Private DNS or default in DNS server over VPN?

To take good advantage of DNS filtering users would have to disable features like Proton’s Netshield or custom DNS in Mullvad. This would allow to use configured private DNS. F.x. when using Rethink DNS, Controld, or NextDNS this could give a more of what is being blocked. I often find that usinig the DNS filtering of the VPN providers is rather limitted.

I wonder what your thoughts are on this.

I definitely agree. Until Proton VPN comes up (sometime this year) with an update to their NetShield feature providing stats and more control, I’ll still use a combination of NextDNS + ProtonVPN.

Maybe they will someday implement custom encrypted DNS into their clients, that would be great to. One or the other.

  • Android: ProtonVPN (NetShield enabled) + NextDNS in Private DNS (NetShield is overriden)
  • iOS: ProtonVPN (NetShield enabled) + NextDNS in a Configuration Profile (Configuration Profile is overriden by VPN but will be used when you disable the VPN)
  • Windows 10: ProtonVPN (NetShield enabled) + NextDNS DoH in my browsers (since NextDNS Windows client can’t connect under ProtonVPN)
  • macOS: ProtonVPN (NetShield enabled) + NextDNS DoH in my browsers (since Configuration Profile is overriden by VPN. But I guess you can also set the Configuration Profile to be used device-wide when you disable the VPN)

didn’t yet tested Windows 11.


I see this as an underdiscussed issue, so Proton’s Netshield even blocks webpages you open from twitter because it redirects from link, so It is all or nothing, and there are many false positives.

It makes you more fingerprintable, tbh, it might be the last thing I am concerned on my iphone since everything outside safari has no blocking.

As far as I understands, you cannot use any dns over vpn on ios unless you change it from wifi settings. The only remaining option is to use configuration files stripped from DNS in wireguard. But, I have not tried it yet. I wish Proton will give more granular control over DNS in the future.