iCloud Private Relay disables NextDNS and offers no malware protection
Or you could just use the two together, like I and other people have for months now, by disabling the blockpage setting in your NextDNS settings (a cosmetic landing page that is unnecessary). NextDNS have posted a comment a few months ago explaining that the filtering will still work like this, just the status icon on their website will not be shown as green because the Apple Relay partner DNS is the last step.
iCloud private relay isn’t intended to be anti malware. If you’re really concerned about malware, NextDNS shouldn’t be your primary defense. Understand your tools and what they’re for.
I’m using NextDNS on my iPhone (iOS 15.2) with profile set up, and activated iCloud Private Relay, if i check to dnsleaktest.com, my dns set to akamai, but still block ads at the same time. I don’t know why, but it’s cool.
Quad9’s (and nextdns as well + other festures) sole purpose is to protect against bad domains that serve malware. so why would you not use something like Nextdns and quad9 for malware protection? what other tools should one use?
seems very random and not sure if i can trust it.
also are we exposed to our isp if we use nextdns with private relay?
The current behavior and most likely the behavior of the release is that iOS (and macOS) when Private Relay is enable is using NextDNS only to check if a domain is blocked, but uses the Private Relay’s DNS (Cloudflare, Akamai…) for the actual DNS resolution (all DNS request are duplicated).
I’m not an expert about this, but this tweet from an expert.
“DoH encrypts precisely zero data that is not already present in
unencrypted form. As it stands, using DoH only provides *additional*
leaks of data. SNI, IP addresses, OCSP and remaining HTTP connections
still provide the rest. It is fake privacy in 2019.” — Bert Hubert 
(@PowerDNS_Bert)
I think VPN / Tor still safer way for privacy.
thank you, very constructive.
Edit: I’m an idiot 
You should be using anti-malware protection such as malwarebytes on your endpoints.
Just because your DNS is protecting against known threats and bad actor domain lookups it’s just one layer of your security/privacy onion, like a firewall, VPN, network device segregation, anti virus, anti malware and so on.
I should have mentioned I’m on macOS and iOS which has their own built in malware tools and lists. Malware protection in macOS. I guess I don’t need third party tools then if i have these built in measures + DNS malware filtering and uptidate OSes? Im asking to learning 
Well, MacOS, and particularly iOS/iPad OS, are arguably ‘safer’ than other OS platforms for a number of reasons but they’re not 100% safe by any means.
Whilst Apple issues security patches regularly and updating your OS immediately is best practice, zero day vulnerabilities are still found often, plus nefarious actors are not to be underestimated.
I use NextDNS, have a Firewall with IDS/IPS and run Malwarebytes nightly on all my Macs which occasionally identifies and quarantines malware/Trojans/spyware that has penetrated my, and Apple’s, first line defences.
iOS & iPadOS too are not impregnable, even if you’ve not jailbroken the device - take a peek at the following links for some historic highlights Malwarebytes Labs - The Security Blog From Malwarebytes | Malwarebytes Labs, Unprecedented new iPhone malware discovered | Malwarebytes Labs.
At the end of the day it boils down to your individual tolerance of risk. NextDNS is certainly a good tool in one’s arsenal. It doesn’t win every war on its own though IMHO. I hope this helps.
But aren’t zero days ahead of malwarebyte as well? iirc tools like that only search for signatures and need updates to said signature lists to recognize malware, no? or does it have som intelligent engine that recognizes patterns of malware?
im curious of your firewall. is it a hardware firewall or software? what is the name of it?