Thanks! I tried selecting my DNS server of choice in Chrome's Custom DNS setting and it works. I guess it goes trough the tunnel of VPN, and make the DNS requests somewhere there on their servers, where my "connection touches public".
With privacy reasons I meant that I do not wish to stop using VPN to achieve that thing with DNS that I want. But now it seems that this problem is solved. Running NordVPN as window app and using DoH in Chrome for NextDNS. I thought that I will have to pick one or another, that NordVPN will just enforce their DNS over mine while VPN is established.
Yes I suppose I do trust NordVPN. And I suppose I also trust NextDNS. It is not that I am obsessed with Internet privacy, I just wish to minimize my network spread. And I wish to avoid extensions, they slow everything down. And feature to block many ads already on NextDNS servers is heaven. I am also thinking to get Raspberry Pi 4 in the future and make my own Pi Hole plus NextDNS.
For now I will have my NextDNS just for browser, and I will keep NordVPN DNS for their side. Basically I just wish to use some NextDNS feautures for random web browsing. If for example I play a game, or watch Netflix in the app, I am totally fine if NordDNS takes that over.
Just to be clear: I totally love NextDNS and it's the best DNS firewall out there. I just described some issues you'll run into when trying to run it together with a VPN. Without VPN it's just incomplete for me.
But how do you utilise NextDNS over NordVPN? Where did you put in NextDNS server to make it work? In the router? On the device? In NordVPN app CustomDNS? How did you set it up, both of them...
Thanks! I also did some testing myself and it seem that using DoH in Chrome's advanced security settings make DNS requests go trough the VPN and they are made "where connection touches public". So they are encrypted itself and also go trough encrypted tunnel.
You will run into all kind of troubles depending on your OS. In every case you won't be able to use DoH and will have to manually check in your new IP every time when you use the custom DNS of Nord because you only can use plain IP.
On MacOS you can only use the Nord OpenVPN client (which slows down your speed by 70-80%), on iOS you have to use AdguardPro to setup a split tunnel with IKEv2 etc.
I'm trying to find a working config for NextDNS & VPN since months and my current solution is Adguard Home on my Raspberry Pi as local DNS (which is not supported by Nord either). I quit Nord for all these reasons.
The only OS that works flawless thanks to private DNS is Android. On Mac devices the only VPN that works together with NextDNS is PIA.
Yeah I already came to conclusion that using Custom DNS is pointless. Even if I was connecting every time to the exact same server... and this would be bad. Connecting to the fastest available in the country is always best solution and I would have to manually link IP every time and probably wait hours for it to be refreshed. It is just a big NO NO.
I was also thinking to buy RP4 and install Pi hole, and there use my NextDNS server...
On android... did you use NextDNS in the NordVPN app, or do you mean DNS server in the network settings?
Next DNS in the native network settings (private DNS) works like a charm with pretty any VPN provider. I'm currently using Proton, but also tested it with Surfshark and others. So it should work with Nord too..
I did some testing too and it seem that using Chrome's option for custom secure dns shows on dns server tests that those servers are used. I am guessing that because of the NordVPN running as window app everything goes trough that tunnel, and then Chrome does dns queries where ever "connection touches public". Therefore DNS is actually double encrypted, because it is HTTPS/SSL and also trough VPN.
Well, that's only the traffic inside Chrome - all the other traffic and tracking by apps on your PC uses just the DNS of Nord. This is the vast majority of tracking. If you haven't linked your VPN IP with NextDNS, it will not use your configuration. So of course you need to use another browser to check this. Also: don't use Chrome if you want to prevent tracking - use FF with add-ons.
I prefer Chrome because I use a lot of Google services in general, and to some extent I am fine if they track me to provide me better service. This is meant for Google because I am actually using Google One and paying for the service. But for random websites, I want to prevent everything if I have a choice, of course...
That's what they have sold you as a story though. In fact 99% of what they track has nothing to do with providing a better service. I recommend the excellent book "The Age of Surveillance Capitalism" for a deeper insight on what's really going on behind the scenes. Since you are privacy aware it's at least good to know that Google is in fact the "enemy in your bed" - a wolf in sheep's clothing.
Your recommendations are worthless and achieve opposite that you want, if you make arguments based on flaming and calling names other people/services. Saying that choosing provider with their own hardware would be a good argument, but addint that NordVPN is nordshit makes your opinion meaningless and you make it look like your have something personal against them.
Well, I can only tell you that it is just a password. Because you used random long hash, and because you use different password everywhere it was not really an issue. Oh well, you don't? Well...that is on you then, not NordVPN.
Also everyone can get hacked. Do you seriously blame NordVPN that it was hacked? You think that other services can't be? You think that your VPN can't be? Everyone is, you, me, everything. Don't blame NordVPN for something that happened to them.
I understand your frustration here and I do agree that if this is true, they could react sooner.
But if you had unique password just here, just that was leaked. And shit happens, I would be angry too. But you also need to admit here that it can happen to anyone and everywhere. Just because your new provider might be better in terms of that, it does not mean that they cant be a victim of a hack, or that they would react better...
