Share Dialog
Your internet feels slow. Pages load with half-second delays while invisible trackers phone home to dozens of advertising servers. Your news article finally appears, but only after loading 47 third-party scripts tracking your reading habits, location data, and device fingerprint.
You don’t see it happening. The surveillance occurs at the DNS level, invisible to casual observation. Every website you visit, every app you open, every streaming service you access first queries a Domain Name System server. That DNS server sees everything. Records everything. And if you’re using your Internet Service Provider’s default settings, you’ve unknowingly chosen to serve corporate surveillance capitalism with every internet request your household makes.
Your router is faithfully routing every device in your home through DNS servers operated by entities whose business model requires detailed behavioral tracking. They sell your family’s browsing patterns to data brokers. They inject advertisements into your internet traffic. They build psychological profiles from your search histories and temptations.
And you didn’t choose this. You just accepted the default.
Joshua had something to say about accepting cultural defaults. He demanded active choice. And he made it clear that household leadership requires protection decisions affecting everyone under your roof.
Christian Futurism offers Frameworks grounded in Biblical Scripture to address AI, Technology, and Digital Discipleship to build a Christian Future.Find me on Substack at: rockefellerkennedy.substack.
“And if it seem evil unto you to serve the LORD, choose you this day whom ye will serve; whether the gods which your fathers served that were on the other side of the flood, or the gods of the Amorites, in whose land ye dwell: but as for me and my house, we will serve the LORD.”[^2]
The Hebrew word bachar (בָּחַר) means to choose, to select with intention, to decide deliberately.[^3] Joshua doesn’t suggest passive spiritual drift or cultural accommodation. He demands active, conscious choice requiring household leadership.
Notice the structure: “As for me and my house.” Joshua doesn’t make individual spiritual decisions while letting his household fend for themselves. He exercises leadership affecting everyone under his authority. His choice of whom to serve determines what his entire household serves.
The Israelites lived surrounded by Amorite culture with its gods and practices. The default was cultural assimilation because everyone else was doing it. Joshua’s command cuts through that passive drift: Choose this day. Not tomorrow. Not when it’s convenient. Not after you’ve researched all the options. Today. Now. Make an active decision about whom your household serves, because accepting the cultural default is itself a choice to serve other gods.
Your DNS settings are Joshua 24:15 for digital households. You’re either actively choosing to route your family’s internet traffic through systems serving God’s purposes for your household, or you’re passively accepting default systems serving surveillance capitalism. There’s no neutral middle ground. Default DNS settings are choosing the gods of the Amorites while telling yourself you haven’t made a choice yet.
Joshua says: Choose this day.
And you need to switch to Protonmail sooner then later.
Domain Name System translates human-readable website names into computer-readable IP addresses. Every single internet request from every device in your household requires this translation. Your DNS provider sees every website visited, every app connection made, every streaming service accessed, every search conducted.
When you use your Internet Service Provider’s default DNS, they record your entire household’s browsing history and many sell this data to advertisers and data brokers. Some inject advertisements into your web traffic. They have no incentive to block malicious sites quickly. They profit from detailed behavioral surveillance of your household.
When you use Google’s “free” DNS (8.8.8.8), you route every internet request through Google’s data collection infrastructure. Your household’s digital behavior becomes Google’s intelligence product. “Free” means your family’s behavioral patterns are what’s being monetized.
When you use Cloudflare’s DNS (1.1.1.1), you get better privacy than Google or ISPs, but it’s still corporate infrastructure with limited customization for household-specific needs and no built-in content filtering or parental controls.
Other DNS alternatives exist, each with tradeoffs. Quad9 (9.9.9.9) is a privacy-focused option that blocks malicious domains without logging user data, operated by a Swiss non-profit organization. It provides good privacy protections but offers limited household customization and content filtering options compared to dedicated family DNS services.
AdGuard DNS provides ad blocking by resolving known ad domains to 0.0.0.0 (a non-routable address that effectively creates a dead end, preventing the connection from being established), which reduces page load times. It offers some filtering capabilities but provides less granular control than NextDNS for household-specific rules and scheduling.
OpenDNS, now owned by Cisco, offers parental controls and phishing protection. While these features are useful, corporate ownership raises surveillance concerns despite the protective capabilities. Joshua 24:15 requires asking whom you’re serving when you choose infrastructure owned by networking corporations whose business models involve data intelligence.
