[HOWTO] Setup NextDNS if you want add/tracker blocking + VPN

Nextdns is a private DNS provider. You can connect over TLS so that means no-one can see your DNS queries. It can be used in combination with a 3rd party VPN for example ProtonVPN, PIA etc. The goal is to have add/tracker blocking plus 3rd party VPN.

How to setup your phone to use NextDNS?

Online:

• Go to nextdns.io
  

• Click on Sign up

• Enter your email and set a password
  

• Go to Privacy and click “Add a blocklist”
  

• Add the block lists you like (I recommend NextDNS Recommended Ads & Trackers Blocklist ,No Google, No Facebook and oisd)
  

  

  image797×96 10 KB

• If you add the “No Google” list and want to watch youtube (of course using NewPipe) add this in the Allowlist:
  

  

  image1125×421 27.3 KB

• An example of deny list:

• Disable logs (Settings):
  

  

  image877×439 20.1 KB
  
  If you want to see what’s is blocked you can turn it on temporarily.

On Phone

• Go to settings > Search settings and type “private DNS”
• Select private DNS and use DNS-over-TLS from the NextDNS webpage:
  
  

  image173×551 14.1 KB
  
  
  

  Screenshot_20200728-134837_Settings1080×2160 141 KB

I decided to trust NextDNS but that’s up to you if you do too. I wanted to share because it works great.

NextDNS does’t appear to work on Android 8.1 (Oreo), which is the version being shipped on the refurbished phones from /e/ solutions.

I installed the NextDNS app, and set everything up. The app is running, but when I check from a web page which DNS server I am using, it is showing me the previous one I was using. Restarting the phone had no effect.

Any ideas on how to fix this?

DNS-over-TLS got introduced natively in Android 9 (“Pie”), so not sure if the Nextdns App offers its own DoT/DoH implementation or is a interface to the custom settings. Their thread linking back here - https://help.nextdns.io/t/x2hlnta/nextdns-does-not-work-on-android-8-1-e-os. A user suggesting Nebulo (com.frostnerd.smokescreen) and adding your own NextDNS link there is an avenue you can test.

As a temporary solution, I’ve been using Blocada. It’s an app that does dns filtering on your device, and the faq claims that they implement encrypted dns. I’m not quite sure how to verify what type of encrypted dns they are using.

In any case, it looks like there will soon be an OTA android updater from 8 to Q, so that will solve everything.

I had left the “No Google” block list off which was allowing this private DNS through .

I now have enabled the “No Google” block list and added the domains outlined in your directions and am able to stream NewPipe when needed. Thank you @andrelam !

Was looking over this and was pleased to see the trackers needed to allow NewPipe to function identified, but I can’t use the Aurora Store with the NoGoogle List enabled (I do need it for banking and such). Any suggestions for that?

Aurora Store gets its apps from Google’s Play store so it’s not going to work if you block access to Google’s addresses. If you want apps from Google, you have to talk to Google

Was afraid of that. Same deal with my hockey team, they won’t get off Facebook. sigh…

Hi

Im also using NextDNS with “no-google” on my device.
This setup, de-google my android, and stopped google services from working (youtube, mapps, translate, playstore…).

Even Newpipe stopped working. To fix it, I added some domains in the allowlist of NextDns.

But now, I can not use the Aurora store!
Maybe Aurora uses google services in the background.

Did you experience the same problem?
I already added these domains, to the allow list, but the problem persists:

• *gvt1.com
• *gvt2.com
• *gvt3.com

What additional domains, do we need to add, to have Aurora working again?

Some links:
https://gitlab.com/AuroraOSS/AuroraStore/-/issues/694

Thanks