I’m not very tech savvy so advance apologies if I get something wrong.

I’ve been trying to get around setting up encrypted DNS on my ANDROID & iOS device and using NextDNS free tier for now.

So on my Android device, I can only use DOT through Private DNS option, and only DOH through NextDNS app. So the problem is, whenever I use DOT, NextDNS connects me to worst server available, which sometimes increases latency, and I get little paranoid as well, because it connects to India, which is not very well know for privacy and correct me if I’m wrong here, has taps into server data as well. That’s not the case with DOH, which chooses best server possible, and connects to countries like Germany or Singapore.

Now it should be no brainer to use DOH here, but the problem is, if I use the app, apparently, it takes up the VPN slot, at least on the Android. I don’t use VPN often, but don’t want to mess things up when I do. So how should I move forward from here? Is the server thing not a big deal? Or is using the app is a good option here?

As for the iOS device, the app is the only option here, thus the DOH protocol, otherwise the internet just straight up stops working. Is it okay for me to use NextDNS app here?

And a general question, I’ve heard that one should prefer DOT over DOH if possible, is that true? That’s in part why I’m confused.


DoH is better if you’re trying to blend in, because it is HTTPS over port 443, like every website you visit. DoT is what was implemented in Android first, and operates on a specific port, which means to network operators it’s very obvious that it is DoT traffic.

There was some plans to have DoH in Android 13, by default but that didn’t happen. It does seem possible via Google Play, for Android 11+ and they are supporting DoH3.

No reason not to if that works, but you just won’t be able to use a VPN at the same time. If you are using a VPN then we suggest using their DNS servers.

No, there’s no such reason to do that. DoT will likely be phased out at some point in preference to DoH3 (which uses QUIC), or DNS over QUIC (DoQ), directly which is without the HTTP transport.

DoH3 will replace DoH, DoQ will replace DoT. DoH3 and DoQ are about as dissimilar as DoH and DoT are though.

Anyways, there are no privacy-related reasons to use DoT, but there are some privacy advantages to DoH.

How do you know it is connecting to India when you are using the native Private DNS option? That sounds like a bug with NextDNS, maybe you should contact their support.

Using the app is the best way to use NextDNS on iOS, because it integrates natively with iOS’ third-party DNS support, instead of using a psuedo-VPN connection.