Decentralized options like OpenNIC and Namecoin prioritize community-driven DNS systems. These are philosophically interesting for sovereignty-minded households but technically complex to implement and maintain for most families without significant networking expertise.
Self-hosted solutions like Pi-hole with Unbound or RethinkDNS for Android provide maximum control and privacy through running your own DNS infrastructure. Pi-hole requires a Raspberry Pi or dedicated server running 24/7, while RethinkDNS provides Android-specific self-hosted filtering. Both demand technical expertise most households don’t possess and ongoing maintenance responsibilities. These are excellent options for technically capable households willing to maintain hardware and software indefinitely.
The default isn’t neutral. Neither are the alternatives.
Every DNS choice is choosing whom to serve: ISPs monetizing your data, tech corporations gathering intelligence, non-profits with limited customization, decentralized systems requiring technical expertise, or self-hosted solutions demanding ongoing maintenance.
NextDNS provides the specific combination Christian households need: privacy protection, comprehensive content filtering, household-specific customization, malware blocking, and ease of use that doesn’t require running your own server infrastructure. This isn’t claiming NextDNS is perfect; it’s recognizing that Joshua 24:15 household leadership requires choosing systems that serve your family’s specific spiritual formation needs rather than accepting whatever defaults or alternatives happen to be available.
For households with technical expertise, self-hosted solutions like Pi-hole offer maximum control. For everyone else, NextDNS provides household protection without requiring network administration skills or dedicated hardware.
NextDNS is an independent DNS service focused on privacy and family protection.[^4] While it uses Cloudflare’s infrastructure for DDoS protection and website hosting, the service operates independently with its own privacy policies. This isn’t a Cloudflare product; it’s an independent company providing DNS infrastructure for households that reject surveillance capitalism’s defaults.
The founders are transparent: privacy-focused DNS for families who want control over their digital environment without becoming the product. This is biblical stewardship implemented at the network level using the GUARD Framework for digital stewardship that emphasizes proactive protection of your household’s digital footprint.[^5]
Here’s what NextDNS enables for your entire household:
System-Wide Ad and Tracker Blocking: Most websites load 40+ tracking scripts before showing you content. Each tracker queries DNS servers, creating network requests that slow your internet. NextDNS blocks these at the DNS level - they never even attempt to load. Your internet becomes noticeably faster because you’re not waiting for dozens of surveillance scripts to phone home before pages render.
This isn’t just speed optimization. It’s refusing to participate in manipulative systems designed to exploit psychological vulnerabilities. Every blocked tracker is saying “my household will not serve these gods.” As we explored in Digital Dignity, your personal data reflects the image of God (tselem), making casual exposure to surveillance capitalism a theological concern, not just a privacy preference.[^6]
Malware and Phishing Protection: NextDNS maintains continuously-updated blocklists of malicious domains. Before your family members can accidentally visit phishing sites or malware distribution servers, NextDNS blocks the DNS resolution. This protects everyone in your household, from tech-savvy adults to children who don’t recognize sophisticated scams.
Adult Content Blocking: This isn’t just for children. Christian adults need protection from temptation’s convenient accessibility. NextDNS blocks adult content at the network level - it never reaches any device in your home. Your teenager’s phone. Your laptop. Your smart TV. The household-level decision protects everyone through environmental boundaries, not just individual willpower.
Surveillance Capitalism Resistance: When you choose NextDNS over default settings, you’re actively rejecting the business model that treats your family as data extraction opportunities. You’re refusing to let your household’s behavioral patterns become products sold to the highest bidder. This is Joshua 24:15 implemented through network infrastructure, applying the REFUGE Framework for establishing sacred digital boundaries that protect spiritual communications from corporate surveillance.[^7]
Dark Pattern and Manipulation Blocking: NextDNS allows blocking of specific tracking domains, advertising networks, and behavioral manipulation systems. You can block Facebook’s tracking pixels, Google’s advertising trackers, and sophisticated behavioral profiling systems operating invisibly across websites. Your family’s psychological vulnerabilities aren’t for sale.
Category-Based Protection: Enable blocking for entire categories: gambling sites, social media platforms during certain hours, streaming services that consume family time, news sites that produce anxiety rather than information. You’re creating environmental boundaries serving your household’s spiritual formation.
