Nym is designed to protect your privacy at every stage of your internet connection, and that includes how your DNS queries are handled. This article explains how DNS works in the Nym network, why it offers stronger privacy than traditional VPNs, and when you might want to customise your DNS settings.
All DNS requests made while you're connected through the exit gateway. This means:
DNS servers only see that Nym users as a group are resolving hostnames.
They cannot identify you individually.
Your DNS queries are unlinkable to your real IP address.
This design provides stronger privacy than many VPNs, which often operate their own DNS resolvers. Those VPN-operated DNS services could be logged, monitored, or legally compelled to hand over user data. Nym avoids this risk entirely because DNS never touches a centralized Nym-operated resolver.
What the DNS in the app actually does
Nym uses DNS in two different phases:
1. Before connecting to Nym
DNS is used to help the app: discover and connect to Nym network endpoints.
Your DNS provider will see that your device is connecting to Nym, just like a VPN provider would see when you initiate a connection.
2. During browsing (after connection)
Once you're inside the mixnet:
All DNS queries are resolved inside the encrypted Nym tunnel.
The DNS provider cannot see your real IP address.
Your requests appear as part of a large pool of Nym users, not traceable to you.
IMPORTANT: Switching your DNS provider could lead to less privacy.
Nym’s default DNS providers
As of November 2025, by default, Nym uses:
Cloudflare (1.1.1.1)
These providers were chosen for their privacy-first policies and strong track records.
Why Cloudflare?
Cloudflare’s 1.1.1.1 service is widely recognized for its privacy protections:
No data mining: DNS logs are kept only for 24 hours for debugging and then deleted.
Query name minimization: Only the minimal required information is sent at each step of DNS resolution, improving user privacy.
Popularity: It's one of the most common DNS services, ensuring your queries are blended with a large set of other queries.
When should I customise my DNS?
You may want to use a custom DNS provider if you prefer features such as:
Ad-blocking
Family filtering
Malware or phishing protection
Other DNS-based security enhancements
Keep in mind that different DNS providers have different privacy guarantees. Always review a provider’s policies before switching.
Using custom DNS in NymVPN
NymVPN now allows you to set custom DNS servers on supported devices, giving you more control over how domain requests are handled. This is useful if you prefer not to use Nym’s default DNS, or if you want a setup tailored to your needs.
By choosing a custom DNS provider, you can enable features such as ad-blocking, tracker blocking, or content filtering using services like AdGuard or NextDNS. You can also select other DNS providers you personally trust.
To enable custom DNS:
Open Settings ⚙️ in the NymVPN app
Tap Customize DNS
Enter a DNS address (IPv4 or IPv6)
Tap Add to include it in the list (you can add up to 5 addresses and order them based on priority)
Tap Save to confirm your changes
Enable Use custom DNS servers
Disconnect and reconnect NymVPN for the settings to take effect
Note: Custom DNS may limit Nym connectivity in some cases.
Nym ensures strong DNS privacy through:
Encrypted, mixnet-protected DNS queries
Use of trusted, privacy-focused DNS providers
No centralized DNS handling by Nym
Unlinkability between your real IP and your DNS activity
As we continue developing the platform, custom DNS support will give you even more control over your experience. If you have more questions, feel free to contact Nym support.