Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

I recently spent a bunch of time comparing NextDNS vs PiHole. The reality is their features-sets are pretty close, but I eventually settled on NextDNS and here were some of my takeaways:

  NextDNS Pros:
  * Can use NextDNS on any network (thanks to their apps or just regular DNS-over-HTTP/TLS).
    * (Could get similar functionality on PiHole with a remote hosted PiHole + VPN, but much more complex to setup)
  * NextDNS allows for multiple different configuration setups per account (so you can fine-tune your blocking/filtering differently for different devices).
    * (PiHole AFIK only supports a single configuration)
  * NextDNS IMHO had the superior UI. With more powerful config options.
    * In reality with some extra manual config/coding you could probably get PiHole to do most of what is in the config for NextDNS, but it would take some work.

  PiHole Pros:
  * PiHole is open source.
    * The NextDNS server code is closed-source, but they do have an open-source CLI client.
  * PiHole is self-hosted (much better from a privacy perspective).
    * But you do get all the downsides of being responsible for hosting something as central as a DNS server yourself...


-NextDNS is a product with a free tier. It will always be limited in that sense.

+Pihole is free and open. It is also yours to build,manage,customize as you please.

-NextDNS is also further away, meaning there will be much more latency for all your DNS queries. It is usually best to run your own resolver, or have a local DNS server in your network.

+Pihole sits on a device on your network. You can also enable recursion directly on the pihole by installing Unbound on the same device.


> NextDNS is also further away, meaning there will be much more latency for all your DNS queries. It is usually best to run your own resolver, or have a local DNS server in your network.

But your local PI resolver would likely have to pass on your request to an upstream DNS server if it isn't cached. Although its negligible, this extra hop would add latency. This is assuming the result isn't in the OS or browser DNS cache.


I find that about half of my DNS requests hit the network cache and not upstream, which makes it worth it for me.


Your cache would work the same with NextDNS. I'm not sure to see your point.


yes but in pi-hole case my cache is in my local network, in nextdns case it is far away on the internet


Another PiHole pro is that it can work for every device in your house (if you set it up that way).


You could also setup PiVPN[1] on the same Raspberry Pi running Pi-hole with Wireguard and setup all your mobile devices to automatically connect back home when they're off the home wifi.I've had this setup running for a couple of months now and couldn't be happier with it.

[1]: https://github.com/pivpn/pivpn


I am using pihole and WireGuard. How did you set it up so that you automatically connect back home when you are off your home network?


The WireGuard apps for iOS and OSX have a configuration section titled “On-demand activation” that lets you do this. On the iOS app, I have it set to activate on cellular connection and WiFi connections to routers if the SSID != my home router’s SSID. Likewise on OSX, except for the cellular option.


Awesome, thank you. I am not sure how I missed that previously.


You can also splurge and for under $10/mo set it up on a DigitalOcean (or similar) cheap hosting provider and have it available everywhere. And you can share with friends and family.


The cost in your example is far, far more than $10 USD a month. If you can set this up, your time is absolutely worth something and even if this is your area of expertise, you are now personally responsible for a critical piece of your internet browsing infrastructure.

There are tons of important details to keeping a critical service up and running almost all the time - even if you are competent in this, that is still time every month making sure it's running, secure and functional.

The only reasons in my opinion to DIY a solution would be a) learning, hobby or for fun or b) you have requirements that can't be met another way, like privacy goals.


The thing is that it's not really complicated anymore. It may be my area of expertise, but just following basic step-by-step instructions, it took me about 10 minutes to have a full ad-blocking, Wireguard VPN server on a DigitalOcean droplet by using Algo: https://github.com/trailofbits/algo , including the setup for my phone and iPad.


Algo is a great project and I also use it, but if you’re running it in production and not spending some time each month at least on security analysis and review, your self-assessd expertise may be more of the Dunning-Kruger variety.


I have had one up for around 2 years now and would say I have spent less than 5 minutes maintaining it over that time period. I did spend more than typical time setting it up because I added a custom php page so I could remotely add client ip addresses to the dns iptables whitelist, but I could have just done the basic setup in <20 minutes. It’s solid as a rock. Am I lazy about it? Sure. But I don’t quite consider it critical. It’s just personal use basic internet. And if something were to go wrong, most if not all client configurations have a backup/secondary dns option anyway so as long as that is configured things keep working fine, just with ads.


I've set NextDNS as my default DNS provider at the router level, so it kinda achieve that too.


Do you think PiHole addresses the downsides with their v5 release (now in beta)?




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: