More questions? Confused? Be sure to watch the deeper dive into this video that covers a few mistakes I made, and where I add more information around this workflow: ruclips.net/video/py9RtY2fYaA/видео.html
Great. Proton keeps my data away from US sovereignty, which is great for privacy because the US is one of the least privacy-respecting nations on earth. My bottom line is to ensure any personal data I want to keep private do not go near US platforms or territory. So, I too would encourage Proton and other non-US providers to match what is available from the likes of IVPN. I’d love to see better non-US providers of anonymous VOIP with SMS equivalent for 2FA as well. There is still quite a gap in the non-US market for this.
You're a champ, Henry! Thank you for sharing this. I've spent the last couple years struggling with balancing these two tools since any VPN I used made my custom Pi-Hole blocklists completely useless, and there simply are not good firewall options for each of my various devices that allow DNS blocking instead of blocking on a per-app basis. I never wanted to pay for a VPN (I use ProtonVPN, which does have custom DNS but only on Windows) because of this issue and how infrequently I used them, but this actually makes it practical to use them exponentially more now and reap the benefits while still enjoying all the custom domain blocking I want. Much appreciated, keep up the great work!
for max security I think this would be an interesting idea to attempt.. though realistically probably too slow to use. TL;DR: [l-fw -> trk-prt-brws -> {slf-hst-dns-fltr -> cache-server ->} n-fw -> VPN + DNSSEC{-> VPN/Proxy/TOR ^#}] local-firewall -> browser -> pi-hole or adguard -> cache-server[hey if you don't have to access it again in person...] -> network-firewall -> VPN + DNSSEC[nextdns] -> another VPN -> TOR -> site [this is using a VPN then another and then using the tor browser fyi] Hope you have a great day & Safe Travels!
AdGuard has its own DNS service btw and lets you load exactly those custom Blocklists that you mention. I am using it everyday, also to block first level to telemetry.
Mullvad user here, doesn't Mullvad on Android and desktop (idk about iOS) natively support a DNS of the user's choice as long as they put it in like an IP address in the app?
ultimate setup is to have a pfsense firewall connecting to a VPN so the whole network is secure, plus installing Adguard home so you have all the control over your DNS queries plus the option to encrypt them
I have a question. VPN offers privacy, but if you use a unique DoH URL, will you still have this privacy? Or will it be possible to identify you based on this unique URL?
That's the thing I'm wondering too. The benefit of a VPN's DNS is everyone using the VPN goes through it too so your traffic is still hidden but if you're using a custom DNS then that's something that makes your traffic stand out.
I know sites can for some reason see who your DNS provider is, but I don't understand how their able to get that data. If DNS is suppose to tell your computer what IP owns a domain, how exactly is the IP (service) get to figure out who your DNS provider is?
What does NextDNS provide not available through Quad9 or my own DNS server? What's so magical about about the IVPN+NextDNS instead of Mulvad+(any Custom Dns I specify) ? How is this better than Pihole + OpenVPN ? Where's the magic, the silver bullet? What am I missing?
This very same issue bugs me on Windows every day. For instance, I want to communicate with my NAS via hostname, from loading it in a web browser or via s shared drive. When on my VPN, I can't since the DNS goes to the VPN. Currently using Proton. I hope one day providers can implement some safe way to add custom DNS queries. My Proton subscription ends in July so maybe I jump ship to IVPN this year.
you could use a Proton's VPN profile for wireguard, and change the DNS in the wireguard profile for the client. Downside is that each profile for wireguard only connect to the server you set up
ok proton doesnt have custom dns on android or ios as far as im aware but it is available on windows which is kinda weird why its not on their other clients
It seems that if you have an Android phone and you configure next DNS inside of the phone's settings you can run proton VPN while still having everything go through next DNS. I did this and I've been using DNS checking sites to see if it worked and so far it has.
I personally self host wireguard and adguard home dns (so it blocks ads) on a 1$/month vps. It works very well I have a web interface for the vpn and the dns behind authelia, so one account for both. And just like that I can have as much devices as I want and a 100% trustable vpn.
Ivpn is the best. It's expensive as fudge, but I love Ivpn. But I can't use net guard to block apps with vpn right un android since net guard uses vpn settings?
Yes this was an oversight on my end for this video, the 'layering' doesn't apply to Android as well, unless your ROM natively supports these features. (CalyxOS/iodêOS) -H
I have Pi-hole on a raspberry that configured as a network-wide openVPN to Proton, so all my home devices get the benefit of DNS ad blocking, and Proton without device limits. This doesn't really fix mobiles when away from the network (though I do have openVPN back to my home network, I don't think this covers when using mobile data.) . I think this achieves pretty much the same thing and give me extra flexibility for my own blocklists.
