by Shelby Ludtke -

Announcing Twingate's partnership with NextDNS

Announcing Twingate's partnership with NextDNS

NextDNS + Twingate

Twingate is excited to announce our partnership with NextDNS. Earlier this year, we launched Secure DNS, adding an extra layer of protection for end users (and helping CISOs sleep better at night).

We’d made the conscious choice with our architecture to optimize for performance, sending traffic that doesn’t need to be encrypted over the public internet instead. We knew a gap existed with this modern approach - while it’s faster, it left DNS queries hanging out as an easy attack vector. Even the savviest of users could be vulnerable - your traveling CEO, hopping on airport WiFi, could be a target for malware and phishing attacks, cryptojacking, and more.

While the HTTPS protocol has become all but ubiquitous, DNS queries are still very common; because they’re unencrypted, they are easy to intercept and manipulate, thus putting users at risk of many types of attack. With our Secure DNS functionality, admins can specify a DoH resolver of their choice, mitigating risk while maintaining exceptional performance.

Why Did We Choose to Partner with NextDNS?

NextDNS is a modern, independent DNS filtering service founded by Romain Cointepas and Olivier Poitrey of Dailymotion, and backed by organisations like Mozilla. An industry leader, NextDNS’ threat detection is based on AI and simple, intuitive heuristics. Logical questions like “Was this DNS registered within the last 30 days? Is this answer even authentic?” are taken into account. The system is built to catch malicious domains earlier than classic security solutions and blocks over 15,000,000,000 queries a month.

But is it fast?

Sharing Twingate’s vision of clean, intuitive UI and SPEED, NextDNS’ globally distributed infrastructure means a low-latency, high performance experience. Browsing is fast and - because everything is done at the DNS level, not on your device - there is lower impact on memory, battery life, and CPU.

Connecting NextDNS + Twingate

Recall how DNS works with Twingate [] and how easy it is to set up Secure DNS? Twingate operates at the network level on a user’s device; Twingate DoH will encrypt all DNS traffic regardless of the originating application with no configuration changes required other than running the Twingate Client. You can access DoH configuration settings from the Secure DNS page under Settings in the Admin console.

With the toggle of a button, Twingate admins can enable Secure DNS and specify NextDNS as the DoH resolver; no additional app installation or network configuration is required. Profiles that are configured in NextDNS can be selected directly within the Twingate Admin Console.


We know admins like data; Twingate’s aim is to continually improve visibility to help you react and remediate faster. The NextDNS integration allows admins to review real-time logs and analytics. Admins can view traffic associated with specific devices because the integration includes device details in requests back; Twingate will by default send the first name of the user as well as the device model.

NextDNS is also incredibly customizable - unlimited block/allow lists, an option to set or override the DNS response for any domain, and unlimited configurations within your account, each with different settings. Admins can determine the threat model and fine-tune security based on business needs, ensuring your CEO is safe to keep working in the airport lounge and isn’t sending you a frustrated email when he can’t navigate to Salesforce.

For more information on how to configure the NextDNS integration, please refer to our documentation

About Twingate

Twingate provides a secure access platform that replaces VPNs with a modern Zero Trust Network Access (ZTNA) solution that combines enterprise-grade security with a consumer-grade user experience. It can be set up in less than 15 minutes and integrates with all major cloud providers and identity providers. Twingate helps companies move towards a Zero Trust architecture by tying every network event to an identity—user, device, and service—giving businesses modern control and visibility over activity across their entire network. This year Twingate raised $42M in Series B financing led by BOND and existing investors at WndrCo, 8VC, and SignalFire. Read more about CEO Tony Huie’s vision for Twingate in this blog post: Solving the usability problem to unlock Zero Trust adoption.

Want to check out Twingate? Click here for a personalized demo.

Rapidly implement a modern Zero Trust network that is more secure and maintainable than VPNs.

Featured Articles