I saw that there was a guide to set up or configure protonVPN + nextDNS for iOS or macOS. I could not find anything for windows. I figured it out so I thought I could help out other people in case they ever have issues as to how to do it. If some part of the guide is not clear, please let me know. Be warned that proton does suggest not to use a private DNS along with VPN. This guide will assume that you already have a custom nextDNS profile set up.

Step 1 - Configure ProtonVPN

1. Now that you decided to use nextDNS with protonVPN, you should know that you would not be able to use netshield which is offered within protonVPN itself.
2. In protonVPN, go to settings
3. Then click on “Connection” tab
4. Turn on “Custom DNS servers”
5. Go to https://my.nextdns.io/
6. Once you log in, you should land on the “setup” tab by default. If not, click on “Setup” tab
7. Under Linked IP, you’ll see 2 DNS servers (as seen in the image)
8. Copy the first one and paste it in “Custom DNS servers” and then click the “+” symbol (image attached for clarification)
9. Copy the second one and paste it in “Custom DNS servers” and then click the “+” symbol
10. Restart protonVPN

7th Step

8th step

Now you should have added nextDNS to protonVPN successfully. Test this by going to https://ip.me and confirm you’re connected to a Proton VPN server. After that go to https://test.nextdns.io and the status should be: ok. Even though it is now added to your protonVPN, you will not have your custom DNS on the VPN. If you go to https://my.nextdns.io/, it might show something like this. If you dont see it, try disconnecting your VPN and reconnecting again.

This is because your new IP would be different to the linked IP in nextDNS. Linked IP on nextDNS can be seen on the setup tab in https://my.nextdns.io/

If you click on the refresh icon, your IP will get updated and you will see that

Step 2 - Updating DDNS (via a DDNS service)

Now you can manually go to the link and click on refresh button every single time you change your IP address by connecting to a different server in protonVPN. Doing that every single time you change your IP might be a tedious and annoying task. For an easy way, you can use a Dynamic DNS service to do this. There is also another way of doing it by setting up a program to run in task scheduler. Please see below for that step.

For using a DDNS service, I would recommend duck DNS but there are lots out there, so feel free to use whatever you feel you are comfortable with. (EDIT: Few people mentioned using YogaDNS in the comments. Since I have not used it, I can’t make a guide on how to configure that but it is worth a mention in case if you are looking for a good DDNS service.) I cant possibly list the steps for every single DDNS out there so you would have to do your research on how to set up and configure that. But once you are done with that, you can go to https://my.nextdns.io/ and in “setup” tab, youll see this

Once you are done configuring your DDNS, you can add it here by clicking on “Configure DDNS”

Once you click on save, it should automatically update your linked IP. Make sure to test it by disconnecting and reconnecting to your VPN and then going to https://my.nextdns.io/ . It should show a green circle on the setup tab implying that everything is configured properly.

Step 2 - Updating DDNS (via powershell and task scheduler)

There is also a way to programmatically update your linked IP. To do this,

1. Open notepad and copy paste this to notepad

# Get the current IP address
$IP = Invoke-RestMethod -Uri "http://ifconfig.me"

# Update NextDNS with the current IP
Invoke-RestMethod -Uri "https://link-ip.nextdns.io/******/****************?ip=$IP" -Method Get

Instead of https://link-ip.nextdns.io/******/**************** , you would have to get your link from https://my.nextdns.io/ . You should be able to see it in the setup tab itself. It should be under “advanced options”

If you click on \“Show advanced options\” you should be able to see it

This is the link you wanna paste in notepad

2. Save the file as “UpdateNextDNS.ps1” and store it anywhere. I stored it in my desktop itself.

3. Open Task Scheduler from the Windows Start menu and then click on “Create task”

4. Name the task to whatever you want it to be(e.g., “NextDNS IP Update”). Optional - Give a description if needed

5. In the same tab, click on “Run whether user is logged on or not” and also check “Run with highest privileges”

6. Go to the next tab which is “Triggers”. Click on “New…”. Click on the tab which says “begin the task” and choose “At startup”. Under Advanced settings in the same tab, check "Repeat task every: " and choose 5 minutes. In the nearby tab"For a duration of: ", choose Indefinitely. Make sure the bottom tab which says “Enabled” is also checked. Click on Ok after that.

