NextDNS · home network security threats

14 JULY 2026 · window -24h

At a glance

Why this matters

The security suite (AI threat detection, threat-intel feeds, Google Safe Browsing, cryptojacking, DNS rebinding, IDN homographs, typosquatting, DGA, NRD, parking, CSAM) catches DNS queries that match known-bad indicators. A non-zero count means a device on the home network tried to resolve a domain on a security list — worth investigating which device and which domain to confirm whether the block was protective (great) or a false-positive on legitimate use.

Privacy blocks (ads/trackers/social-media filters) are not counted here — they’re high-volume by design and noise-up the signal.

Security-category breakdown

Category Blocks
AI-Driven Threat Detection 6

Top devices in the window

Device Queries
unidentified (__UNIDENTIFIED__) 44,326
iphone-13-pro-max 17,602
Dan’s M2 16,570
Audrey iMac M1 7,000
Lounge TV 4,011
Apple TV Upstairs 3,365
iPhone 13 Pro 1,705
Dan’s MacBook 14” Pro 562

What to do next

  1. Open the NextDNS log: https://my.nextdns.io/9bb389/logs
  2. Filter to the security category that fired (e.g. Threat Intel Feeds)
  3. For each blocked query, identify: which device, which domain, what was running at the time
  4. Decision: keep block (real threat caught) · allowlist (false positive) · investigate device (malware/compromised app)

Generated by dare_nextdns_audit.py --check security

Source: dare_nextdns_security_2026-07-14.md · Rendered
Built with — component scripts