10

NextDNS stops working properly when updating to iOS 17, iPadOS 17

Hi, there is something that I found out - it seems very important for all the users that have Apple devices and use your service.

After updating my Apple devices to the latest OS I noticed that the NextDNS service stopped working properly. After a lot of testing I finally found the problem and its solution too.

Updating iPhone to iOS 17 or iPadOS 17 (could be some other Apple devices too) gives users a new feature in Safari called “Advanced Tracking and Fingerprinting Protection”. Find it in Settings > Safari > Advanced. By default it’s enabled for Private browsing only, but it can be enabled for all browsing or the feature can be turned off.

If it’s enabled, a device somehow overrides the DNS server addresses that are set on the router. This then means that ad blocking and other useful NextDNS features stop working.

Simply disabling this setting solves the issue and NextDNS works normally again.

Just wanted to let you know, hope it helps someone. 

14 replies

null
    • R_P_M
    • 9 mths ago
    • Reported - view

    Thanks for sharing the solution. My iPhone is stuck on iOS 15, so not a problem for me personally but I’m sure lots of others will find it useful.

    • brigette
    • 9 mths ago
    • Reported - view

    Thank you for sharing  ❤️

    • fivetwentyseven
    • 9 mths ago
    • Reported - view

    Thank you for posting this. Unfortunately it still doesn’t work for me. I disabled that setting and restarted my phone a few times but it still says my DNS provider is my ISP even though I have it set to the iOS profile for NextDNS. 

    • jond_7
    • 9 mths ago
    • Reported - view

    Even worse -- this is complicated and doesn't seem to work as expected.

    TL;dr: Advanced Tracking seems to work with NextDNS ios app, but not network exceptions and not with router-set DNS.

    After resetting Network Settings on my iPhone and iPad for different reasons, I found my Safari Private tabs weren't showing my profile at test.nextdns.io, but normal browsing did. This traffic should have been routed through my home router with nextDNS-cli.

    When I tested "Advanced Tracking" settings, both Private Browsing and All Browsing produced the same results: my config worked on normal tabs, but private tabs showed "unconfigured" and an Akami IP for the resolver! Only "OFF" allows NextDNS to work correctly in private tabs.

    Testing on cellular, using DNS set by the NextDNS iOS app worked correctly for normal/private modes with any setting below.

    • Tom_J
    • 8 mths ago
    • Reported - view

    I have tested with latest iOS(17.0.3) with Safari, both private and normal (and with Firefox). And NextDNS is configured correct when I use the test site (http://test.nextdns.io/) and also checking via third parties. So it might have been resolved.

    • jond_7
    • 8 mths ago
    • Reported - view

    Since we don't know what your configuration is, we can't explain your results. Nevertheless, I just switched the setting over to All Traffic and NextDNS is immediately broken.

    So, no, this is not fixed.

      • Todd_Scalzott
      • 5 mths ago
      • Reported - view

       That looks like you might have an active VPN running such as Tailscale, which would funnel traffic away from NextDNS.

      • jond_7
      • 4 mths ago
      • Reported - view

      Nice try, but no Talescale or vpn...

    • fivetwentyseven
    • 8 mths ago
    • Reported - view

    Same here @jon_dagle. Except now, switching between the advanced tracking options doesn’t change anything, and being on cellular data with the next DNS app or using the configuration profile are both showing un configured for me.

      • jond_7
      • 8 mths ago
      • Reported - view

      I can't explain that. I'm not on T-Mobile, and with AT&F OFF the NextDNS app is working for me. You're not teathering from a computer are you? On Verizon, they try to force you to use Vzw's DNS when tethering. Only the NextDNS app on my Mac seems to block this. 

      Beyond that, perhaps verify the app is configured with your profile and reboot your phone. That's about all I can suggest.

      There's a discussion here about the NextDNS profile generator is broken in some ways, with a possible solution on Github.

      https://help.nextdns.io/t/g9h9gjn/issue-with-excluded-domains-options-in-apple-nextdns-io

    • GardenHulk
    • 8 mths ago
    • Reported - view

    In my case this misbehavior was caused by a Safari setting in iOS: go to settings/safari go to section privacy & security and set the „hide IP-address“ option to „tracker only“ or „off“. 

    • jond_7
    • 8 mths ago
    • Reported - view

    Thanks @gardenhulk for that suggestion. It allowed me to narrow this down a little. Hide IP Address makes no difference for me. 
    On cellular, I have no problems, but Advanced Tracking and Fingerprinting breaks NextDNS CLI running on my router. I disable the local NextDNS client on iPhone when I am on my home network so I can use local DNS.
    There is no question that changing AT&F setting stops DNS requests from going to my router. 

    • jond_7
    • 8 mths ago
    • Reported - view

    Just a brief update here: On iOS I've found that disabling "Limit IP Address Tracking" under a wi-fi network's settings allows all the Advanced Tracking and Fingerprinting Protection to work with NextDNS config via the on-device app and via the CLI running on my router. When both are enabled, it breaks my iOS device getting DNS from my router/NexDNS CLI.

    This seems like the best approach for me, since I was only having trouble use

    Despite what others have said here, using dnscheck.tools seems to confirm that other DNS servers are in use whenever ATFP is enabled on device.

    • aqua_airplane
    • 4 mths ago
    • Reported - view

    duuude, thank you 😍 you have been so much more useful and helpful than @nextdns in the past few years lol

Content aside

  • 10 Likes
  • 4 mths agoLast active
  • 14Replies
  • 3290Views
  • 11 Following