Latency isn't the important measurement — it's the actual time to resolve. This will be significantly longer than the ping latency.
Unbound, recommended for use with Pi-hole, can be configured to log this by enabling "log-replies" in unbound.conf⁽¹⁾ where the time to resolve will be logged in seconds.
my biggest gripe with NextDNS is not having an ability to add custom blocklists. I'd gladly pay for it even if there was a paid tier with this feature.
I'm aware of adding domains one by one, but I want to add some lists like Hagezi Threat Intelligence Feed which is not available in the blocklists, and these blocklists have >500k ___domain list.
I'm currently using Blocky as my DNS resolver. It works fine and is super fast because of the fine control over caching, but I'm disappointed with its memory footprint. 400MB for a total blocklist of 1.3M domains
I'm currently seeing 12ms latency to my upstream NextDNS server. On my home network I "proxy" it with a forwarding/caching DNS server on my router, so for "the usual suspects", latency is not an issue.
On the go, over 5G, those 12ms won't make much of a difference.
Considering that people deploy PiHole on Raspberry Pi W models, over wifi, you won't lose much running NextDNS, but you gain dns blacklisting on all networks, as opposed to just your home network (or via VPN)
I'm not sure how that could be. Even if it's your first ever request to the host, the latency is a one time thing and then it's cached. Even an extra 100ms for DNS latency is going to be unnoticeable compared to an empty browser cache and having to download a bunch of images
welp. for every single ___domain you interact with, you gotta do a dns lookup. visit a modern website like yahoo, cnn, wapo, whatever and that will be like 100 dns requests. your device hits your router, if it has no answer, it recursively goes up the line getting an answer. do that 100 times. that is just for resolution. you still gotta actually hit that endpoint and get whatever it is you are trying to get.
so if your dns is slow, there is a tremendous amount of latency added to virtually everything that you do. just because you can hit nextdns in 12ms does not mean the e2e duration for a single dns-then-fetch is going to be in the realm of 12ms. if nextdns doesn't have the answer it needs to go find it.
I use my local router as a DNS cache/proxy for this exact reason, though i doubt 12ms (or 24ms) will mean much in the grand scheme of things compared to downloading a 25MB webpage which is mostly tracking code and ads.
Yes, if we were in the "good old days" of slim websites, 12ms may be noticable, but today, with webpages taking up lots and lots of storage that is served with every connetion, i seriously doubt you'll notice.
Besides that, every browser and modern operating system will cache DNS records for whatever the TTL from the upstream DNS is set to.
This actually seems rather nice. Not the same as PiHole but I can see its upsides.
One upside I like about PiHole is that I can set it up to distribute the DNS to all my devices. This seems like I have to manually configure each device?
ATT doesn't let you set the IPv6 DNS, so I either have to disable IPv6 on the network or setup PiHole to pass IPv6 and the DNS I want to the device.
> This seems like I have to manually configure each device?
You don't have to (and I assume most users don't), but you can if you want per-device reporting. You just set your router's DHCP server to hand out NextDNS's DNS servers.
I had Adguard running on a Pi 2 I think and it died. Couldn’t access my network remotely. Learned my lesson and switched to NextDNS on a bit more solid device.
Right! When my Pi died, my network didn't look for a backup DNS, so everything became inaccessible. It was weird - probably the classic SD card issue. With NextDNS, while I do use DNS over TLS, if my Synology fails, it just kicks back to regular NextDNS ___domain name servers.
NextDNS has not updated its client applications on multiple platforms (iOS/iPadOS/macOS) for several years. Those client applications did have the ability to stop the blocking (or not), but now it's just a toggle that does nothing.
Most of the time when I visit test.nextdns.io it shows as "unconfigured" even though the NextDNS client is installed and configured with a NextDNS profile (and approved in Settings as a VPN provider on these OSes). Sometimes it will work on its own.
I wouldn't recommend NextDNS unless the user is comfortable installing a (somewhat) permanent Profile on these devices with no temporary "off" switch to stop blocking. For me it's important to stop the blocking once in a while.
At least on macOS, there's Little Snitch (paid application), which can subscribe to the same blocklists used by ad blockers and has a working toggle.
They do let you switch it off, it's just a bit buggy sometimes (like having to toggle twice), I know because I use it all the time. https://i.imgur.com/YpSkS93.png
FWIW, in my years of using NextDNS I think I've needed to do this only twice. On Macs, the menubar app lets you enable/disable NextDNS. The average HN reader can probably automate switching to a non-blocking profile for a given length of time. https://community.home-assistant.io/t/nextdns-integration-te...