I am currently working on setting up Clash with VPNs and thinking of which DNS solution to go with. So I might just end up using NextDNS, that introduction of features was very convincing. OpenWrt also seems to natively have it in it's repositories, which is a big plus. But, say I run NextDNS on my local network, can I copy that very config to my phone - automatically, perhaps - and take it with me when I am not at home? My first thought would go to using Syncthing, but I know too little about NextDNS on phones...
Why is DNS required with Windscribe VPN, when Robert feature is integrated inside the VPN already? I don't see enough benefits in using a DNS with my current VPN provider (Windscribe).
@Tecklore First, thanks for your channel and content. It is definitely top notch. I subscribed a while ago, but totally forgot. Now I rediscovered it and, as a total newbie, am watching and learning from your incredibly interesting and well presented material. I have a quick, stupid question from a newbie, if I may. Is it safe to use a VPN over TOR? If yes, how could I find that info or video? I've searched a lot about this but, for me, it is very confusing. Some say "yes, use it like this and that" (very confusing again), some say never do it. Thanks again for this channel. It's just awesome!
Hey there & thanks for your question! Unfortunately, due to time constraints we are unable to answer technical questions in the comments. We have a forum (recommended) & a Discord server for you to get help from our communities. Otherwise there are many great privacy-focused public Matrix communities! Forum: discuss.techlore.tech/ Discord: discord.techlore.tech/
hi, I was searching for the same question like for a month. Did you find anything? I heard that I need to use wireguard. then when you connect tor browser, I can use mullvad vpn over tor, with the help of wireguard. anyways did you find anything useful? if you find, it would be cool if you can share it
@@techlore , can't you guys make a tutorial video about how to use VPN over TOR? Because there is literally no video about how to do this on the web. So when someone searches for it, they will see your video directly, so you guys can earn new subscribers. The reason I want to use VPN over TOR is: the site I'm going to abuse will not know the fact that I am using Tor. So when they sue me, the site will give the VPN's IP adress to goverment. So the government will need to ask for logs from the VPN service to find out I'm using TOR, and they probably won't have any logs in their hands because months will be pass since the abuse. Also I will do the operations by connecting to a public wifi from a laptop that i have never used in my house before and does not belong to me. Anyways it would be great if you guys can make a tutorial about it because i have zero software/programming knowledge
Great content!!!! I have a question: by doing what you discover as a "perfect" way for you to do custom DNS throught VPN, I have a sincere question... Doesn't thisd make you more "unique"? I mean, VPN are sometimes used for not beeing able to singularize (I do not know if this word exists) you, meaning you and a bunch of people use the same IP for the VPN server. By doing this unique configuration doesn't it make you more easy to spot on, when dealing with all the IVPN users? It's a sincere question and maybe I am confusing something... Thanks anyway and sorry if this does not make any sense to you....
That's intesrestn, although, now all your DNS queries are logged under your email instead of just your IP. Do they accept Monero, there's no way of checking that unless I create an account, which I don't want to.
Wouldnt be nextdns another point of failure? What if the government wants connection data for this dns query, nextdns surely has not that privacy levels of vpns right?
if I understand correctly, blocking all youtube ads via dns is quite hard since youtube uses same domain names for the actual videos and ads. Libretube is a great option that also includes sponsorblock or a mobile chrome browser like kiwi that can add desktop browser extensions like ublock origin.
i guess it's all apple's problem. i've been able to use any vpn client + nextdns for the last couple of years without any problem on my windows laptop and android phone. on android i simply use the built-in custom dns settings, while on windows i'm using yogadns. any vpn i'm using will use the nextdns and so far there's no leak.
Windows ProtonVPN app has custom DNS for IPV4 where we can set NextDNS, I'm using this configuration for a long time now. I'm also using Android app for ProtonVPN and NextDNS because in Android the custom DNS takes preference over everything so you can use ProtonVPN for VPN while the DNS queries are still routed through the Android OS and the custom DNS you've set there. IMO this video isn't upto your usual standard of content in this channel and I hope the content quality doesn't plummet like this, I'm sorry to say this was poorly researched and didn't account at all for all OSes. Also NextDNS has been out there for years, I'm glad it gets mentioned atleast now.
More questions? Confused? Be sure to watch the deeper dive into this video that covers a few mistakes I made, and where I add more information around this workflow: ruclips.net/video/py9RtY2fYaA/видео.html
You misspelled natively on 7:08
VyprVPN supports custom DNS as well
control-d from windscribe is also pretty neat
Let's go ahead guys and annoy Proton for enabling custom DNS support!!!