7. Go to the next tab “Actions”. Click on “New…”. Click on “Action:” tab and select “start a program”. Under settings field, type “powershell.exe” (without the quotation marks). In the “Add arguments (optional):” field, type -File “path where you placed your poweshell file\UpdateNextDNS.ps1” (with the quotation marks). For example since mine was in desktop, it would be -File “C:\Users\Stanley Mitchell\Desktop\UpdateNextDNS.ps1”. Click on Ok.

8. Go to the next tab “Conditions”. I unchecked “Stop if the computer switches to battery power”. But its a personal preference. If you have a desktop PC, you could uncheck it as well. Other than the options in “Power”, no other check box should be checked. So make sure that options like “Start the task only if the computer is idle for” and “Start only if the following network connection is available” are unchecked.

9. Go to the next tab “Settings”. I have only checked “Allow task to be run on demand” and “Run task as soon as possible after a scheduled start is missed”. See if other options are necessary for you but its just a personal preference as well.

10. After this, you can just click on Ok. If you have password to your computer, youll be asked to enter it but after that you should be done. For now, you can right click on the task you just made and click on “Run”. Once it runs, you can go to https://my.nextdns.io/ and check if it worked. You should see a green circle indicating that everything is setup properly and your custom DNS profile is working on the device you are using right now.

You can give it one last test by going to https://ip.me and confirm that you’re connected to a Proton VPN server. After that go to https://test.nextdns.io and the status should be: ok. As one last test, you can also go to https://dnsleaktest.com/ and it should show your selected VPN exit point & the test should show ONLY “dns.nextdns.io” for Hostname.

Big thanks to u/Nelizea and u/koick for making the guides on iOS. If anybody has any corrections or modifications to this guide, please let me know, I will modify it as soon as I can

I like the task scheduler option, thanks so much for this guide, i was going a bit crazy about how to do it omg

'Eyyy thank you so much! This is a huge help! I posted a couple months back about setting up proton to work with nextdns and got mixed answers. This is a huge help!

Yo thanks for such a detailed guide man! Much needed

Thanks for the guide @ OP. I linked it also in my original thread.

Personally if Windows is needed, I am also using YogaDNS. This is intercepting on DNS requests on the system and then using any DNS server you’d like (NextDNS in this case here).

May be late, but very nice guide!

Liked the task scheduler method, no need to install other software. Only using native app on windows. For some reason my user and pass is getting denied or it’s incorrect, so I changed it to “run whenever user logged on” instead.

Glad I could help out. Let me know if you run into any problems. Ill try my best to resolve it!

Ah I see. I never heard of YogaDNS up until another guy mentioned it here. Ill add it in the guide as well. Thanks for adding it to your guide as well.

I just saw that too. That is also a viable option but in case if somebody does not want to create another account or pay for something or just be concerned about their privacy, they can choose to just use the task scheduler method as well. Thanks for your suggestion though. Any reason why this would be better than duckDNS or other DDNS options out there?

I do have a question for you regarding the DDNS. What’s the purpose of that? Do I really have to reset my nextdns info in proton everytime I connect to a different server or restart my computer?

Why do you need to pay for it or have privacy concerns? It is DNS app, affecting on kernel level. You can configure NextDNS or whatever DNS service you use with it. With free version you can configure one DNS server and two rules, which is enough for DNS plus VPN setup.

This might not be right technically but this is what I understood from configuring these things. So basically, your nextDNS profile gets applied to one specific IP. Usually if you are not using a VPN, you would not have to do use DDNS (which stands for Dynamic Domnain Name System), since you have a static IP. But if you use a VPN, your IP changes everytime you disconnect and reconnect. NextDNS relies on knowing your current IP to apply specific DNS filtering or configurations. So if your IP keeps changing, your custom nextDNS profile does not get applied whenever you disconnect and reconnect your VPN. To resolve this issue, DDNS comes into play. It automatically updates the DNS of a domain name whenever the IP address of the device hosting the domain changes. You wouldnt have to reset your nextDNS info in proton though. The IPv4 does not change everytime you connect to a server or restart your computer. The only thing is you would have to update nextDNS everytime you connect to a different server (since your IP changes when you do that). That is why you need DDNS or you need to use the method with task scheduler as I have mentioned up above. If this is not clear to you, please let me know