur Beta and also in the official release but stopped working since the last update. The moment my VPN connects, the nextDNS settings get ignored.

I'm out of options now, and have to decide if I want to use DNS or VPN.

Any other options? I think I tried everything possible. Still can't figure out why the native profile does nothing at all though? 

Thanks!

12replies Oldest first
  • Oldest first
  • Newest first
  • Active threads
  • Popular
  • It's in Apple's hands. We notified them, they are aware of the issue, they need to decide what's the best behavior for their OS.

    Like
      • Atmos
      • Atmos
      • 6 mths ago
      • Reported - view

      Olivier Poitrey got it, thanks! But shouldn't the macOS profile still work? So you're saying that I'm not the only one for whom the profile doesn't work?

      Like
      • arun
      • arun
      • 5 mths ago
      • Reported - view

      Atmos The profile works fine for me without installing it as a VPN. Is it possible that you have another network filtering app like Little Snitch? I had to turn it off for NextDNS profile to work.

      Like
      • Atmos
      • Atmos
      • 5 mths ago
      • Reported - view

      arun Yeah, I had Kaspersky running, that uses network filters. By the way, I also got a VPN running with NextDNS by now! I've done the impossible! 😄After trying dozens of different VPNs, the only one that works on MacOS together with NextDNS is PrivateInternetAccess. It's the only client, that allows to  "use existing DNS" in the DNS settings of the PIA client and magically it works! So it may after all be a problem that can be undone by VPN providers if they allow their Pro-users to use settings of their own choice.

      Like
      • Roy
      • Roy
      • 5 mths ago
      • Reported - view

      Atmos Great on how to get PIA to work with NextDNS using the "existing DNS".  Have you a way to getting them to work together on mobile?

      Like
      • Atmos
      • Atmos
      • 5 mths ago
      • Reported - view

      Roy On Android it's easy with the private DNS. On iOS you have to use Adguard Pro, set NextDNS in the app as DNS filter, then use IKEv2 for the VPN. This way you can have 2 tunnels at the same time, because IKEv2 is in another VPN category than the DNS filter (that runs over https). I use Surfshark on Android/iOS though and only PIA on macOS. The Surfshark client worked on macOS too, but since the last update it redirects to their own DNS again. Hope that helps! 

      Like
      • Roy
      • Roy
      • 5 mths ago
      • 1
      • Reported - view

      Atmos Thanks for the update.

      Thank you.  

      I purchased and installed the Adguard Pro on iPad and configured the DNS Server settings using the DNS-over-HTTPS from the NextDNS setup.  Turned OFF the Safari protection.  Then fired up the PIA VPN in IEKv2 and it works fine.

      What is odd, (maybe not) is that the logs show the ISP IP address not the VPN IP address for the DNS?

      Kinda defeats the purpose of the VPN if the DNS are going to the ISP?

      Like 1
      • Roy
      • Roy
      • 5 mths ago
      • Reported - view

      Roy Just a note, on the desktop when using the NextDNS config, "existing" DNS in PIA, the IP address for the DNS lookup is the VPN IP.   As mentioned above, for some reason, the IP address of the DNS lookup on the Adguard / PIA setup using IEKv2 is the ISP IP, not the VPN IP.  Thx

      Like
      • Atmos
      • Atmos
      • 5 mths ago
      • Reported - view

      Roy with the Adguard setup you basically are creating a split tunnel. DNS requests go to NextDNS and the actual web traffic goes via the VPN. Your ISP won't see any of the traffic since both are encrypted. Yes, it would be great if the DNS requests would also be directed via the VPN tunnel, but that's not possible currently because iOS doesn't allow it for dubious reasons.

      Like
  • Profile should work without a VPN.

    Like
  • Same issue when using Little Snitch firewall. I found that if you deactivate the Little Snitch network filter then it is possible to enable NextDNS, but can't have both active at the same time 😒

    Like
      • arun
      • arun
      • 5 mths ago
      • Reported - view

      Adam Williams Yup! The same happens at my end. Apple seems to be allowing only one network filtering app at the moment.

      Like
Like Follow
  • 5 mths agoLast active
  • 12Replies
  • 422Views
  • 5 Following