This will not encrypt DNS requests, however you will get the benefits of NextDNS.
On Orbi Access point, add the NOIP host name as a DDNS so it can update the if the ISP WAN address changes. Use the NIPv4 (with Linked IP) option in NextDNS which basically uses your ISP address.Ĭreate a Hostname on for DDNS (Need this because your ISP address may change in the future, mine is the same for years, however you never know with Comcast) #justsayinĬurrent Home Router (IoT, Guests, Devices without Config, Default): It sure would be nice if PIA would create a setting like the desktop to "use existing DNS", then would not need the extra AdGuard app. This combo setup will use the encrypted DNS from NextDNS to your ISP IP ( not your VPN) and your web traffic will flow thru the VPN tunnel. Using PIA with the NextDNS apple config is nothing but conflicts and trouble! That is why need to setup the separate AdGuard Pro for the Encrypted DNS and VPN with IPSEC IKEv2, so two VPN's they can co-exist.
There is not a setting in PIA to use "existing DNS" on the mobile app (yet). On Private Internet Access VPN, set the VPN Protocol Settings to "IPSEC IKEv2". On AdGuard Pro, disable Safari Protection (not needed since you will be using NextDNS config) On AdGuard Pro, setup a custom Encrypted DNS in the DNS Protection settings using the DNS-over-HTTPS address provided in the "mobile" NextDNS config.
Purchase ($9.99) from the app store and install AdGuard Pro app. Mobile Devices (IOS + iPad OS) with no VPN:ĭesktops on Home Network (MacOS) with VPN - Private Internet Access (PIA): . This will use the encrypted DNS from NextDNS and both the DNS and traffic will flow to the VPN IP address.
Hope this helps others, let me know if you have any questions or better ways!ĭesktops on Home Network (MacOS) with no VPN:ĭownload and Install the NextDNS provided apple Config Profile (This gets DNS Encrypted to Internet Provider's IP)ĭesktops on Home Network (MacOS) with VPN - Private Internet Access (PIA):Ĭonfigure the PIA DNS settings to "using existing DNS".
Prior to this was just using Cloudflare 1.1.1.2 on the router only, which is unencrypted DNS and allegedly blocks ads and malware on their servers and does not keep logs. So far, only one false negative on blocking. After tinkering with NextDNS here is my setup.