How Biblical wisdom protects modern Christian communities from digital exploitation
Visit nextdns.io and create a free account (or use this affiliate link to support Christian Futurism: Use Our Affiliate Link ). You’ll receive a unique configuration ID that looks like “abc123.” This ID creates your household’s customized DNS filtering rules. The dashboard homepage provides platform-specific setup instructions once you log in.
The methods below progress from easiest to most technically complex, allowing you to start with immediate protection and advance toward comprehensive household coverage as you gain confidence. Start with browser or device-level setup for immediate protection. Once comfortable with how NextDNS works, consider router-level configuration for true household protection affecting every device automatically.
Browser-level setup provides the fastest path to protection, requiring just two minutes to configure. However, this only protects web browsing, not apps or system-level connections. Apps bypass browser DNS entirely, so this is your starting point, not your endpoint.
Avoid Chrome, Safari, and Edge. Use privacy-respecting alternatives like Firefox, Brave, or Mull Browser. Firefox users enable DNS over HTTPS through Preferences → Privacy & Security, select Custom, and enter https://dns.nextdns.io/[your-id]. Brave offers similar configuration through Settings → Privacy and security → Security, enabling “Use secure DNS” and selecting Custom. Mull Browser (Firefox/Tor-based with built-in Mullvad VPN options) follows the same Firefox setup process.
Browser protection means immediate ad blocking and filtering while you learn the system, but it leaves apps, system updates, and other network connections unprotected.
Device-level configuration protects everything that device does online—apps, browser, system updates, background connections—regardless of network location. This requires 3-5 minutes per device but provides genuine protection rather than browser-only coverage.
Android devices (version 9 or higher) use Private DNS settings found under Settings → Network & internet → Advanced → Private DNS. Select “Private DNS provider hostname” and enter [your-id].dns.nextdns.io with your configuration ID. This applies NextDNS to all internet traffic from that device everywhere it connects.
Apple devices use configuration profiles generated at apple.nextdns.io. iOS/iPadOS users download the profile, open Settings, tap “Profile Downloaded,” and install following onscreen instructions. macOS users download the .mobileconfig file, open it, then install through System Preferences → Profiles. Apple TV (tvOS) requires navigating to Settings → General → Privacy, hovering over “Share Apple TV Analytics” without pressing, pressing Play on the remote, selecting “Add Profile,” and entering the generated short link. Apple’s configuration profile method ensures DNS protection survives network changes and can’t be bypassed without device admin credentials.
Windows 11 implements DNS over HTTPS through Settings → Network & internet → Wi-Fi (or Ethernet) → Hardware properties → Edit DNS server assignment. Select Manual, enable IPv4, enter the provided DNS address as Preferred DNS, select “On (manual template),” and enter https://dns.nextdns.io/[your-id]. Repeat for Alternate DNS. This encrypts DNS queries while applying your filtering rules.
Linux users can follow command line setup instructions from their NextDNS dashboard. For most users, IPv6 setup is simpler and doesn’t require linked IP addresses (which can conflict with VPN configurations, which you should have). Check your dashboard for IPv6 addresses specific to your configuration.
GrapheneOS users follow the Android Private DNS instructions above. GrapheneOS’s security model already provides substantial protection; NextDNS adds household-appropriate content filtering on top of that foundation.
Router-level configuration is Joshua 24:15 household leadership implemented through network infrastructure: one protection decision affecting everyone under your roof. This protects every device connected to your home network automatically—smart TVs, game consoles, IoT devices, guest devices—without requiring individual device setup. For households not using VPNs on every device, router-level NextDNS is extraordinarily powerful. Every internet request from every device automatically receives protection, ad blocking, and filtering without individual configuration.
Router setup requires 10-30 minutes depending on technical experience and can be more complicated than device-level configuration. If you’re not comfortable accessing router admin interfaces or following command-line instructions, start with browser or device-level setup above. You can always migrate to router-level protection later once you’re confident in the system. But for households where router-level setup is feasible, the protection is comprehensive and requires no maintenance once configured.
Standard router configuration works for most routers. Log into your router’s admin interface (typically 192.168.1.1 or 192.168.0.1) and locate DNS settings (usually under WAN, Internet, or Network settings). Your NextDNS dashboard’s “Setup” tab provides router-specific instructions under “Routers” with exact DNS addresses for your configuration. Enter the provided IPv4 or IPv6 addresses as your router’s DNS servers, save settings, and reboot your router. Every device now uses NextDNS automatically.
