VPN & DNS Guides

Both DNS and VPN is hugely important and as we make our choice we need to be informed otherwise the VPN will be spying. There are only three VPN services we can endorse, those are Mullvad, iVPN for devices and Proton for routers. The reason for Protons demotion if you can call it that, is that it’s the easiest to use on the network.

NextDNS is a powerful service that enhances online security and privacy by acting as a guardian for our network. It offers key features such as ad blocking to eliminate intrusive ads, tracker blocking to protect personal data, and malware protection against harmful websites. With NextDNS, we can significantly improve our browsing experience.

Account Setup

By creating an account, you can block top domains known for malicious activity, adding an extra layer of protection. You can also disable native trackers, making it an excellent choice

Before we start go ahead and make an account if you want to follow along. Otherwise proceed to the add DNS section if you do not want an account.

Create An Account.

Security Settings

  1. When you are logged in, click on the “Security” tab at the top.
  2. Enable “Threat Intelligence Feeds.”
  3. Disable “AI-Driven Threat Detection” since it’s a beta.
  4. Disable “Google Safe Browsing.”
  5. Enable “Cryptojacking Protection” if you use crypto.
  6. Enable “DNS Rebinding Protection.”
  7. Enable “IDN Homograph Attacks Protection.”
  8. Enable “Typesquatting Protection.”
  9. Enable “Domain Generation Algorithms (DGAs) Protection.”
  10. Enable “Block Newly Registered Domains (NRDs).”
  11. Enable “Block Dynamic DNS Hostnames.”
  12. Enable “Block Parked Domains.”
  13. Under “Block Top-Level Domains (TLDs),” click on the “ADD A TLD” option.
  14. Add all the “Spamhaus Most Abused TLDs.”
  15. Add any domains you wouldn’t want to visit.
  16. I personally disabled all TLDs that are not written in Latin; this is a preference. If you are in Saudi Arabia, disabling Arabic domains may not be advisable.

DNS & Privacy Settings

Now if you go to the “Privacy” category, we can start blocking DNS queries:

  1. Click on the “ADD A BLOCKLIST” option.
  2. Click on the search bar and write “hagezi.”
  3. Click on the “ADD” button next to “HaGeZi – Multi Ultimate.”
  4. Click on the search bar and write “xtra.”
  5. Click on the “ADD” button next to “1Hosts (Xtra).”
  6. I personally also add “No Google” and “No Facebook” (this is optional).
  7. Scroll down to “Native Tracking Protection.”
  8. Click on the “ADD” button.
  9. I personally enable all options and have no issues on any machine.
  10. Click on the cross and scroll down to the bottom.
  11. Enable “Block Disguised Third-Party Trackers.”
  12. Disable “Allow Affiliate & Tracking Links.”

This setup blocks most unwanted elements. However, consider that guests may not want to use your Wi-Fi if you block something they use. If this is a concern, avoid extensive blocking on your router. I only apply comprehensive blocking of apps on my devices, not on the network itself.

DNS & Parental Control

  1. Go to “Parental Control.”
  2. Scroll down and click on the “ADD A WEBSITE, APP OR GAME.”
  3. Add any game or website you don’t want to use.
  4. Click on the cross.
  5. Scroll further down to find the “Categories” section.
  6. Click on the “ADD A CATEGORY” button.
  7. Add any unwanted categories and click on the cross.
  8. Scroll to the bottom.
  9. Disable “SafeSearch.”
  10. Disable “YouTube Restricted Mode.”
  11. Enable “Block Bypass Methods.”

Logs & Tweaks

  1. Go to the “Settings” tab.
  2. Disable “Enable Logs.”
  3. Click on the “Clear logs” option.
  4. Scroll down and click on the “Bypass Age Verification” option.

Now you are done setting up a more extreme version of NextDNS. It’s important to note that using all these settings may lead to some sites not working. If you encounter a website that doesn’t work, here is the solution:

  1. Go to “Allowlist.”
  2. Add a domain (nullvoided.com) without https://.

A domain consists of a name, dot, and something (example.com), without https:// or www. (or anything else that might come before the initial name of the page).

Here are some ways for us to set up our DNS effectively. First and foremost, we need to remember that if it blocks anything we are currently using, we will have to allow those domains to go through. As a result, we should remain calm and approach the situation logically.

Therefore, we recommend allowing the domain that gets blocked first before starting to troubleshoot or consider a reinstall. In addition, we can check the settings to see if any specific filters are causing issues. By doing this, we can narrow down the problem without unnecessary complications.

Furthermore, if blocking persists, we should take the time to review each setting carefully, as misconfigurations are often common reasons for the issues. Consequently, if we identify a particular misconfiguration or filter causing the issue, we can adjust it accordingly.

Get It Here

GrapheneOS

To manage your account on GrapheneOS, follow these steps:

  1. Open System Settings.
  2. Select Network & internet.
  3. Tap on Private DNS.
  4. Click on Private DNS provider hostname.
  5. Go to NextDNS and find your hostname under setup that look like a web address
  6. Enter your hostname in the field provided.
  7. Press Save.

Raspberry Pi OS

On the latest version of Raspberry Pi OS, the setup is as follows:

  1. Click on the Wi-Fi icon in your taskbar.
  2. Hover over Advanced Options.
  3. Click on Edit Connections….
  4. Select the network where you want to add to.
  5. Click the settings icon at the bottom.
  6. Navigate to IPv4 Settings.
  7. Enter your NextDNS that look like a web address
  8. Click Save.

Brave Browser

To configure it in the Brave Browser on desktop:

  1. Open Brave and click on the three lines in the upper right corner.
  2. Go to Settings.
  3. Click on Privacy and security.
  4. Select Security.
  5. Enable Use Secure DNS.
  6. In the text bar, enter your NextDNS address that look like a web address

Firefox

To configure it in the Firefox on desktop:

  1. Open Firefox and click on the three lines in the upper right corner.
  2. Go to Settings.
  3. Click on Privacy & Security.
  4. Scroll down to “Enable DNS over HTTPS using.”
  5. Enable “Max Protection.”
  6. Under “Choose provider”, In the text bar, enter your NextDNS address that look like a web address.

Vanadium Browser

After setting it up on your phone using GrapheneOS, you can configure it in Vanadium:

  1. Open Vanadium.
  2. Go to Settings.
  3. Click on Privacy and security.
  4. Scroll to the bottom and select Use secure DNS.
  5. Click on Choose another provider.
  6. In the text bar, enter your address that look like a web address

Chromium

To configure it in the Chromium on desktop:

  1. Open Chromium and click on the three dots in the upper right corner.
  2. Go to Settings.
  3. Click on Privacy and security.
  4. Click on “Security.”
  5. Enable “Use secure DNS.”
  6. Click the drop down menu “Add custom DNS service provider”, In the text bar, enter your NextDNS address that look like a web address

Here’s the revised version with transition words after each period. I added six transition words:

Mullvad VPN is a top-tier choice for users prioritizing privacy and security. Moreover, with a strict no-logs policy, it ensures that your online activities remain completely anonymous. Additionally, Mullvad enhances user privacy by allowing payments in cash, cryptocurrency, and anonymous gift cards.

The service features open-source apps that employ robust encryption protocols like WireGuard and OpenVPN. Furthermore, Mullvad also offers unique features such as an integrated kill switch, which protects your data if the VPN connection drops.

In addition, Mullvad provides DNS leak protection and allows users to manually assign their own DNS servers. Consequently, its straightforward interface makes it easy to navigate, and it includes the option for port forwarding for advanced users. Ultimately, in a digital landscape ridden with security concerns, Mullvad VPN stands as a reliable option for secure and private browsing.

Download Mullvad

Mullvad VPN

When the Swedish police raided the Mullvad VPN office, they found no user data, highlighting the effectiveness of Mullvad’s strong zero-knowledge policies. Consequently, this is not a setback; rather, it reinforces our belief that shortcuts rarely lead to meaningful results. Furthermore, law enforcement should concentrate on genuine investigative work instead of attempting to extract data from innocent individuals alongside potential criminals. Moreover, it often appears that traditional policing methods are more effective than mass surveillance, which has yet to demonstrate any tangible benefits. Ultimately, this situation underscores the importance of protecting user privacy.

Settings

  • On Mullvad VPN, open the settings by clicking the settings icon.
  • Click on “DAITA.”
  • Enable it.
  • Enable “Direct Only.”
  • Go back.
  • Click on “Multihop.”
  • Enable it.
  • Go back.
  • Go to “VPN settings.”
  • Enable “Kill switch.”
  • Enable “Lockdown Mode” (Optional – explained later).
  • Add a custom DNS if you want.

That’s it! Now, we have the settings that make the most sense. However, we do not have Lockdown Mode on our computer, as it completely messed up our connection sometimes (and not in the correct way). As a result, we couldn’t reconnect to our Wi-Fi, and it just didn’t work right. We could test it if we want, but I would recommend it only if we can get it to work correctly ourselves.

iVPN is an excellent choice for privacy-conscious users, offering a strict no-logs policy that ensures your online activities remain anonymous. Moreover, it supports payments via cash, Monero, and Bitcoin, reinforcing its commitment to user privacy. Additionally, with open-source apps across all platforms, iVPN employs robust encryption protocols like WireGuard and OpenVPN. Furthermore, the AntiTracker feature blocks ads and malicious websites, while Multi-hop VPN routes enhance privacy by routing connections through multiple servers. In addition, iVPN offers firewall protection, customizable DNS servers, and the ability to define trusted Wi-Fi networks. Ultimately, in a digital landscape ridden with privacy threats, iVPN serves as a reliable fortress for secure browsing.

Download iVPN

iVPN

First, we need to get the application from F-Droid, as it is available for installation without any added repositories. Next, once the installation is complete, we can press “Open.”

Upon the first launch, we will need to connect to the VPN, which will prompt us for notification access. Consequently, we prefer to keep any VPN notifications, as they reassure us that we are connected. To start, we press the Connect button, which brings up the login screen. On the right side of the Account ID screen is a QR code. Therefore, we can scan the code from iVPN or enter the Account ID we received upon purchase. Finally, after logging in, we connect to the VPN and press “Okay” on the pop-up.

Settings

What you will see in the upper right corner is a clock wheel; click it.

  • Enable “Multi-hop connection.”
  • Pick 2 locations of your choice (preferably from different countries).
  • Add a custom DNS (optional).
  • Enable “IPv6 for WireGuard VPN.”
  • Click “Always-on VPN,” then “GO TO SETTINGS.”
  • Then click the clock wheel again.
  • Enable “Always-on VPN” and “Block connections without VPN.”
  • Go back to the iVPN app settings.
  • Now go to “AntiTracker” and enable it at the top.
  • Under “Block list,” click on “CHANGE LIST” below it.
  • Set it to “Restrictive” or “Comprehensive.”
  • Go back and enable “Hardcore mode” if you don’t want Facebook and Google (optional).

That’s how easy it is to set up iVPN, and for a VPN that is this simple to configure, it’s well worth it.

Privacy & Security For All!