VPN or private DNS or privacy ISP?

I did search different forums, but could not find sufficient answers to my questions below.

I live in an eyes country in Europe.
I have a privacy respecting ISP (actually true), as far as the law lets them.
Today I have Mullvad together with a private DNS via nextdns.

  1. On Protons website, they claim that a separate DNS provider when you use a VPN is redundant. But I see alot of people here who use it. There should be a clear winner here, but I can’t seem to find an answer to it. Is a separate private DNS redundant when using a VPN ? Or does it just make you stand out more?

  2. I trust my ISP, that they are not snooping, and that they hand out data, when there is legal ground for it. Would you use a VPN anyway, or would you just use a private DNS? The main reason for using a VPN is to hide from your ISP right?

My main reason to use third party DNS is blockists and custom rules to block or allow sites. I am using Control D for that. VPN‘s own DNS server are not good enough to do that.

1 Like

If both the VPN and the DNS are on the same machine, there’s a fair about of redundancy, depending on the setup.

If the DNS is only on the browser, then what’s happening in the browser goes through the DNS, but what’s happening outside the browser goes through the VPN. For example, you’re using a desktop email app instead of using email through your browser. In that case, the email is going through the VPN.

The way to have both layers at the same time is to have one set up on your router, and the other on your machine. But for the majority of people that’s overkill, unless you want to take advantage of the custom blocking with DNS, which can be very good.

I’ve experimented with that before. I keep permanent ‘kill-switch’ VPN in my router, and when I added DNS to my desktop machine it helped to block ads that I otherwise had trouble blocking. These days I only use the router VPN, in order to keep my setup a bit simpler. It’s easy to make things more complicated than they need to be.

Normally, one or the other is enough for most people. But if certain ads (which your browser ad blocker isn’t stopping) are driving you nuts, DNS is good.

1 - The most common reason it is typically not recommended to use a separate DNS provider with your VPN is that you risk exposing your browsing activity through DNS leaks. This can occur when DNS queries are not routed through the VPN’s encrypted tunnel, potentially revealing the websites you visit to your ISP or other third parties.

2 - See the VPN Overview.

2 Likes