NextDNS Root CA

Remove the HTTPS warning when loading the block page by installing and trusting our root CA at

Read instructions on how to do this here.

New Feature: Cache Boost

Minimize DNS queries by enforcing a minimum TTL (Time to live).

Some DNS answers are set with very low TTL to force DNS recursive resolvers like us to refresh them very often. Low TTLs also force end-clients (your devices) to perform new DNS requests on almost every use.

When Cache Boost is enabled, a minimum TTL of 300 (5 minutes) is enforced on DNS answers before they are sent to your devices. Our servers will still refresh those entries at the requested frequency, but it won’t force your devices to perform more queries than necessary. This is especially interesting on mobile devices with high latency to DNS and limited battery life.

💡 Available in Settings under Performance on

New Feature: Native Tracking Protection

Block wide spectrum trackers—often operating at the operating system level—that track your activity on a device. This could include all the websites you visit, everything you type or your location at all times.

💡Available in the Privacy section on

New Location: 🇨🇦 Montreal, Canada

New Location: 🇨🇿 Prague, Czech Republic

New Location: 🇵🇱 Warsaw, Poland

New Location: 🇸🇪 Stockholm, Sweden

New Location: 🇦🇹 Vienna, Austria

New Location: 🇧🇪 Brussels, Belgium

New Feature: NextDNS CLI Cache

The NextDNS CLI client for routers and UNIXs gained the ability to cache DNS responses. The cache will automatically refresh itself when a change like a whitelist is applied to the configuration(s) associated with the CLI.

When cache is enabled at the router level, we recommend setting the new max-ttl setting to a low value like 5s, so the DNS cache of the LAN clients won't need to be manually flushed to get whitelist updates.

To upgrade, run the install script again and select "Upgrade" in the menu.