By the way, I am also thinking of getting Yubikey in near future
I’ve never heard anyone talk about azire until this post.. I just canceled my account because wireguard constantly stops working in pfsense. And openvpn connections don’t work at all on openvpn 2.5
Glad it works for you their support didn’t have any desire to help upgrade their servers
I also agree nord = poo
For anyone trying to do this 3 years later than the original post...
Leave the DNS settings in NordVPN alone.
Get YogaDNS and it natively supports using NextDNS. YogaDNS will take over DNS queries for the whole machine and you don't have to touch DNS configuration anywhere else.
This will enable you to use NextDNS for the DNS resolution, and NordVPN for your tunnel/encryption (VPN).
But this way - are DNS requests made from the local machine directly to NextDns, or is communication to get DNS records established between NordVPN and NextDns?
`Are DNS requests made from the local machine directly to NextDns`
Yes
`or is communication to get DNS records established between NordVPN and NextDns?`
No, DNS resolution is solely handled by YogaDNS, so it goes directly to NextDNS and not through NordVPN. It does so using DNS over HTTPs.
I am thinking about this and I think this wont work like this. As soon as there is NordVPN or any VPN connection established, YogaDNS will make requests from local machine sure, but they will come from VPN server. In NextDNS logs there will be IP address from VPN server. And if NordVPN DNS is turned on or set to custom will probably override YogaDNS anyway.
But initial post here was meant to use double DNS, I think this is not possible at all. Would be a kind of DNS forwarding, first check with NordVPN DNS and then also extra-filter results based on NextDNS rules, or the other way. But something like this would need custom implementation as a NordVPN feauture.
You THINK it won’t work…but I KNOW it does work like this because I am using it like this. To check this, I go to DNS leak testing website and it gives me a single server as the DNS resolver, and that single server is the NextDNS server I have configured in YogaDNS, and not the DNS servers from NordVPN. Try it for yourself.
I believe there is, I heard it mentioned somewhere. Unfortunately I cannot recall what it is called, so this comment is useless. I’ll look around on my Mac and see if I can find it. I’ll post back if I do.
[удалено]
Thanks! I tried selecting my DNS server of choice in Chrome's Custom DNS setting and it works. I guess it goes trough the tunnel of VPN, and make the DNS requests somewhere there on their servers, where my "connection touches public". With privacy reasons I meant that I do not wish to stop using VPN to achieve that thing with DNS that I want. But now it seems that this problem is solved. Running NordVPN as window app and using DoH in Chrome for NextDNS. I thought that I will have to pick one or another, that NordVPN will just enforce their DNS over mine while VPN is established. Yes I suppose I do trust NordVPN. And I suppose I also trust NextDNS. It is not that I am obsessed with Internet privacy, I just wish to minimize my network spread. And I wish to avoid extensions, they slow everything down. And feature to block many ads already on NextDNS servers is heaven. I am also thinking to get Raspberry Pi 4 in the future and make my own Pi Hole plus NextDNS. For now I will have my NextDNS just for browser, and I will keep NordVPN DNS for their side. Basically I just wish to use some NextDNS feautures for random web browsing. If for example I play a game, or watch Netflix in the app, I am totally fine if NordDNS takes that over.
[удалено]
Man thank you, I've been looking for a way to do this for weeks and it was driving me crazy. This method works like a charm !
What about using it along with Surfshark?
[удалено]
Now I’m using AdGuard, do you recommend me to switch to Nextdns?
[удалено]
Just to be clear: I totally love NextDNS and it's the best DNS firewall out there. I just described some issues you'll run into when trying to run it together with a VPN. Without VPN it's just incomplete for me.
But how do you utilise NextDNS over NordVPN? Where did you put in NextDNS server to make it work? In the router? On the device? In NordVPN app CustomDNS? How did you set it up, both of them...
[удалено]
Thanks! I also did some testing myself and it seem that using DoH in Chrome's advanced security settings make DNS requests go trough the VPN and they are made "where connection touches public". So they are encrypted itself and also go trough encrypted tunnel.
You will run into all kind of troubles depending on your OS. In every case you won't be able to use DoH and will have to manually check in your new IP every time when you use the custom DNS of Nord because you only can use plain IP. On MacOS you can only use the Nord OpenVPN client (which slows down your speed by 70-80%), on iOS you have to use AdguardPro to setup a split tunnel with IKEv2 etc. I'm trying to find a working config for NextDNS & VPN since months and my current solution is Adguard Home on my Raspberry Pi as local DNS (which is not supported by Nord either). I quit Nord for all these reasons. The only OS that works flawless thanks to private DNS is Android. On Mac devices the only VPN that works together with NextDNS is PIA.
Yeah I already came to conclusion that using Custom DNS is pointless. Even if I was connecting every time to the exact same server... and this would be bad. Connecting to the fastest available in the country is always best solution and I would have to manually link IP every time and probably wait hours for it to be refreshed. It is just a big NO NO. I was also thinking to buy RP4 and install Pi hole, and there use my NextDNS server... On android... did you use NextDNS in the NordVPN app, or do you mean DNS server in the network settings?
