OKAY hopefully this cleared up a lot of the questions I was getting in our last video :) Thank you all for the feedback! Don't forget to check out our Patreon: patreon.com/techlore A few more updates: - IVPN updated their documentation to be clearer! www.ivpn.net/knowledgebase/general/custom-dns/ - Android is actually using DoT, NOT DoH. Though for the purposes of this video this shouldn't impact the takeaways or general concepts. - NextDNS has an open source CLI tool, though their native clients don't appear to be open source. With that said, we're not trying to use the native clients & I'm not concerned with the server being open source since there's no way for us to verify they're running that code anyway. But definitely a correction for people who desire more of these things. - Linux & Windows have native DoH options that *may* work with some of these VPNs. (Didn't test this myself) Thank you to people who are sharing more information regarding this situation, as always - I'm learning more from comments on RUclips than from service's themself, which is really my core complaint here.
In previous one it was clear what IVPN and Net Guard are incompatible because Android can't run two VPNs at the same time. Thanks for fixing the mistake.
as someone who is fairly new to the tech security & privacy game my initial response was 🤯 but also thank you. i'm trying to decide on a new VPN as i WAS with WeVPN who recently just...went away. my current top two are iVPN & ProtonVPN but, i'm wondering if i should consider others. i'm still too much of a noob to be confident in my decision. i'm also very, very new to the custom DNS scene having been recently introduced to Quad9. at any rate, i do enjoy your videos & appreciate your honesty. thank you, again.
I use Proton with NextDNS. I use Linux, Windows and Android. Here is how I managed to have both DoT and VPN. Also I want my devices to report their name to identify queries. Android NextDNS - DoT ProtonVPN - Wireguard Windows NextDNS - yoga dns ProtonVPN - Wireguard Linux NextDNS - systemd-resolved ProtonVPN - Wireguard CLI (I don't know why I can't import using GUI Network manager. Using Debian 12 KDE) PS.Downloaded Wireguard configs work for both Android and Windows but not Linux. I mean for Linux you have to select GNU/Linux when downloading. So don't try to create a backup in the GUI app and use those config in Linux. In Linux you need to comment out DNS option in the config otherwise say good bye to the internet at least that is what I experienced.
As a free use case, windscribe works but you are correct it's ip4 only. For the machine I'm using it on, it's fine. I don't use ip6 on that machine. I am waiting to upgrade my whole network. Wanting to get a pfsense box. I would like DoH but it's fine for a little coffee shop work machine.
Windows 11 does support native private custom DNS integration via HTTPS! Both via IPV4 and IPV6! I'm using Proton VPN with NextDNS comfortably on both Windows and Android without even touching the configuration of the VPN clients.
Thanks for the followup video. But I have a question about DoH on Android, where do you set that up? The Private DNS option only allows a direct domain, so that only works with DNS-over-TLS/QUIC and not the DoH url. Is there any other setting I am missing? Or did you group DoT and DoH together? I am using Android 13.
Thank you yes, DoT is technically what's offered on Android 👌 The URL would be 'yourNextDNSID.dns.nextdns.io' - imporperly grouped it together as DoH in this video. -H
Windscribe with NextDNS works for me on android. The problem is, it seems to be leaking the DNS request to the windscribe provided one occasionally. When I checked with dnsleaktest, sure it only shows the provided one, even with the extended test. But when I checked with ipleak it shows the that it hits 2 servers, one being the NextDNS with the majority hit (150 vs 2). I also checked if my NextDNS filter is being applied, and it did.
Other systems are weird.. on Linux Desktop its just so easy to have such a custom solution. Locally host your own DNS and passthrough the rest, no problem.
17:40 People don't use these features so we don't document them and people don't use these features because they aren't documented. Its a cycle. IDK man if I worked couple hundred man hours on a product or service you'd think I'd want to let people to know how to use it.
Still a little puzzled: I use ivpn on my Android phone, mostly. I have "custom/private" DNS set to use NextDNS under the Android OS settings. Do I also need to tell the ivpn app to use custom/private DNS, i.e. NextDNS? IOW, one or both? Sorry if dumb question...
With android, I went into the settings of the device itself and put Next DNS as my private DNS and then ran Proton VPN as normal and went to multiple DNS detecting websites and they all said NextDNS with no DNS leaks.