Advanced router installation applies to routers running DD-WRT, OpenWrt, or similar custom firmware that can run executables. NextDNS provides a dedicated client with enhanced features available at https://github.com/nextdns/nextdns/wiki with installation instructions specific to your router firmware. The client provides better performance and additional configuration options beyond standard DNS setup. This method is more technically complex but offers additional control for households comfortable with custom router firmware.
VPN services like ProtonVPN and Mullvad VPN support custom DNS configuration, allowing you to maintain VPN privacy protection while using NextDNS for content filtering, ad blocking, and malware protection. This combines encrypted privacy with household content filtering. Check your VPN provider’s documentation for instructions on configuring custom DNS servers—the process varies by provider and platform.
Router-level VPN configuration represents the most technically complex but comprehensive household protection approach. Certain router setups allow running VPN clients directly at the router level, protecting your entire household’s traffic through both VPN encryption and NextDNS filtering simultaneously. This combines the privacy benefits of VPN tunneling with the content protection and speed gains of NextDNS blocking. Router-level VPN configuration demands technical expertise but provides comprehensive household protection for families prioritizing both privacy and content filtering.
Once configured, your NextDNS dashboard provides comprehensive control through the GUARD Framework principles:[^8]
Security Blocklists: Enable threat intelligence feeds blocking malware, phishing, ransomware, and cryptojacking domains. These lists are curated by security researchers and updated continuously. Your household is protected before threats can reach individual devices.
Privacy Blocklists: Block advertising trackers, analytics systems, and behavioral profiling networks. Your internet speeds up immediately because pages stop loading dozens of surveillance scripts. More importantly, your family stops feeding surveillance capitalism’s data harvesting. This implements the same principles we discussed in protecting church prayer chains from Meta’s WhatsApp surveillance and defending against Gmail’s Gemini AI, but at the foundational network level protecting all communications.[^9]
Category Blocking: Block entire categories with single clicks: gambling, adult content, social media, streaming services, news aggregators, shopping sites. You’re establishing environmental boundaries serving your household’s priorities rather than corporate manipulation systems.
Time-Based Restrictions: Allow social media only during specific hours. Permit streaming services only on weekends. Block news sites during bedtime hours to protect sleep. This is environmental design for spiritual formation.
Specific Domain Control: Block or allow individual websites and subdomains. If a platform is problematic but specific sections are valuable, you can implement surgical blocking. YouTube.com blocked, but specific educational channels allowed. Reddit blocked, but specific technical communities permitted.
Speed Through Blocking: When you block ads and trackers, your internet becomes noticeably faster. Pages load quicker. Apps respond faster. You’re not waiting for surveillance scripts to execute before content renders. This is stewardship: refusing to waste your household’s time and bandwidth serving systems that exploit you.
Personal Holiness Through Boundaries: Adult content blocking protects everyone in your household, not just children. Christian adults struggle with accessibility and convenience making temptation one click away. Household-level blocking creates environmental protection. You’re not trusting individual willpower in moments of weakness; you’re establishing boundaries that serve holiness.
This is Joshua 24:15 implemented through network infrastructure: active choice about whom your household serves, enforced at the foundational technical level.
Signal's 3-minute fix every Christian needs to know
Christian households don’t get to plead technical ignorance. Joshua’s command is clear: “Choose you this day whom ye will serve.”[^10] Not tomorrow. Not after you’ve researched exhaustively. Not when it’s convenient. This day.
Default DNS settings are choosing to serve surveillance capitalism’s gods while telling yourself you haven’t made a choice. You’re accepting that your household’s behavioral patterns will be recorded, analyzed, and sold. That advertising algorithms will exploit psychological vulnerabilities. That dark patterns will manipulate decision-making. That convenient access to sin will remain unobstructed.
Joshua says passive cultural accommodation is itself choosing to serve other gods. The Israelites couldn’t claim neutrality; they had to actively choose the LORD. Your household can’t claim DNS neutrality; you’re either actively protecting your family through systems serving your priorities, or you’re passively accepting systems serving corporate profit.
The benefits of active choice are immediate and comprehensive:
Your internet gets faster. Blocking trackers and ads eliminates the network requests that slow page loads. You’re not waiting for surveillance scripts to execute.
Your family gains privacy. ISPs and corporate DNS providers can’t record and sell your browsing patterns. Data brokers lose access to your household’s behavioral intelligence.
