NextDNS · home network security threats

7 JULY 2026 · window -24h

At a glance

Why this matters

The security suite (AI threat detection, threat-intel feeds, Google Safe Browsing, cryptojacking, DNS rebinding, IDN homographs, typosquatting, DGA, NRD, parking, CSAM) catches DNS queries that match known-bad indicators. A non-zero count means a device on the home network tried to resolve a domain on a security list — worth investigating which device and which domain to confirm whether the block was protective (great) or a false-positive on legitimate use.

Privacy blocks (ads/trackers/social-media filters) are not counted here — they’re high-volume by design and noise-up the signal.

Security-category breakdown

Category Blocks
AI-Driven Threat Detection 8

Top devices in the window

Device Queries
unidentified (__UNIDENTIFIED__) 38,614
Dan’s M2 17,933
iphone-13-pro-max 11,101
Audrey iMac M1 9,015
Lounge TV 5,588
Apple TV Upstairs 2,828
Dan’s MacBook 14” Pro 501
iPhone 13 Pro 175

What to do next

  1. Open the NextDNS log: https://my.nextdns.io/9bb389/logs
  2. Filter to the security category that fired (e.g. Threat Intel Feeds)
  3. For each blocked query, identify: which device, which domain, what was running at the time
  4. Decision: keep block (real threat caught) · allowlist (false positive) · investigate device (malware/compromised app)

Generated by dare_nextdns_audit.py --check security

Source: dare_nextdns_security_2026-07-07.md · Rendered
Built with — component scripts