I’m reading that Little Snitch can enable and force all system and apps’ DNS queries to a DNS service of my choice like NextDNS. Is this true? Is Lulu also capable of this?
I am using it.
Yes. The app has a feature where you can add custom encrypted DNS of choice.
Not sure but this is free so you can test it out yourself easily. I recommend using Little Snitch though. It has a lot of features and functionality. It’s one time paid but worth it for all that it allows you to do.
I don’t have a Mac with me at the moment to test this. That’s why I wanted to ask, as I build out and reconfigure my home office/home lab.
Is it confirmed that LS is capable of forcing all system and apps’ DNS queries through it? This is very important to me. I want to force all system and whatever app I install to use LS and whatever DNS service of my choice.
I’m not against buying Little Snitch. It just sucks that upgrades are always paid for and it’s gotten more expensive over the years.
What are LS’s best features that you think enhance your privacy and security?
Thx!
Yes. That’s my understanding of how it works.
I mean.. that’s literally why they are called upgrades.
All that they list on their website. It’s all there. I don’t have a personal list.
I use Lulu, but I used to use Little Snitch before I switched to Apple Silicon. As for the DNS queries, I installed AdGuard Home on my network and just kept an eye on it using Rustnet. With Rustnet, you can see the queries while they’re happening.
I can’t use AGH if I’m using another network. Are you able to confirm if Lulu can force all system DNS queries to go through it? It would be awesome if possible, then I’ll use it with NextDNS.
On mobile, I just use RethinkDNS, but I’ve been thinking of integrating Tailscale for a while. Can’t confirm about Lulu forcing system DNS queries, but you can jump on the Discord channel where Patrick Wardle is on, and you can ask him all your questions.
Lulu its a firewall its completely free its only firewall there is no “DNS queries to a DNS service of my choice like NextDNS” in lulu. Better stick with lulu don’t waste money on littlesnitch.
Just install protonvpn on macos and combine with lulu and use it even the free version of protonvpn provides you with good speed you can stream 1080p videos easily
Doesn’t Tailscale have privacy concerns?
I also want to force all macOS DNS queries through NextDNS. If Lulu could do that, then that would be awesome as it would save me some money!
TailScale requires you to sign up via another identity provider, with the easiest / most common options being a Google, Apple, or Microsoft account. You can roll your own but it’s pretty involved.
In actual use I’ve seen no reason to think they’re snooping or intercepting web traffic or anything; that being said I do not route all of my traffic through TailScale just to be safe. They offer Mullvad exit nodes which would be convenient but I prefer to just go directly to Mullvad.
why you want to route all your dns queries to next dns? securing dns alone is not going to be enough your public ip is still exposed which is pretty bad when you are on macos even with firewall apple collects tons of telemetry daily firewall can’t block all those telemetry at all underthe hood apple has manything to bypass these
I’m still going to use a VPN.
Apparently, Mullvad recommends against having such DNS set: How to prevent DNS leaks
Not sure if Mullvad specific or just defeating the purpose, so make your own reasearch/judgement based on what you do care about. 
I personally use Mullvad VPN configured to use NextDNS (as well as a NextDNS certificate configured for any non-VPN time). I also use Lulu to control outbound traffic. There’s a few ways to check that Next DNS is always being used, it seems to always work. The only times it hasn’t are when using Firefox with DoH configured in addition to all the above, in that case I believe the initial DNS request for the Next DNS address is sent through another server before NextDNS is then used for the rest of that session. If you just turn off DoH it works perfectly and always sends DNS requests encrypted straight to Next DNS.
Don’t know if any of that is useful but seemed vaguely revelant so wanted to share my experience.
How were you able to confirm that NextDNS was enabled the entire time, especially for system and third-party apps?
Why you are so obsessed with NextDNS when you really want private dns with no logs choose mullvad dns over next dns
NextDNS's free plan is fully functional, but should not be relied upon for security or other critical filtering applications, because after 300,000 DNS queries in a month all filtering, logging, and other account-based functionality are disabled.
I’m still going to use a VPN.
If you are going to use vpn then why do you need NextDNS. As @kissu said when you combine VPN with custom DNS it causes DNS Leaks. This is from mullvad
What can cause a DNS leak
The Mullvad app
The Mullvad VPN app protects you from DNS leaks, unless you enable Use custom DNS server in the Mullvad app settings.
What are DNS leaks?
A DNS server is the first point of contact that your browser makes when you try to access information over the Internet. This is the case for every URL you visit, every file you download, and every image that loads on a website, including ads.
The DNS server therefore knows which pages you are visiting and which resources you are looking at, and as a result, you are constantly leaking information to your DNS server provider about your activity. Our DNS leaks guide has information on how to prevent this.
You can use the Next DNS dashboard and test page for checking a browser, as well as the Mullvad extension (which shows DNS data) in Firefox browsers. For everything else you could enable logs for the period you’re testing and watch things happen in real time. Not sure if there’s a better way to check but I think you’d cover most bases with those.
Why do you think Next DNS isn’t private? By definition if you use Mullvad with custom DNS it will “leak” DNS data to the chosen provider as that is exactly what you’ve chosen to do. However Next DNS also claims to keep no logs and keep your data private and also allows far more granular control than Mullvad, which although great is quite a blunt tool for DNS. With Next you can setup multiple profiles to cover all your devices and family members.
I think there’s a use case for both setups, but I don’t think using Next DNS with Mullvad is negatively affecting my privacy in any meangingful way, whilst at the same time giving much greater control. Just to add this is all assuming a paid plan, I get the argument with the free tier.