Yep, Ill smash them on twitter
Soon ™
Great. Proton keeps my data away from US sovereignty, which is great for privacy because the US is one of the least privacy-respecting nations on earth. My bottom line is to ensure any personal data I want to keep private do not go near US platforms or territory. So, I too would encourage Proton and other non-US providers to match what is available from the likes of IVPN. I’d love to see better non-US providers of anonymous VOIP with SMS equivalent for 2FA as well. There is still quite a gap in the non-US market for this.
You're a champ, Henry! Thank you for sharing this. I've spent the last couple years struggling with balancing these two tools since any VPN I used made my custom Pi-Hole blocklists completely useless, and there simply are not good firewall options for each of my various devices that allow DNS blocking instead of blocking on a per-app basis. I never wanted to pay for a VPN (I use ProtonVPN, which does have custom DNS but only on Windows) because of this issue and how infrequently I used them, but this actually makes it practical to use them exponentially more now and reap the benefits while still enjoying all the custom domain blocking I want.
Much appreciated, keep up the great work!
I have been using Windscribe and Control D for a few months now (before this video) and I really enjoy it. I like the stats that Control D gives me. 🙂
That worked great and I was about to give up but IVPN & NextDNS works perfectly. Thank you very much.
for max security I think this would be an interesting idea to attempt.. though realistically probably too slow to use.
TL;DR: [l-fw -> trk-prt-brws -> {slf-hst-dns-fltr -> cache-server ->} n-fw -> VPN + DNSSEC{-> VPN/Proxy/TOR ^#}]
local-firewall -> browser -> pi-hole or adguard -> cache-server[hey if you don't have to access it again in person...] -> network-firewall -> VPN + DNSSEC[nextdns] -> another VPN -> TOR -> site [this is using a VPN then another and then using the tor browser fyi]
Hope you have a great day & Safe Travels!
AdGuard has its own DNS service btw and lets you load exactly those custom Blocklists that you mention. I am using it everyday, also to block first level to telemetry.
Is it safe as Adguard is a Russian company?
Mullvad user here, doesn't Mullvad on Android and desktop (idk about iOS) natively support a DNS of the user's choice as long as they put it in like an IP address in the app?
ultimate setup is to have a pfsense firewall connecting to a VPN so the whole network is secure, plus installing Adguard home so you have all the control over your DNS queries plus the option to encrypt them
I have a question. VPN offers privacy, but if you use a unique DoH URL, will you still have this privacy? Or will it be possible to identify you based on this unique URL?
That's the thing I'm wondering too. The benefit of a VPN's DNS is everyone using the VPN goes through it too so your traffic is still hidden but if you're using a custom DNS then that's something that makes your traffic stand out.
I know sites can for some reason see who your DNS provider is, but I don't understand how their able to get that data. If DNS is suppose to tell your computer what IP owns a domain, how exactly is the IP (service) get to figure out who your DNS provider is?
Curious to hear your thoughts on Quad9 vs NextDNS
Probably NextDNS is better because you cannot customize Quad9
@@julianocc This is true, I'm thinking more of a privacy standpoint. I think Quad9 is likely a bit better in that regard.
This is awesome, I thought about it a bit and I'm gonna switch to IVPN from Proton now
What does NextDNS provide not available through Quad9 or my own DNS server? What's so magical about about the IVPN+NextDNS instead of Mulvad+(any Custom Dns I specify) ?
How is this better than Pihole + OpenVPN ?
Where's the magic, the silver bullet? What am I missing?
do you have an idea on using mesh that have custom VPN setting along side with the NEXT DNS.
Im talking about Deco Wifi mesh
This very same issue bugs me on Windows every day. For instance, I want to communicate with my NAS via hostname, from loading it in a web browser or via s shared drive. When on my VPN, I can't since the DNS goes to the VPN. Currently using Proton. I hope one day providers can implement some safe way to add custom DNS queries. My Proton subscription ends in July so maybe I jump ship to IVPN this year.
you could use a Proton's VPN profile for wireguard, and change the DNS in the wireguard profile for the client. Downside is that each profile for wireguard only connect to the server you set up
This is awesome bro, big thanks.
Keep it up 👍🏿
how does this compare to those of us using adguard on a raspberrypi or pihole? This is free
ok proton doesnt have custom dns on android or ios as far as im aware but it is available on windows which is kinda weird why its not on their other clients
No, not an option as far as I know. Someone can correct if this isn't the case. -H
We can have custom DNS for IPv4 in the ProtonVPN Windows app and we have had this option for quite a long while.
