Introduction Link to heading

In today’s digital world, privacy and security are paramount. Tailscale and NextDNS are two powerful tools that can help you protect your online data and improve your browsing experience.

This guide will walk you through setting up Tailscale and NextDNS on AWS, and show you how to use Tailscale as an adblocker and VPN.

Prerequisites Link to heading

  • Brain and Common Sense
  • AWS account
  • Amazon EC2 instance
  • Tailscale account
  • NextDNS account

Benefits Link to heading

  • Enhanced privacy and security
  • Ad-free browsing
  • Malware protection
  • Secure remote access to your home network

Target Audience Link to heading

This guide is for anyone seeking to set up Tailscale and NextDNS on AWS or utilize Tailscale as an adblocker or VPN.

A - Create a NextDNS Account Link to heading

  1. Head to NextDNS Website

Image description

  1. Open an account (Do I need to say this? :p)

  2. Head to my.nextdns.io. This is how the main page is supposed to look.

Image description

B - Create a TailScale Account Link to heading

  1. Head over to Tailscale Website

Image description

  1. Login with Google (best :0)! This is how the Admin Console looks here (while writing the guide)!

Image description

  1. This is the welcome page. It is waiting for your first device!

Image description Click on Skip this introduction ->. This will open the Machines section. All your connected devices will appear here!

C - Connecting NextDNS to Tailscale Link to heading

  1. Remember the NextDNS Profile created in Step A? Well, head over to my.nextdns.io and note the ID under Endpoints section. It is d3f9dd in my case. (It is showing ‘using another profile’ because I am already conected while writing the guide. It will show you ‘Not Connected’ alongwith a Red Dot)

Image description

  1. Get back to Tailscale tab! Head over to DNS section

Image description

  1. Right there in DNS section, scroll down and see Nameservers subsection. Now look for Add Nameservers dropdown menu (locatable under Global Nameservers). Click on it, from the dropdown select NextDNS.

Image description

  1. It will ask for NextDNS Endpoint, which is the NextDNS ID you just copied in Step 1! Click on

Image description

Save!

  1. Turn on Override Local DNS (sitting right to Global Nameservers)

Image description

VOILA!! You have successfully connected NextDNS to Tailscale! What does it means? You can just download Tailscale on your devices and sign-in with the Tailscale account.

D - Connecting your device(s) to Tailscale Link to heading

Tailscale has a very intuitive guide on setting up your device. Follow that guide to set-up Tailscale on your device.

Once you have done setting up your device, verify the connection.

1. Verify NextDNS working or not Link to heading

On the same device where you have set up Tailscale, login to your NextDNS account . A succesful deployment will look like this.

Image description

2. Verify using NextDNS Test Page Link to heading

Head over to NextDNS Test. You will see a response page which gives the status of your connection alongwith other important information.

Image description

E - Setting up NextDNS as an Adblocker Link to heading

THE REAL FUN BEGINS!! Our first target and priority is to setup an Adblocker. The VPN accomplishes our priority in an easier way by setting up a local home server where we have all our devices interconnected (peer) and we can easily hide our identity and protect ourselves in public networks with some more steps (will be covered in following steps)

I am providing a Github Repo which details on setting up NextDNS for an ad-free and hassle-free experience. Link to the repo - https://github.com/yokoffing/NextDNS-Config/blob/main/README.md (small suggestion - Turn on AI-Driven Threat Detection)

- Verify whether AdBlocker is working or not. Link to heading

Head over to https://d3ward.github.io/toolz/adblock.html and check the score.

Image description

I have a score around 93% which is really impressive!

- Free? Or Paid?? Link to heading

No Good things are free in this world!

Whoever said this (or I made this up :p) is true. NextDNS is free only for 300K requests per month! Sounds like a big number? Well it took me only 2 and a half days to reach this limit. :(

F - Setting up tailscale on Cloud Computer Link to heading

Note
You are free to choose the Cloud Provider

We will be using AWS for setting up a Cloud Computer. Setup EC2 instance (Free Tier is enough). Select Ubuntu LTS 22.04 as OS since it is easier for newbies. Once you have successfully created an instance, run these commands.

  • Install Tailscale by running the folowing script
 curl -fsSL https://tailscale.com/install.sh | sh
  • Turn on IPv4 forwarding
echo 'net.ipv4.ip_forward = 1' | sudo tee -a /etc/sysctl.conf
  • Turn on IPv6 forwarding
echo 'net.ipv6.conf.all.forwarding = 1' | sudo tee -a /etc/sysctl.conf
  • Re-execute the sysctl conf file
sudo sysctl -p /etc/sysctl.conf
  • Login to Tailscale account
sudo tailscale up --advertise-exit-node

  • This will print an URL which you can copy and paste it on browser window which will login your cloud instance with your tailscale account.

  • Edit Route Settings for your Cloud Instance on Tailscale. Head over to Tailscale Dashboard and adjust the route by clicking on Edit Route Settings for your recently created Cloud Machine. ( My Cloud Instance is renamed to ‘aws’. For you it will be different, something like ‘ubuntu-s-xxxxxx’ )

Image description

Turn on Exit Node as per the screenshot.

Image description

  • On your different device(s), use this Cloud as Exit Node and route all your traffic through this cloud machine. Your location will be decided as per the location of your Cloud Instance. This is how it looks here -

Image description

G - Verify whether the VPN with Exit Node is working or not Link to heading

I have my Exit Node set to AWS which has the following IP 100[dot]106[dot]64[dot]134

Image description

and my current device is archlinux which has the following IP 100[dot]123[dot]75[dot]2

Image description

Now if I check the response page at NextDNS Test, I can see the devicename is set to aws and the deviceIP is set to 100.106.64.134 regardless of my device’s IP is 100.123.75.2. This signifies that the Internet actually thinks my device is aws and not archlinux. Thus we have set our VPN successfully.

H - Privacy — Do You Speak It??? Link to heading

Do follow these steps to align with more privacy when online.

  • Switch the log Storage location to Switzerland in NextDNS
  • Set Quad9 as the default DNS on your Cloud Computer

Recap Link to heading

I wrote this guide, making it easier to write and understand. If you feel any problem or if you are here to suggest an improvement, feel free to contact me.