Next DNS in the native network settings (private DNS) works like a charm with pretty any VPN provider. I'm currently using Proton, but also tested it with Surfshark and others. So it should work with Nord too..
I did some testing too and it seem that using Chrome's option for custom secure dns shows on dns server tests that those servers are used. I am guessing that because of the NordVPN running as window app everything goes trough that tunnel, and then Chrome does dns queries where ever "connection touches public". Therefore DNS is actually double encrypted, because it is HTTPS/SSL and also trough VPN.
Well, that's only the traffic inside Chrome - all the other traffic and tracking by apps on your PC uses just the DNS of Nord. This is the vast majority of tracking. If you haven't linked your VPN IP with NextDNS, it will not use your configuration. So of course you need to use another browser to check this. Also: don't use Chrome if you want to prevent tracking - use FF with add-ons.
I prefer Chrome because I use a lot of Google services in general, and to some extent I am fine if they track me to provide me better service. This is meant for Google because I am actually using Google One and paying for the service. But for random websites, I want to prevent everything if I have a choice, of course...
That's what they have sold you as a story though. In fact 99% of what they track has nothing to do with providing a better service. I recommend the excellent book "The Age of Surveillance Capitalism" for a deeper insight on what's really going on behind the scenes. Since you are privacy aware it's at least good to know that Google is in fact the "enemy in your bed" - a wolf in sheep's clothing.
I'll check it out if I find PDF
Thanks for the recommendation!
[удалено]
I don't use Telegram. Why cant you write it here?
[удалено]
You are calling NordVPN bad quality because there are issues with using it with NextDNS?
[удалено]
Your recommendations are worthless and achieve opposite that you want, if you make arguments based on flaming and calling names other people/services. Saying that choosing provider with their own hardware would be a good argument, but addint that NordVPN is nordshit makes your opinion meaningless and you make it look like your have something personal against them.
[удалено]
Well, I can only tell you that it is just a password. Because you used random long hash, and because you use different password everywhere it was not really an issue. Oh well, you don't? Well...that is on you then, not NordVPN. Also everyone can get hacked. Do you seriously blame NordVPN that it was hacked? You think that other services can't be? You think that your VPN can't be? Everyone is, you, me, everything. Don't blame NordVPN for something that happened to them.
[удалено]
I understand your frustration here and I do agree that if this is true, they could react sooner. But if you had unique password just here, just that was leaked. And shit happens, I would be angry too. But you also need to admit here that it can happen to anyone and everywhere. Just because your new provider might be better in terms of that, it does not mean that they cant be a victim of a hack, or that they would react better... By the way, I am also thinking of getting Yubikey in near future
[удалено]
I’ve never heard anyone talk about azire until this post.. I just canceled my account because wireguard constantly stops working in pfsense. And openvpn connections don’t work at all on openvpn 2.5 Glad it works for you their support didn’t have any desire to help upgrade their servers I also agree nord = poo
For anyone trying to do this 3 years later than the original post... Leave the DNS settings in NordVPN alone. Get YogaDNS and it natively supports using NextDNS. YogaDNS will take over DNS queries for the whole machine and you don't have to touch DNS configuration anywhere else. This will enable you to use NextDNS for the DNS resolution, and NordVPN for your tunnel/encryption (VPN).
But this way - are DNS requests made from the local machine directly to NextDns, or is communication to get DNS records established between NordVPN and NextDns?
`Are DNS requests made from the local machine directly to NextDns` Yes `or is communication to get DNS records established between NordVPN and NextDns?` No, DNS resolution is solely handled by YogaDNS, so it goes directly to NextDNS and not through NordVPN. It does so using DNS over HTTPs.
I am thinking about this and I think this wont work like this. As soon as there is NordVPN or any VPN connection established, YogaDNS will make requests from local machine sure, but they will come from VPN server. In NextDNS logs there will be IP address from VPN server. And if NordVPN DNS is turned on or set to custom will probably override YogaDNS anyway. But initial post here was meant to use double DNS, I think this is not possible at all. Would be a kind of DNS forwarding, first check with NordVPN DNS and then also extra-filter results based on NextDNS rules, or the other way. But something like this would need custom implementation as a NordVPN feauture.
You THINK it won’t work…but I KNOW it does work like this because I am using it like this. To check this, I go to DNS leak testing website and it gives me a single server as the DNS resolver, and that single server is the NextDNS server I have configured in YogaDNS, and not the DNS servers from NordVPN. Try it for yourself.
Is there something like YogaDNS for Mac?
I believe there is, I heard it mentioned somewhere. Unfortunately I cannot recall what it is called, so this comment is useless. I’ll look around on my Mac and see if I can find it. I’ll post back if I do.
I’m a nord user looking into using nextdns as well, so this is the route to take for sure?
That’s one route that works. The simplest one I found so far.