Thanks for breaking down 👍 Wouldn‘t it be much easier for NextDNS to provide DoH/DoT config profiles for iOS like for example Quad9 offers!? 😂Someone should get in contact with them and suggest this Thus way they could offer the better DoT as well for everyone
Yeah I'm seeing mixed things about whether Netshield needs to be on or off. Again, documenting features would be nice so we don't have to test everything ourselves :P -H
Hey, man I'm a new sub and learned a lot quickly, so thanks for the great videos. Could you make a video on how to make a private, secure and anonymous E-mail account network/system? I was trying to research it but there are too many products and I don't know how to build an ecosystem with it, that is why I might need some help, please.
I'm still kind of confused about the set-up. I wanna make sure I'm using it right. Here's my setup: System: - Apple Configuration Profile on macOS - DNS-over-TLS/QUIC on Android Browsers: - DNS-over-HTTPS on Brave Macbook - DNS-over-HTTPS on Brave Mobile Mullvad: - IPv6 & DNS servers On Macbook - IPv6 & DNS servers On Android Does this look correct? Is it overkill?
My old, deteriorating brain struggled with this one. Was the previous video found be be in error, or does that solution laid out still work as described? I'm just trying to keep things relatively private on my windows laptop, macbook, and iphone. The original video seemed to offer a minimalist solution that made some sense to me. Is that still the case? Thanks for your patience!
Does DoH with VPN reduce “privacy” as people stand out more? Also if you already trust VPN provider with your traffic how is custom DNS improve things?
This is ridiculous. I paid for all 3 services because of your last video. That is because I am a desktop service man so I needed many services. Now I have to cancel the contract and I have a court date with the big one.
Did you ever figure this out? I'm using ProtonVPN and NextDNS on both Mobile and Desktoip and curious to see if it's functioning correctly, or just using the DNS provided through ProtonVPN
And why would we? Not open source, no audits, misleading marketing: "Anonymous VPN" - refer to our VPN video on some basic criteria that almost no VPNs hit, including TG: ruclips.net/video/u-uj_dLXu5s/видео.html -H
Don’t feel bad, documentation of products is bad even when companies are in good faith, not to even mention bad faith marketing.. For products that just say “works on iOS and android!” but doesn’t say WHAT works on both, it’s like don’t even bother with them. If they can spend millions of dollars developing a product, yet more hundreds of thousands of dollars marketing it, and then not take the time to document it, fk em~ No sympathy. Don’t waste your time doing their jobs for them, let evolution take its course.
![Twenty One Pilots - “The Line” (from Arcane Season 2) [Official Music Video]](http://i.ytimg.com/vi/E2Rj2gQAyPA/mqdefault.jpg)
OKAY hopefully this cleared up a lot of the questions I was getting in our last video :) Thank you all for the feedback!
Don't forget to check out our Patreon: patreon.com/techlore
A few more updates:
- IVPN updated their documentation to be clearer! www.ivpn.net/knowledgebase/general/custom-dns/
- Android is actually using DoT, NOT DoH. Though for the purposes of this video this shouldn't impact the takeaways or general concepts.
- NextDNS has an open source CLI tool, though their native clients don't appear to be open source. With that said, we're not trying to use the native clients & I'm not concerned with the server being open source since there's no way for us to verify they're running that code anyway. But definitely a correction for people who desire more of these things.
- Linux & Windows have native DoH options that *may* work with some of these VPNs. (Didn't test this myself)
Thank you to people who are sharing more information regarding this situation, as always - I'm learning more from comments on RUclips than from service's themself, which is really my core complaint here.
In previous one it was clear what IVPN and Net Guard are incompatible because Android can't run two VPNs at the same time. Thanks for fixing the mistake.
as someone who is fairly new to the tech security & privacy game my initial response was 🤯 but also thank you. i'm trying to decide on a new VPN as i WAS with WeVPN who recently just...went away. my current top two are iVPN & ProtonVPN but, i'm wondering if i should consider others. i'm still too much of a noob to be confident in my decision. i'm also very, very new to the custom DNS scene having been recently introduced to Quad9. at any rate, i do enjoy your videos & appreciate your honesty. thank you, again.