Your household receives protection. Malware and phishing attempts fail at the DNS level. Adult content never reaches your devices. Manipulative advertising can’t load.
Your leadership serves formation. You’re creating environmental boundaries that protect rather than hoping individual willpower succeeds against sophisticated manipulation.
But most importantly: you’re choosing whom your household serves. Not defaulting. Not drifting. Not accommodating. Choosing.
Joshua didn’t survey his household about spiritual preferences. He didn’t wait for consensus. He didn’t accommodate cultural defaults. He made a leadership decision: “As for me and my house, we will serve the LORD.”[^11]
Your DNS configuration is that leadership decision for digital households. Either you actively choose systems serving your family’s spiritual formation and protection, or you passively accept systems serving surveillance capitalism’s profit extraction.
NextDNS isn’t technological salvation. It’s a tool for biblical stewardship. It gives you the infrastructure to exercise Joshua 24:15 household leadership in a digital age. What you do with that infrastructure determines whether you’re actively serving the LORD with your household’s digital life, or passively serving the cultural default.
Your family’s internet requests are happening right now, this moment, being routed through DNS servers operated by someone. Those servers either serve your household’s priorities under your leadership, or they serve corporate interests you’ll never see and can’t control.
Configure NextDNS today. Exercise the household protection leadership that Joshua 24:15 requires. Stop accepting cultural defaults as if they’re spiritually neutral. Block the trackers stealing your family’s time and privacy. Block the temptations exploiting convenient accessibility. Block the manipulation designed to exploit psychological vulnerabilities.
And when your family asks why their internet feels faster, why certain sites don’t load, why ads disappeared, tell them: “This is what it means to say ‘as for me and my house, we will serve the LORD.’ Even our DNS resolver submits to His authority over our household rather than serving surveillance capitalism’s gods.”
Because Joshua doesn’t permit passive drift. He demands active choice.
And your household’s digital infrastructure is that choice, made visible through every DNS query, every blocked tracker, every protection decision implemented at the network level.
Choose this day.
How does recognizing that default DNS settings are an active choice to serve surveillance capitalism change your understanding of Joshua 24:15’s “choose you this day” command? What other digital “defaults” in your household represent passive choices to serve systems incompatible with biblical priorities?
What surprised you most about NextDNS’s household-level protection capabilities? How does blocking ads and trackers at the DNS level differ from individual browser extensions or apps, and what does this reveal about the nature of comprehensive household protection versus individual device management?
Beyond DNS configuration, what other areas of digital life require Joshua-style household leadership decisions rather than passive acceptance of cultural defaults? Where else have you been treating technical infrastructure as spiritually neutral when it actually represents active service to specific values and business models?
Like what you’re reading? Subscribe to stay updated on how biblical wisdom illuminates our digital stewardship challenges. And if this resonated with you, share it with someone who needs to discover what authentic household leadership looks like in a surveillance capitalism world.
Find Christian Futurism here: Substack, Medium, Paragraph
Available also as a Podcast: on Spotify, as well as PocketCasts!
Support this research and receive priority access to digital discipleship insights through BuyMeACoffee or Ko-fi. Your partnership funds continued investigation into biblical frameworks that multiply both kingdom impact and digital freedom for the global church.
[^2]: Joshua 24:15 (KJV), Blue Letter Bible
[^3]: Strong’s Hebrew H977, bachar (בָּחַר), “to choose, select with intention, decide deliberately,” Blue Letter Bible Lexicon
[^4]: NextDNS Team, “Who is behind NextDNS?”, NextDNS Help Center
[^5]: “Ezra’s Blueprint for Digital Stewardship: The GUARD Framework,” Rockefeller Kennedy Substack
[^6]: “Digital Dignity: Why Your Data Reflects the Image of God,” Rockefeller Kennedy Substack
[^7]: “Sacred Boundaries: Biblical Wisdom for Digital Privacy,” Rockefeller Kennedy Substack
[^8]: “Ezra’s Blueprint for Digital Stewardship: The GUARD Framework,” Rockefeller Kennedy Substack
[^9]: “Meta’s WhatsApp Weaponizes Your Church Prayer Chain,” Rockefeller Kennedy Substack; “Gemini is Selling Your Correspondence,” Rockefeller Kennedy Substack
[^10]: Joshua 24:15 (KJV)
[^11]: Joshua 24:15 (KJV)
All comments (0)