NextDNS · home network security threats
22 JUNE 2026 · window -24h
At a glance
- ⚠ YELLOW — 2 security-category blocks in the last 24h
- Threshold: 0 green · 1-4 amber · 5+ red
- Source: NextDNS Analytics API · profile PA
Why this matters
The security suite (AI threat detection, threat-intel feeds, Google Safe Browsing, cryptojacking, DNS rebinding, IDN homographs, typosquatting, DGA, NRD, parking, CSAM) catches DNS queries that match known-bad indicators. A non-zero count means a device on the home network tried to resolve a domain on a security list — worth investigating which device and which domain to confirm whether the block was protective (great) or a false-positive on legitimate use.
Privacy blocks (ads/trackers/social-media filters) are not counted here — they’re high-volume by design and noise-up the signal.
Security-category breakdown
| Category | Blocks |
|---|---|
| AI-Driven Threat Detection | 2 |
Top devices in the window
| Device | Queries |
|---|---|
unidentified (__UNIDENTIFIED__) |
56,801 |
| Dan’s MacBook 14” Pro | 20,326 |
| Audrey iMac M1 | 11,765 |
| iPhone 13 Pro | 10,403 |
| Apple TV Upstairs | 3,148 |
| Lounge TV | 2,478 |
| Dan’s M2 | 33 |
What to do next
- Open the NextDNS log: https://my.nextdns.io/9bb389/logs
- Filter to the security category that fired (e.g. Threat Intel Feeds)
- For each blocked query, identify: which device, which domain, what was running at the time
- Decision: keep block (real threat caught) · allowlist (false positive) · investigate device (malware/compromised app)
Generated by dare_nextdns_audit.py --check security
Source:
dare_nextdns_security_2026-06-22.md · Rendered Built with — component scripts
seo_render_html.py— wraps the source.mdin the dash.gf.cx design language (+anchor_enricher.pyfor inline-link promotion & rollover thumbnails)dare_dev_reports_publish.py— bundles the day’s reports into the catalog and ships to dash.gf.cx/reports