Stay with iVPN my man, just the best one
Great follow-up. As always appreciate your thoroughness and openness!
I use Proton with NextDNS. I use Linux, Windows and Android. Here is how I managed to have both DoT and VPN. Also I want my devices to report their name to identify queries.
Android
NextDNS - DoT
ProtonVPN - Wireguard
Windows
NextDNS - yoga dns
ProtonVPN - Wireguard
Linux
NextDNS - systemd-resolved
ProtonVPN - Wireguard CLI (I don't know why I can't import using GUI Network manager. Using Debian 12 KDE)
PS.Downloaded Wireguard configs work for both Android and Windows but not Linux. I mean for Linux you have to select GNU/Linux when downloading. So don't try to create a backup in the GUI app and use those config in Linux. In Linux you need to comment out DNS option in the config otherwise say good bye to the internet at least that is what I experienced.
As a free use case, windscribe works but you are correct it's ip4 only. For the machine I'm using it on, it's fine. I don't use ip6 on that machine. I am waiting to upgrade my whole network. Wanting to get a pfsense box. I would like DoH but it's fine for a little coffee shop work machine.
Recently using the iVPN and NextDNS combo. Works well on my end.
Windows 11 does support native private custom DNS integration via HTTPS! Both via IPV4 and IPV6! I'm using Proton VPN with NextDNS comfortably on both Windows and Android without even touching the configuration of the VPN clients.
Next DNS is a messed up ever don't use ...
rather than using ControlD
Great video, thanks for the clarifications
nextdns at least has debugging tool to find which list blocks domain! love it
Thanks for the followup video. But I have a question about DoH on Android, where do you set that up? The Private DNS option only allows a direct domain, so that only works with DNS-over-TLS/QUIC and not the DoH url. Is there any other setting I am missing? Or did you group DoT and DoH together? I am using Android 13.
Thank you yes, DoT is technically what's offered on Android 👌 The URL would be 'yourNextDNSID.dns.nextdns.io' - imporperly grouped it together as DoH in this video. -H
Windscribe with NextDNS works for me on android. The problem is, it seems to be leaking the DNS request to the windscribe provided one occasionally. When I checked with dnsleaktest, sure it only shows the provided one, even with the extended test. But when I checked with ipleak it shows the that it hits 2 servers, one being the NextDNS with the majority hit (150 vs 2). I also checked if my NextDNS filter is being applied, and it did.
The documentation is a bit weird when they say they cover something but don't actually do that
Yessss, we need more Videos about cool foss Android apps 📈
Other systems are weird.. on Linux Desktop its just so easy to have such a custom solution.
Locally host your own DNS and passthrough the rest, no problem.
17:40 People don't use these features so we don't document them and people don't use these features because they aren't documented. Its a cycle. IDK man if I worked couple hundred man hours on a product or service you'd think I'd want to let people to know how to use it.
Thanks, much appreciated. Do you use an IOS device?
Still a little puzzled: I use ivpn on my Android phone, mostly. I have "custom/private" DNS set to use NextDNS under the Android OS settings. Do I also need to tell the ivpn app to use custom/private DNS, i.e. NextDNS? IOW, one or both? Sorry if dumb question...
I did the same with Proton VPN and when I go to DNS checking sites, they all say Next DNS.
Doh with ivpn on windows doesn’t work for me
With android, I went into the settings of the device itself and put Next DNS as my private DNS and then ran Proton VPN as normal and went to multiple DNS detecting websites and they all said NextDNS with no DNS leaks.
Proton vpn actually does support doh and custom dns on x64 Linux but not arm or x86
Thanks for breaking down 👍
Wouldn‘t it be much easier for NextDNS to provide DoH/DoT config profiles for iOS like for example Quad9 offers!? 😂Someone should get in contact with them and suggest this Thus way they could offer the better DoT as well for everyone
Apparently Android DoH + ProtonVPN also works while leaving Netshield on.. at least in my case.
Nvm not after/if you reconnect your VPN.. weird
@@guyfawkes5012 working fine for me
Yeah I'm seeing mixed things about whether Netshield needs to be on or off. Again, documenting features would be nice so we don't have to test everything ourselves :P -H
Would the apple configuration profile for nextdns allow it to be used with protonvpn on mac?
