Guide April 10, 2026 6 min read

How to set up NextDNS to block porn on iPhone

NextDNS is the strongest single layer of porn blocking you can set up on an iPhone. It works at the network layer — every app on your phone goes through it, not just browsers. The free tier handles 300,000 queries per month, which is plenty for one person. Full walkthrough below.

What DNS filtering does

Every time an app on your phone tries to connect to a server somewhere on the internet, it first asks DNS — the internet's phonebook — "what's the IP address for this domain?" NextDNS replaces the default DNS lookup with its own, and refuses to answer for domains on its blocklists. The connection fails before it starts.

Practical consequence: NextDNS catches adult content in browsers and in third-party apps. Twitter/X images, Reddit threads, Discord messages, hidden in-app browsers — all of it goes through the same DNS layer. None of those leak past it.

Step 1 — sign up

  1. Go to nextdns.io.
  2. Click Sign Up. Email + password — no credit card required for the free tier.
  3. NextDNS creates a configuration ID (a six-character string like abc123). This is your unique profile.

Step 2 — enable the right blocklists

Inside the NextDNS dashboard:

  1. Click PrivacyBlocklists.
  2. Add the following lists (search by name in the picker):
    • HaGeZi's Pro Blocklist — broad coverage, low false-positive rate
    • HaGeZi's NSFW List — adult content specifically
    • OISD Big — community-maintained; deduplicated against the above
  3. Click Parental Control → enable Pornography and optionally Adult Content (broader category).
  4. Optionally enable Dating if dating apps are part of the trigger pattern for you.

Don't go overboard with blocklists. Three or four well-maintained ones cover more than ten redundant ones, and reduce the chance of false positives breaking legitimate sites.

Step 3 — install the iOS profile

  1. In the NextDNS dashboard, click Setup.
  2. Scroll to the iOS section. Tap Download Configuration Profile. Safari opens.
  3. iOS asks: "This website is trying to download a configuration profile." Tap Allow.
  4. iOS may show a notification "Profile Downloaded — Review the profile in Settings if you want to install it."
  5. Open Settings on your iPhone.
  6. Near the top, tap Profile Downloaded (this only appears if you have a pending profile to install). If it's not there, go to Settings → General → VPN, DNS & Device Management and tap the NextDNS profile.
  7. Tap Install in the top right. Enter your iPhone passcode.
  8. Tap Install again to confirm. Tap Done.

Profile is now active. NextDNS is filtering every DNS request your iPhone makes.

Step 4 — verify it's working

Test the filter:

  1. Open Safari.
  2. Try to navigate to any major adult site (no need to type the full URL — even a search-engine result works).
  3. You should see "Server cannot be found" or "Cannot connect to the server." NextDNS has refused the DNS lookup.
  4. Back in the NextDNS dashboard → Logs tab → you'll see the blocked request listed with a "Blocked" tag.

If sites you expected to be blocked are loading: check that the profile is enabled (Settings → General → VPN, DNS & Device Management) and that the blocklists are saved in your NextDNS dashboard.

Common troubleshooting

"My phone says no internet"

If NextDNS is configured wrong, DNS lookups fail and apps think the internet is down. Check that the profile is using NextDNS encrypted DNS (not a fake DNS that doesn't actually work). Re-download the profile from the NextDNS dashboard if needed.

"It's blocking sites I need"

NextDNS dashboard → Allowlist → add the specific domain. Takes effect immediately.

"I'm hitting the 300K query limit"

Unlikely for one person. The free tier resets monthly. If you're consistently over, you've probably installed it on multiple devices — split the device count across separate profiles or upgrade to the paid tier (NextDNS's pricing page has the current cost; it's modest and often worth it for full coverage).

"How do I know it's actually working?"

Visit test.nextdns.io. The page tells you whether your DNS is going through NextDNS and whether your filtering is active.

What NextDNS doesn't catch

  • Content from generic CDNs. If adult content is served from a Cloudflare or AWS endpoint that also serves benign sites, NextDNS can't block it without breaking the rest of the internet. Not many filters can.
  • Already-cached content. If an image was loaded recently, the cached version may render briefly even after the block is in place. Closing and reopening the app clears most of this.
  • Anyone removing the profile from Settings. Like Screen Time, the strength is roughly the strength of leaving it installed. The fix is to combine it with Screen Time set to Don't Allow on Configuration Profile changes.

Combining with the other layers

NextDNS alone is the strongest single layer because it covers every app, not just browsers. But it doesn't replace Screen Time or a Safari content blocker — they catch different things at different stages.

  • Screen Time adds the passcode-holder mechanic (so disabling NextDNS becomes a Settings dive that requires a passcode). Setup walkthrough.
  • Safari content blockers like Escape's free blocker add the curated list of 11,868 specifically-known adult sites — useful when NextDNS hasn't yet blocklisted a newer or smaller site. Comparison of free options.

The full three-layer stack is what the complete iPhone-blocking guide recommends. NextDNS is the most powerful single layer; the other two cover the gaps NextDNS leaves.

Escape is a Safari content blocker, a 90-second urge ritual, practice games that retrain how you meet an urge, and 27 short courses on identity and the long arc of recovery. No account, no personal tracking.

Download on the App Store
Related
How to block porn on iPhone — the complete guideHow to set up Apple Screen Time to block porn — step by stepFree porn blocker for iPhone, what's actually free in 2026

← All posts

Get Escape on the App Store