Found you randomly on RUclips. Watched for the articulate, well researched and informed content, (but forgive me) stay for the hot AF guy speaking.
Been running GlassWire + NextDNS on my PC and NetGuard + NextDNS on my Androids for years.
I definitely love this channel!
Some VPN providers have a tool to generate a Wireguard config file for use with third-party clients. Just put your custom DNS IP in that.
It seems that if you have an Android phone and you configure next DNS inside of the phone's settings you can run proton VPN while still having everything go through next DNS. I did this and I've been using DNS checking sites to see if it worked and so far it has.
Mullvad supports custom DNS setups on Android and other OSs through its client.
How can you trust a company based in the USA? Doesn't that go against being private in general?
I personally self host wireguard and adguard home dns (so it blocks ads) on a 1$/month vps. It works very well I have a web interface for the vpn and the dns behind authelia, so one account for both. And just like that I can have as much devices as I want and a 100% trustable vpn.
Ivpn is the best. It's expensive as fudge, but I love Ivpn.
But I can't use net guard to block apps with vpn right un android since net guard uses vpn settings?
Yes this was an oversight on my end for this video, the 'layering' doesn't apply to Android as well, unless your ROM natively supports these features. (CalyxOS/iodêOS) -H
if your router only supports ipv4 & you are on linux with kde & you followed the linked ip version of the guide try to reboot that fixed it for me
it's awesome but how the latency is effected?
because I know from personal experience DOH sometimes effects latency
in the Mac client in custom dns, what ip I should put it on field ip?
Proton has custom DNS on windows, it's the last option under the conection tab
Not for mobile tho
What about using quad9?
I have Pi-hole on a raspberry that configured as a network-wide openVPN to Proton, so all my home devices get the benefit of DNS ad blocking, and Proton without device limits. This doesn't really fix mobiles when away from the network (though I do have openVPN back to my home network, I don't think this covers when using mobile data.) . I think this achieves pretty much the same thing and give me extra flexibility for my own blocklists.
I believe this is what I'm trying to achieve with my network... If possible I could use the help setting this up.
Good job Hank!
Why not use Mullvad adblocking feature?
I am looking for a way to get Moneros as easy as possible. Any hints?
Thanks, I've been looking for this since I moved to iOS!
How does NextDNS compare with CONTROL D (windscribes over product) ?
Thanks!
You didn't talk about config with Android. I use myst vpn and wondering what DNS will work with it
I am currently working on setting up Clash with VPNs and thinking of which DNS solution to go with. So I might just end up using NextDNS, that introduction of features was very convincing. OpenWrt also seems to natively have it in it's repositories, which is a big plus. But, say I run NextDNS on my local network, can I copy that very config to my phone - automatically, perhaps - and take it with me when I am not at home? My first thought would go to using Syncthing, but I know too little about NextDNS on phones...
is NextDNS opensource?
Yes.
Why is DNS required with Windscribe VPN, when Robert feature is integrated inside the VPN already? I don't see enough benefits in using a DNS with my current VPN provider (Windscribe).
Anonymized DNSCrypt for the win
I have a similar setup on my Android phone but with Mullvad VPN and Adguard DNS instead. However Mullvad does not support DOH or DOT...
Can this be configured on the router level in your home?
what about our speed trafic after this ? does it goes slower a bit ? that seems like 3 layers more for our privacy
@Tecklore First, thanks for your channel and content. It is definitely top notch. I subscribed a while ago, but totally forgot. Now I rediscovered it and, as a total newbie, am watching and learning from your incredibly interesting and well presented material.
I have a quick, stupid question from a newbie, if I may. Is it safe to use a VPN over TOR? If yes, how could I find that info or video? I've searched a lot about this but, for me, it is very confusing. Some say "yes, use it like this and that" (very confusing again), some say never do it.
Thanks again for this channel. It's just awesome!
Hey there & thanks for your question! Unfortunately, due to time constraints we are unable to answer technical questions in the comments. We have a forum (recommended) & a Discord server for you to get help from our communities. Otherwise there are many great privacy-focused public Matrix communities!
