Comment by dominis
I had the same problem, browser extensions weren't enough, and I wanted something system-wide. So I built Sinkzone [1], a DNS tool that blocks everything unless allowlisted. It’s open-source and works across OSs. Thought it might be helpful if you're looking beyond NextDNS.