Using encrypted DNS with a VPN

The answer here shouldn’t be just no, and here is why:

  • One of the reasons not to do it is having to trust two different entities, but I don’t see a problem with trusting NextDNS and Proton VPN. So this should be a choice for a user if they want to trust two different entities.
  • The other concern that I see often is that users can be fingerprinted easier if they use DNS servers that aren’t hosted by their VPN provider. And this actually doesn’t really matter in most cases and here is why:
  1. All of the apps that I use and all of the websites that I visit either already know who I am or are privacy friendly, or both, and if I want to use an app or website that doesn’t know my identity or isn’t privacy friendly, or both, I will use Tor.
  2. There are a lot of other ways to fingerprint users, and if fingerprinting is a concern, then again, users should use Tor.
  • When you use something like NextDNS, you get a lot more control and choice over what to block, and users that know what they’re doing can improve their privacy and security.

Where I think it makes sense to just use VPN provider DNS servers is when you’re using Mullvad Browser because you don’t want to stand out. And in some other cases too, but I don’t think that the answer should be just a straight-up no.