NextDNS is an excellent option for DNS, I prefer NextDNS over any other DNS for multiple reasons. 

          1. Ease of use.
          2. It’s a well known privacy respecting DNS service.
          3. It has some extra security things if you sign up.

Preferably I use NextDNS logged in, I have a custom domain for my account.  You can use 1 account with multiple profiles. I have 1 for my Firewall, I have one for my browsers and I have one for my devices. The reason for having multiple is that you might want to have a device or a browser where it allows more or less. A good example is that if I blocked as much on my router as I do on my phone, I would have trouble watching Netflix. Obviously I could block it all and just own my own media, but I am not there yet. Obviously I want to own my own media but privacy is a process. So I block a lot less on my network than I do on my phone. This is simply because other people need to use the Wi-Fi.

Now the following setup is how I like things to be in my NextDNS account as default, without too much blocking. I will also expand on what I do to block more things later. Click the link to create a

NextDNS account.

First of all, the following settings are only available if you login, you might want to disable certain things or enable certain things but thats up to you. Here is my take on NextDNS with an Account.

Security

          • When you are logged in click on the “Security” tab at the top
          • Enable “Threat Intelligence Feeds”.
          • Disable “AI-Driven Threat Detection” since it’s a beta.
          • Disable “Google Safe Browsing”.
          • Enable “Cryptojacking Protection” if you use crypto.
          • Enable “DNS Rebinding Protection”.
          • Enable “IDN Homograph Attacks Protection”.
          • Enable “Typesquatting Protection”.
          • Enable “Domain Generation Algorithms (DGAs) Protection”.
          • Enable “Block Newly Registered Domains (NRDs).
          • Enable “Block Dynamic DNS Hostnames”.
          • Enable “Block Parked Domains”.
          • Under the “Block Top-Level Domains (TLDs), click on the “ADD A TLD” option.
          • Add all the “Spamhaus Most Abused TLDs”
          • Add any domains you wouldn’t want to visit.
          • I personally disabled all TLDs that are not written in latin, this is a preference and if you are in Saudi Arabia, disabling Arabic domains is a bad idea.

Privacy

Now if you go to the “Privacy” category we can start blocking dns queries

          • Click on the “ADD A BLOCKLIST” option.
          • Click on the search bar and write “hagezi”.
          • Click on the “ADD” button next to “HaGeZi – Multi Ultimate”
          • Click on the search bar and write “xtra”
          • Click on the “ADD” button next to “1Hosts (Xtra)”
          • I personally also add “No Google” and “No Facebook” (This is Optional).
          • Scroll down to “Native Tracking Protection”.
          • Click on the “ADD” button.
          • I personally enable all and I have no issues on any machine.
          • Click on the cross and scroll down to the bottom.
          • Enable “Block Disguised Third-Party Trackers”
          • Disable “Allow Affiliate & Tracking Links”

Now this blocks most of the unwanted things, I personally would like to go a little further. So I am going to show you what else what else NextDNS can do. You must consider that guests might not want to use your Wi-Fi if you block something that they use. If this is an issue you might face then make sure not to go wild with blocking on your router. This is why I only use extensive blocking of apps on my devices and not on the network itself.

Parental Control

          • Go to “Parental Control”.
          • Scroll down and click on the “ADD A WEBSITE, APP OR GAME”.
          • Add whatever game or website you don’t want to use.
          • Click on the cross.
          • Scroll further down and you find the “Categories” section.
          • Click on the “ADD A CATEGORY” button.
          • Add any unwanted categories and click on the cross.
          • Scroll to the bottom
          • Disable “SafeSearch”
          • Disable “YouTube Restricted Mode”
          • Enable “Block Bypass Methods”

          • Go to the “Settings” tab.
          • Disable “Enable Logs”.
          • Click on the “Clear logs” option.
          • Scroll down and click on the “Bypass Age Verification” option.

Now you are done setting up a more extreme version of your NextDNS, now it is important to note if you use all these things, there might be site not working, say if there is a website that does not work here is the solution.

          • Go to “Allowlist”
          • add a domain so an example would be nullvoided.com without https://

A domain consist of a name dot something. example.com that’s the domain. without https:// or www. (or anything else that might come before the initial name of the page usually).