Massively increase the catch rate for malicious domains — especially in their brutal early hours — by combining human-vetted threat intelligence with advanced heuristics that automatically identify high-risk patterns.
Set up on your device
  1. Download the configuration profile.
  2. Open the Settings app.
  3. Tap Profile Downloaded.
  4. Tap Install in the upper-right corner, then follow the onscreen instructions.
Newly Registered Domains (NRD)
Block domains registered less than 30 days ago. Those domains are known to be favored by threat actors to launch malicious campaigns.
Newly Active Domains (NAD)
Block domains that, after having been dormant for a while, are suddenly becoming active. This behavior is more often than not a sign of malicious activity.
Domain Generation Algorithms (DGA)
Block domains generated by Domain Generation Algorithms (DGAs) seen in various families of malware that can be used as rendezvous points with their command and control servers.
IDN Homographs
Block domains that impersonate other domains by abusing the large character set made available with the arrival of Internationalized Domain Names (IDN) — e.g. replacing the Latin letter "e" with the Cyrillic letter "е".
Block domains registered by malicious actors that target users who incorrectly type a website address into their browser — e.g. instead of
DNS Rebinding
Prevent attackers from taking control of local devices through the Internet by automatically blocking DNS responses containing private IP addresses.
Dynamic DNS (DDNS)
Dynamic DNS (or DDNS) services let malicious actors quickly set up hostnames for free and without any validation or identity verification. While legit DDNS hostnames are rarely accessed in every-day use, their malicious counterparts are heavily used in phishing campaigns — e.g. paypal‑
Prevent the unauthorized use of one's devices to mine cryptocurrency.
Parked Domains
Parked domains are single-page websites often laden with ads and devoid of any value. Parked domain monetization can sometimes get mixed up with suspicious practices and malicious content.
High-risk Top-level Domains (TLD)
Block Top-level Domains (TLDs) known to be favored by threat actors because of their low price, the absence of vetting or the lack of legal recourse.
About is a French non‑profit organization founded in 2022 by Romain Cointepas and Olivier Poitrey — co-founders of NextDNS.