There are a few mostly positive comments here about NextDNS but I'll start a new comment since I'm thinking about switching away from NextDNS. Why? I'm on a Mac / Safari now and would like to enable their "Hide IP address from trackers" feature but if I do, then I start seeing advertisements on websites that would normally be blocked by NextDNS. So I have to uncheck this option and can't use Apple's feature. Overall, I guess the two can't be used together, per an issue reported on the NextDNS Help site:
Are you referring to iCloud Private Relay? If so that's expected behavior for with any DNS based ad blocker. Turning on the relay proxies your connection and your local network's DNS server will not be used. Doesn't matter if it's PiHole, NextDNS, or AdGaurd.
It does with encrypted DNS (I think - still mid setup). If you use a configuration profile [0] to explicitly set a DNS over HTTPS or DNS over TLS server this is still honoured within private relay.
IMO vanilla private relay is much neater and simpler if privacy is your goal. It uses Oblivious DNS over HTTPS [1] which is pretty neat.
To trade some of that privacy to reduce ads setting up encrypted DNS restores filtering control. This does mean you then need to funnel those queries somewhere likely less oblivious though. Current setup I'm playing with in the homelab uses Adguard Home for filtering. This then forwards to a local Unbound instance acting as a recursive resolver with strict DNSSEC [2] and QNAME minimisation [3]. End result is the DNS traffic is still open, but does not all go to any one single entity (apart from my ISP, which can see TLS SNI anyway).
You're using one product that blocks ads and trackers, but then bypassing that with another product that deliberately provides access to ads and trackers, but via a third party.
I subscribed + configured my router to use NextDNS years ago so ads + trackers are blocked on my IoT devices. More recently, I inherited a MacBook and now an iPhone and naturally enabled their built-in blocking capabilities. I think I assumed two blockers are better than one but now I just leave Apple's IP limiting features off and let NextDNS do its thing but it just feels weird to deliberately turn off a privacy feature.
This is not two ad blockers. One is an ad blocker the other is a tracking blocker. They conflict simply.
If you want both across all apps (not just the Browser) you need a VPN service with included as locking, such as protonVPN, IVPN, Etc. There are a lot.
Yes, they are a DNS ad blocker. iCloud private relay is a tracking blocker, to hide your IP. Both are not compatible in general, unless the "IP tracking blocker" explicitly allows to configure nextDNS as a DNS server, which is not the case of private relay.
I guess nextDNS should list exceptions like private relay, but the list is long and it's confusing. For all intend and purposes I agree with the statement, they block ads on most devices.
They also have help articles specifically for VONs:
https://help.nextdns.io/t/q6yq4xy/nextdns-stops-working-prop...
Does anyone by chance know if this is a known issue with AdGuard or even Pi-hole?