NextDNS · home network security threats

22 JUNE 2026 · window -24h

At a glance

Why this matters

The security suite (AI threat detection, threat-intel feeds, Google Safe Browsing, cryptojacking, DNS rebinding, IDN homographs, typosquatting, DGA, NRD, parking, CSAM) catches DNS queries that match known-bad indicators. A non-zero count means a device on the home network tried to resolve a domain on a security list — worth investigating which device and which domain to confirm whether the block was protective (great) or a false-positive on legitimate use.

Privacy blocks (ads/trackers/social-media filters) are not counted here — they’re high-volume by design and noise-up the signal.

Security-category breakdown

Category Blocks
AI-Driven Threat Detection 2

Top devices in the window

Device Queries
unidentified (__UNIDENTIFIED__) 56,801
Dan’s MacBook 14” Pro 20,326
Audrey iMac M1 11,765
iPhone 13 Pro 10,403
Apple TV Upstairs 3,148
Lounge TV 2,478
Dan’s M2 33

What to do next

  1. Open the NextDNS log: https://my.nextdns.io/9bb389/logs
  2. Filter to the security category that fired (e.g. Threat Intel Feeds)
  3. For each blocked query, identify: which device, which domain, what was running at the time
  4. Decision: keep block (real threat caught) · allowlist (false positive) · investigate device (malware/compromised app)

Generated by dare_nextdns_audit.py --check security

Source: dare_nextdns_security_2026-06-22.md · Rendered
Built with — component scripts