Advice Request CleanBrowsing DNS vs NextDNS vs ControlD DNS

Please provide comments and solutions that are helpful to the author of this topic.

CleanBrowsing DNS vs NextDNS vs ControlD DNS

  • CleanBrowsing DNS

    Votes: 0 0.0%
  • NextDNS

    Votes: 9 45.0%
  • ControlD DNS

    Votes: 2 10.0%
  • Other

    Votes: 9 45.0%

  • Total voters
    20

Kongo

Level 36
Verified
Top Poster
Well-known
Feb 25, 2017
2,597
It can also generate false positives and complaints among the residents if you are filtering for a whole network. Lots of legit advertising links end up being from new domains. So it depends on how much managing you want to do. When I attempted filtering ads and such on the whole network it resulted in many submissions to my "complaint inbox", also known as "hey husband, WTF did you break!!?".
Sure, false positives are always a problem with attack surface or risk reduction measures. In the end I still think that it's easier to whitelist sites in NextDNS compared to DNS services like Quad9 or Cloudflare, where you basically have to disable the DNS to access a blocked page. In NextDNS you have to access your dashboard and simply add those sites to the allowlist, which never was a problem for me at least.
 

SohanRay

Level 5
Thread author
Mar 19, 2022
246
Good to know, but that doesn't change the fact that the blocking of newly registered domains can increase the protection quite a bit.
About that Newly registered domains blocking, ControlD also does that. They don't have an AI ,but they claim they keep their threat intelligence sources up to date. Infact they said compared to Nextdns , they found many of Nextdns threat feed sources to be unusable due to the outdated and lot of false positives issue.
 
Last edited:

Kongo

Level 36
Verified
Top Poster
Well-known
Feb 25, 2017
2,597
About that Newly registered domains blocking, ControlD also does that. They don't have an AI ,but they keep claim they keep their threat intelligence sources up to date. Infact they said compared to Nextdns , they found many of Nextdns threat feed sources to be unusable due to outdated and lot of false positives issue.
I personally had way better experiences with NextDNS. With ControlID I always had ping issues. Might try it again tho.
 

blackice

Level 39
Verified
Top Poster
Well-known
Apr 1, 2019
2,868
I personally had way better experiences with NextDNS. With ControlID I always had ping issues. Might try it again tho.
I had really bad latency issues with ControlD when I did a trial. I did try one of their free ones on my phone the other day and it seemed improved.

Edit: The ping times are still high, but resolution seems quicker. People focus a lot on ping, but the CDN routing is more consequential to browsing and media experience. Especially if you browse a lot of the same sites regularly, everything will be cached.
 

Kongo

Level 36
Verified
Top Poster
Well-known
Feb 25, 2017
2,597
I had really bad latency issues with ControlD when I did a trial. I did try one of their free ones on my phone the other day and it seemed improved.

Edit: The ping times are still high, but resolution seems quicker. People focus a lot on ping, but the CDN routing is more consequential to browsing and media experience. Especially if you browse a lot of the same sites regularly, everything will be cached.
True, but unacceptable for a paid service in my opinion. I don't pay for bad latency...
 

Kongo

Level 36
Verified
Top Poster
Well-known
Feb 25, 2017
2,597
True. But again you are paying for a service that uses a lot of outdated threat feeds but claim they use a blend of most reputable intelligence feeds.
I am using a service that gives me the features I need. So far I am okay with it's blocking capabilities and don't see a reason to switch to another provider. It would also be appreciated if you could share your request from GitHub on their official forum, as the chance is bigger that the devs are replying there. (y)

 

SohanRay

Level 5
Thread author
Mar 19, 2022
246
I am using a service that gives me the features I need. So far I am okay with it's blocking capabilities and don't see a reason to switch to another provider. It would also be appreciated if you could share your request from GitHub on their official forum, as the chance is bigger that the devs are replying there. (y)

Actually one of my mates in the nextdns forum already asked them about this personally. So they said they wouldn't remove those feeds as many users want them apparently. So removing them would be making them disappointed.
 