Hey, man I'm a new sub and learned a lot quickly, so thanks for the great videos. Could you make a video on how to make a private, secure and anonymous E-mail account network/system? I was trying to research it but there are too many products and I don't know how to build an ecosystem with it, that is why I might need some help, please.
4:35 the Linux client is currently in beta so not all features have yet been implemented
What about Unbound (using pihole)?
Does IPVN use the custom Next DNS DOH even not connected to VPN? Or does the custom DNS only work when connect to VPN?
I'm still kind of confused about the set-up. I wanna make sure I'm using it right. Here's my setup:
System:
- Apple Configuration Profile on macOS
- DNS-over-TLS/QUIC on Android
Browsers:
- DNS-over-HTTPS on Brave Macbook
- DNS-over-HTTPS on Brave Mobile
Mullvad:
- IPv6 & DNS servers On Macbook
- IPv6 & DNS servers On Android
Does this look correct? Is it overkill?
Adguard VPN would have solved your problems, btw a review on it would be amazing
My old, deteriorating brain struggled with this one. Was the previous video found be be in error, or does that solution laid out still work as described? I'm just trying to keep things relatively private on my windows laptop, macbook, and iphone. The original video seemed to offer a minimalist solution that made some sense to me. Is that still the case? Thanks for your patience!
I can confirm that private DNS on Android works just fine with windscribe. Did you check if chrome's own DoH is turned off?
Yep, it's turned off. -H
Mine too working fine on Android
excellent presso !
Is it a privacy issue when I use Androids DOH settings and a vpn? Ipleaks shows me the DNS server of Adguard and Nextdns.
I'm primarily using Android and NextDNS and Torguard and the private DNS route seems to work ok for me.
Can you make a video about DNS over Quic?
thanks!!
How did you get android to work?
Hey so what's the clear difference between DOT and DoH ?..
I think it was for Android and browser level😂 ..
TLS/HTTpS aren't same?
Whats the point of using other DNS than from the VPN provider? I mean, they have all visited IPs anyways.
Can you do a video on internet protection for game consoles like ps5
Does DoH with VPN reduce “privacy” as people stand out more? Also if you already trust VPN provider with your traffic how is custom DNS improve things?
Ah never mind it was addressed in the video 😂
To know if this works with Safing would be interesting :o
This is ridiculous. I paid for all 3 services because of your last video. That is because I am a desktop service man so I needed many services. Now I have to cancel the contract and I have a court date with the big one.
Can you comment on obfuscation protocols like trojan gfw or v2ray?
In some places in the world (etc. China) all WireGuard and OpenVPN connections don't work
Currently self hosting a custom obfuscated protocol based on trojan-gfw but integrated with QUIC
Thanks for the indirect advice, i sadly too live in the country with censorship.
how do you know that next dns is being used after u input the info???? i dont know if its working or not hehe
Did you ever figure this out? I'm using ProtonVPN and NextDNS on both Mobile and Desktoip and curious to see if it's functioning correctly, or just using the DNS provided through ProtonVPN
only the nextdns command line (cli) is open source. nextdns (the resolver) itself isn't.
I use NORD and I’ve never been able to use my set piholes as my DNS. Breaks the internet.
Why you never cover torguard
And why would we? Not open source, no audits, misleading marketing: "Anonymous VPN" - refer to our VPN video on some basic criteria that almost no VPNs hit, including TG: ruclips.net/video/u-uj_dLXu5s/видео.html -H
Next dns, it's just a point of exposure.
Great, now I have proton and ivpn too! lol
Hi,
Could you look into the samsung cloud and Samsung secure folder security?
Don’t feel bad, documentation of products is bad even when companies are in good faith, not to even mention bad faith marketing..
For products that just say “works on iOS and android!” but doesn’t say WHAT works on both, it’s like don’t even bother with them.
If they can spend millions of dollars developing a product, yet more hundreds of thousands of dollars marketing it, and then not take the time to document it, fk em~
No sympathy. Don’t waste your time doing their jobs for them, let evolution take its course.
Too soon to mention Tailscale? 😅
Wevpn Seem to work 🤔
I Think nord also support it 😂😂