Draft:NextDNS

Draft article not currently submitted for review. This is a draft Articles for creation (AfC) submission. It is not currently pending review. While there are no deadlines, abandoned drafts may be deleted after six months. To edit the draft click on the "Edit" tab at the top of the window. To be accepted, a draft should: Show the subject qualifies for a Wikipedia article by using multiple sources that meet four criteria. The sources should be (1) reliable (2) secondary (3) independent of the subject (4) talk about the subject in some depth. For some topics, there are alternative criteria. Be written from a neutral point of view Respect copyright and do not plagiarize. Do not copy-paste. It is strongly discouraged to write about yourself, your business or employer. If you do so, you must declare it. Where to get help If you need help editing or submitting your draft, please ask us a question at the AfC Help Desk or get live help from experienced editors. These venues are only for help with editing and the submission process, not to get reviews. If you need feedback on your draft, or if the review is taking a lot of time, you can try asking for help on the talk page of a relevant WikiProject. Some WikiProjects are more active than others so a speedy reply is not guaranteed. How to improve a draft Wikipedia:Contributing to Wikipedia – a basic overview on how to edit Wikipedia. Help:Wikitext – how to use the markup Help:Referencing for beginners – how to include references Wikipedia:Article development – how to develop your article Wikipedia:Writing better articles – how to improve your article Wikipedia:Verifiability – make sure your article includes reliable third-party sources You can also browse Wikipedia:Featured articles and Wikipedia:Good articles to find examples of Wikipedia's best writing on topics similar to your proposed article. Improving your odds of a speedy review To improve your odds of a faster review, tag your draft with relevant WikiProject tags using the button below. This will let reviewers know a new draft has been submitted in their area of interest. For instance, if you wrote about a female astronomer, you would want to add the Biography, Astronomy, and Women scientists tags. Add tags to your draft Editor resources Find sources: Google (books · news · scholar · free images · WP refs) · FENS · JSTOR · TWL Easy tools: Citation bot (help) | Advanced: Fix bare URLs Last edited by Alpha3031 (talk | contribs) 19 days ago. (Update) Submit the draft for review!

American cloud-based DNS resolver

NextDNS

Developer(s)	Olivier Poitrey, Romain Cointepas
Initial release	May 2019
Repository	github.com/nextdns
Operating system	Multi-platform
Included with	Mozilla Firefox
Type	DNS resolver
Website	www.nextdns.io

NextDNS Inc. is an American cloud-based DNS resolver that offers extensive content filtering and security features, aiming to provide users with control over their internet traffic. Leveraging real-time threat intelligence, NextDNS blocks malware, phishing attempts, and other online dangers, while also enhancing privacy by blocking ads and trackers across websites and apps. Users have the flexibility to customize their filtering rules, enabling them to block specific websites or entire categories of content.^[1]

History

Initial development & launch

NextDNS was founded in May 2019 in Delaware, USA, by French entrepreneurs Olivier Poitrey, who co-founded Dailymotion in 2005, and who currently serves as the Director of Engineering at Netflix, overseeing Open Connect, responsible for 30% of US internet traffic, and Romain Cointepas, who led Dailymotion's mobile and TV department. Together, they established NextDNS.^[2]

Privacy enhancements arrived shortly after in August 2019, with the implementation of a modified version of EDNS0 Client Subnet (ECS).^[3] This modification aimed to bolster user privacy by safeguarding the privacy of DNS queries. November 2019 saw a further focus on user protection as NextDNS added the ability to block trackers utilizing the CNAME cloaking technique.^[4]

Mozilla partnership & growth

In December 2019, NextDNS achieved a notable milestone as Mozilla declared it a Trusted Recursive Resolver (TRR) within the Firefox browser.^[5] This integration came to fruition in February 2020 when NextDNS was officially included as an optional DoH provider in Firefox 73, offering users a choice alongside the default Cloudflare resolver.^[5] In April 2020, NextDNS expanded its focus on user control by introducing log storage options across multiple jurisdictions, including the United States, European Union, and Switzerland.^[6]

Business model transition & feature expansion

In May 2020, NextDNS underwent significant changes, transitioning from a free beta service to a subscription-based model.^[7] Specifically, starting May 5, 2020, NextDNS began charging for its services, requiring a subscription to maintain filtering capabilities after reaching 300,000 queries.^[8] This shift introduced a pricing structure for continued usage beyond a predetermined threshold of filtered queries. Alongside this change, the service implemented new functionality aimed at optimizing DNS efficiency. Users gained the ability to override the minimum TTL to 5 minutes, reducing the frequency of DNS queries for domains with low TTL values.

Features

NextDNS offers a range of features designed to enhance security, privacy, and control over internet usage. It protects users from malware, phishing, and other online threats by blocking malicious domains. NextDNS enhances privacy by blocking ads, trackers, and third-party cookies. It also includes parental controls for content filtering, creating safer online spaces for children. Detailed analytics and logs provide insights into internet usage and blocked threats. Finally, customizable configurations allow users to tailor their protection across different devices and networks.^[6]