Forum: discuss.techlore.tech/
Discord: discord.techlore.tech/
hi, I was searching for the same question like for a month. Did you find anything? I heard that I need to use wireguard. then when you connect tor browser, I can use mullvad vpn over tor, with the help of wireguard. anyways did you find anything useful? if you find, it would be cool if you can share it
@@techlore , can't you guys make a tutorial video about how to use VPN over TOR? Because there is literally no video about how to do this on the web. So when someone searches for it, they will see your video directly, so you guys can earn new subscribers. The reason I want to use VPN over TOR is:
the site I'm going to abuse will not know the fact that I am using Tor. So when they sue me, the site will give the VPN's IP adress to goverment. So the government will need to ask for logs from the VPN service to find out I'm using TOR, and they probably won't have any logs in their hands because months will be pass since the abuse. Also I will do the operations by connecting to a public wifi from a laptop that i have never used in my house before and does not belong to me.
Anyways it would be great if you guys can make a tutorial about it because i have zero software/programming knowledge
So if I purchased ivpn all that will be included, like nxt dNS
No, you still need an account with NextDNS
Do you expose yourself by using next dns? Or does ivpn make you anonymous?
Great content!!!! I have a question: by doing what you discover as a "perfect" way for you to do custom DNS throught VPN, I have a sincere question... Doesn't thisd make you more "unique"? I mean, VPN are sometimes used for not beeing able to singularize (I do not know if this word exists) you, meaning you and a bunch of people use the same IP for the VPN server. By doing this unique configuration doesn't it make you more easy to spot on, when dealing with all the IVPN users? It's a sincere question and maybe I am confusing something... Thanks anyway and sorry if this does not make any sense to you....
Same q that I have. Does ivpn make you anonymous while using next to dns?
Yaaaay, you uploaded again 📈📈📈
Doesn't it make fingerprinting easier in some cases?
I use mullvadvpn and quad9 so how does nextdns compare to quad9?
hey, can you please link the video that you show how to delete old, unused accounts ? i can't find it
That's intesrestn, although, now all your DNS queries are logged under your email instead of just your IP. Do they accept Monero, there's no way of checking that unless I create an account, which I don't want to.
kinda just wish IVPN supported unlimited devices :(
Wouldnt be nextdns another point of failure? What if the government wants connection data for this dns query, nextdns surely has not that privacy levels of vpns right?
Quad9 vs. Next DNS..which one is better
I like quad9 because they are based in Switzerland which means awesome privacy laws.
What about rethink dns
Great tutorial thank you it was very useful
What about Orbot?
use RPI to merge everything together
what is rpi ?
@@xugo91 raspberry pi
Mullvad + NextDNS FTW.
Strangely ivpn is down at the moment and I am unable to sign up
nice
Can NextDNS block RUclips Ads on mobile?
if I understand correctly, blocking all youtube ads via dns is quite hard since youtube uses same domain names for the actual videos and ads. Libretube is a great option that also includes sponsorblock or a mobile chrome browser like kiwi that can add desktop browser extensions like ublock origin.
Mullvad got custom dns on all clients i Think
Thanks, but I'll just use Adguard with my own VPN service provider.
It's all about your own journey! - S
i guess it's all apple's problem. i've been able to use any vpn client + nextdns for the last couple of years without any problem on my windows laptop and android phone. on android i simply use the built-in custom dns settings, while on windows i'm using yogadns. any vpn i'm using will use the nextdns and so far there's no leak.
Ever heard of Naomi Brockwell?
You could just change the DNS settings on your phone settings and connect to proton VPN.
Nice
Anti-Tracker mode must be disabled for this to work
just a heads-up for anyone wanting to try this
Based
Proton worked fine for me before watching this video.
ROTFLMAO
Meanwhile, Android simply overwrites whatever DNS your VPN uses lol
NextDNS: "We don't keep logs"
4:34 "Oh really"
With all these turned on… how slow is your connections then? Dial up 9600 baud speed? Lol
so...the Conspiracy Fly on Family Guy was right this whole time?
How do we know that Proton VPN and/or IVPN are not honeypots? It all boils down to gut instinct and trust, no? It's 100-percent trust.
👍
fresh tomato haves DoH already on their firmware routers.
dope
Mullvad don't support DoH 😣
Windows ProtonVPN app has custom DNS for IPV4 where we can set NextDNS, I'm using this configuration for a long time now.
I'm also using Android app for ProtonVPN and NextDNS because in Android the custom DNS takes preference over everything so you can use ProtonVPN for VPN while the DNS queries are still routed through the Android OS and the custom DNS you've set there.
IMO this video isn't upto your usual standard of content in this channel and I hope the content quality doesn't plummet like this, I'm sorry to say this was poorly researched and didn't account at all for all OSes. Also NextDNS has been out there for years, I'm glad it gets mentioned atleast now.
👏💻👏🏆
No te entendí muy bien, mi amor...
It’s cause adguard is garbage, slow af, cloud based
way toooo many words...
Ok, that gay pink T-shirt has to go 😁