NextDNS · home network security threats

6 JULY 2026 · window -24h

At a glance

Why this matters

The security suite (AI threat detection, threat-intel feeds, Google Safe Browsing, cryptojacking, DNS rebinding, IDN homographs, typosquatting, DGA, NRD, parking, CSAM) catches DNS queries that match known-bad indicators. A non-zero count means a device on the home network tried to resolve a domain on a security list — worth investigating which device and which domain to confirm whether the block was protective (great) or a false-positive on legitimate use.

Privacy blocks (ads/trackers/social-media filters) are not counted here — they’re high-volume by design and noise-up the signal.

Security-category breakdown

Category Blocks
AI-Driven Threat Detection 11

Top devices in the window

Device Queries
unidentified (__UNIDENTIFIED__) 42,268
Dan’s M2 20,946
iphone-13-pro-max 12,063
Lounge TV 6,758
Audrey iMac M1 5,913
Apple TV Upstairs 3,250
Dan’s MacBook 14” Pro 518
iPhone 13 Pro 353

What to do next

  1. Open the NextDNS log: https://my.nextdns.io/9bb389/logs
  2. Filter to the security category that fired (e.g. Threat Intel Feeds)
  3. For each blocked query, identify: which device, which domain, what was running at the time
  4. Decision: keep block (real threat caught) · allowlist (false positive) · investigate device (malware/compromised app)

Generated by dare_nextdns_audit.py --check security

Source: dare_nextdns_security_2026-07-06.md · Rendered
Built with — component scripts