Security features

• Threat Intelligence Feeds: Blocks domains associated with malware, phishing, and command-and-control servers by using curated threat intelligence feeds, in real time.^[9]
• COVID-19 Phishing Protection: Provides specific protection against phishing scams themed around COVID-19.
• AI-Driven Threat Detection (Beta): Leverages a proprietary AI engine to block additional threats based on behavioral analysis and extensive training data, in real time.
• Google Safe Browsing: Employs Google's Safe Browsing technology for malware and phishing protection.^[10]
• Cryptojacking Protection: Prevents unauthorized cryptocurrency mining using devices on your network.
• DNS Rebinding Protection: Blocks attacks that attempt to take control of local devices through malicious DNS responses.^[11]
• IDN Homograph Attacks Protection: Protects against domains using characters from other alphabets to mimic legitimate sites.
• Typosquatting Protection: Blocks domains designed to exploit common typos when entering web addresses.
• Domain Generation Algorithms (DGAs) Protection: Blocks domains associated with malware command and control servers often generated through DGAs.
• Block Newly Registered Domains (NRDs): Optionally blocks recently registered domains, which can be favored by malicious actors.
• Block Dynamic DNS Hostnames (Beta): Blocks hostnames associated with Dynamic DNS services that may be used for malicious purposes.
• Block Parked Domains: Blocks domains that primarily display advertisements and lack meaningful content.
• Block Top-Level Domains (TLDs): Provides granular control by allowing the blocking of entire top-level domains.
• Block Child Sexual Abuse Material: Works with Project Arachnid (operated by the Canadian Centre for Child Protection) to block domains known to host CSAM.

Privacy features

• Ad & Tracker Blocking: Blocks ads and trackers across websites and apps.
• Bypass Anti-Adblockers: Helps access content on sites that attempt to detect and block ad-blockers.
• Native Tracking Protection (Beta): Blocks a range of trackers that often work at the operating system level.
• Block Disguised Third-Party Trackers: Identifies and blocks trackers that try to bypass browser privacy protections by pretending to be first-party trackers.

Parental Controls

• Content Filtering: Flexible filtering options to block categories of websites (adult content, gambling, etc.)
• Customizable Deny/Allow Lists: Manually block or allow specific websites.
• Safe Search Enforcement: Ensures safe search results on major search engines.
• Time Restrictions: Schedule internet access limits for specific devices.

Performance features

• Speed Enhancements: Potential browsing speed improvements through content delivery optimization and minimized DNS queries.
• Anonymized EDNS Client Subnet: May speed up content delivery without compromising user privacy.
• Cache Boost: Minimizes DNS queries with enforced TTL (Time to Live).
• CNAME Flattening: Reduces unnecessary network traffic in specific configurations.

Web3 (Beta) integration

• Web3 Support: Provides access to the decentralized web, including blockchain-based domain registries and distributed content storage networks.

Other features

• Analytics: Detailed logs and statistics on internet usage patterns.
• Customization: Multiple configuration profiles, custom block pages, DNS rewrites, and log retention control.
• Compatibility: Supports a wide range of operating systems and devices and can be installed on routers.
• Rewrites: Ability to set or override DNS responses for advanced configuration.

Network infrastructure

NextDNS operates a globally distributed DNS network designed to provide fast query responses and high reliability. This infrastructure uses the following principles: anycast networking in many locations, meaning a single IP address is distributed across multiple servers in different geographic regions, enabling users to connect to the closest available server for reduced latency. In each location, NextDNS utilizes two distinct network providers with separate network paths and data centers. This approach aims to increase resilience, so if one provider's service becomes unavailable, traffic can be rerouted automatically. As a supplementary system, NextDNS offers ultralow latency DNS resolution. This functions similarly to anycast, but with NextDNS's own DNS steering system for routing and rerouting traffic. Ultralow may provide even lower latency than anycast in specific scenarios but requires the use of encrypted protocols like DNS over HTTPS (DoH), DNS over TLS (DoT), or DNS over QUIC (DoQ).^[12]

Similar to NextDNS, major public DNS providers like Cloudflare's 1.1.1.1 and Google Public DNS also leverage anycast networks to optimize DNS query response times for users around the world.^[12]

References

1. "NextDNS: A Powerful and User-Friendly DNS Security Solution". Retrieved 2024-04-10.
2. "Who is behind NextDNS?". NextDNS Help Center. 2020-12-09. Retrieved 2024-04-10.
3. "What is EDNS Client-Subnet (ECS)?". NextDNS Help Center. 2020-12-09. Retrieved 2024-04-10.
4. Poitrey, Olivier (2020-05-28). "How we made DNS both fast and private with ECS". NextDNS. Retrieved 2024-04-10.
5. "Firefox Announces New Partner in Delivering Private and Secure DNS Services to Users | The Mozilla Blog". blog.mozilla.org. Retrieved 2024-04-10.
6. "NextDNS". NextDNS. Retrieved 2024-04-10.
7. "Pricing - NextDNS". nextdns.io. Retrieved 2024-04-10.
8. "What happens after 300k queries?". NextDNS Help Center. 2020-12-09. Retrieved 2024-04-10.
9. "What is a threat intelligence feed?".
10. "Google Safe Browsing". safebrowsing.google.com. Retrieved 2024-04-10.
11. "What is DNS Rebinding Protection?". NextDNS Help Center. 2020-12-09. Retrieved 2024-04-10.
12. "What is Anycast and Ultralow?". NextDNS Help Center. 2020-12-09. Retrieved 2024-04-10.

This page will be placed in the following categories if it is moved to the article namespace.

Categories:

• DNS software
• DNS server software for Linux
• Alternative Internet DNS services
• IP addresses
• Internet properties established in 2019
• Internet privacy
• Internet privacy software
• Domain Name System
• Content-control software
• Ad blocking software
• Privacy software
• Advertising-free media
• Firewall software
• Online advertising