NextDNS · home network security threats

27 JUNE 2026 · window -24h

At a glance

Why this matters

The security suite (AI threat detection, threat-intel feeds, Google Safe Browsing, cryptojacking, DNS rebinding, IDN homographs, typosquatting, DGA, NRD, parking, CSAM) catches DNS queries that match known-bad indicators. A non-zero count means a device on the home network tried to resolve a domain on a security list — worth investigating which device and which domain to confirm whether the block was protective (great) or a false-positive on legitimate use.

Privacy blocks (ads/trackers/social-media filters) are not counted here — they’re high-volume by design and noise-up the signal.

Security-category breakdown

Category Blocks
AI-Driven Threat Detection 4

Top devices in the window

Device Queries
unidentified (__UNIDENTIFIED__) 56,102
Audrey iMac M1 15,096
Apple TV Upstairs 14,176
Dan’s MacBook 14” Pro 13,873
iPhone 13 Pro 12,887
Dan’s M2 6,888
Lounge TV 4,543
immich 53
dans-macbook-14–pro 6

What to do next

  1. Open the NextDNS log: https://my.nextdns.io/9bb389/logs
  2. Filter to the security category that fired (e.g. Threat Intel Feeds)
  3. For each blocked query, identify: which device, which domain, what was running at the time
  4. Decision: keep block (real threat caught) · allowlist (false positive) · investigate device (malware/compromised app)

Generated by dare_nextdns_audit.py --check security

Source: dare_nextdns_security_2026-06-27.md · Rendered
Built with — component scripts