Kongo

Level 36
Verified
Top Poster
Well-known
Feb 25, 2017
2,597
Ok. Will do. I thought the person on Github from their team makes the changes to their repositories so better post there.
Do what you think is best. Thanks for mentioning tho, didn't know about some of the Threat Intelligence Feeds being outdated. One big downside is that the devs are quite unresponsive and barely listen to user requests. Let's hope that they will in this case. :)
 

SeriousHoax

Level 49
Verified
Top Poster
Well-known
Mar 16, 2019
3,867
The ping times are still high, but resolution seems quicker. People focus a lot on ping, but the CDN routing is more consequential to browsing and media experience. Especially if you browse a lot of the same sites regularly, everything will be cached.
Just adding my input. This is why I would recommend testing DNS performance using something like the app DNSBench.
I get the lowest ping (much lower) with Quad9 but get the best performance with NextDNS and Cloudflare. Quad9 is visibly slower for me. I don't even need an app to realize that. It's weird but it is what it is for me at the moment. So, it's better to check the performance.
 

blackice

Level 39
Verified
Top Poster
Well-known
Apr 1, 2019
2,868
Just adding my input. This is why I would recommend testing DNS performance using something like the app DNSBench.
I get the lowest ping (much lower) with Quad9 but get the best performance with NextDNS and Cloudflare. Quad9 is visibly slower for me. I don't even need an app to realize that. It's weird but it is what it is for me at the moment. So, it's better to check the performance.
Quad9 has an implementation with ECS that helps route to closer CDNs. It won’t get you routed to the edge servers hosted by your ISP, but closer. Some consider EDNS Client Subnet a privacy concern since partial IP info is used to geolocate you to about the city level to find the closest CDN. NextDNS has a way to use a fake edns that gets around that. I have used Quad9 9.9.9.11 with ECS and it gets close to my ISP performance. Some streaming services are just instant with my ISP. When I’m using quad9 I use it with the ECS IPs. I wish NextDNS didn’t have the quirks I’ve experienced, because their ECS implementation works just about as well.
 
Last edited:

SohanRay

Level 5
Thread author
Mar 19, 2022
246
Do what you think is best. Thanks for mentioning tho, didn't know about some of the Threat Intelligence Feeds being outdated. One big downside is that the devs are quite unresponsive and barely listen to user requests. Let's hope that they will in this case. :)
Exactly. That has been a long persistent problem. The devs are very inactive and rarely respond. That's another major demerit of NextDns. One of the feeds, that is from abuse ch, urlhaus.abuse.ch.. They use the urls file which they themselves claim is incompatible with Dns filtering. So I gave them the domain names counterpart for urlhaus.abuse.ch, but they never saw or responded.
 

SohanRay

Level 5
Thread author
Mar 19, 2022
246
So in summary?

Nextdns is good but could be better?
Well that would be different from different perspectives. From my perspective though, I don't feel I can rely on the service and expect more from such a service if I am paying for it. It needs to have better support for customers using it (at least for those who are paying for it). They need to be more actively involved in maintaining their product and delivering to a promise that they have made and also to live up to their own claims.
On the other hand, Quad9 may not have Customization or ad blocking, but if that isn't a deal breaker for one, its a great option. They live up to their claims and promises and even more I would say. They actually even have email support which they are active on. And frankly its much better than anything that NextDns offers on this front. I have emailed their support (Quad9's) several times and have got detailed informative responses within 24 hrs.
 

SohanRay

Level 5
Thread author
Mar 19, 2022
246
so Quad9 is better than NextDNS?
Again its about perspective. But if you compare just the blocking malicious domains part, yeah Quad9 is definitely better. But if you want ads and tracker blocking and some parental control and some other controls too then that's only possible with NextDNS. For me blocking malicious domains is the most important part. So if its unreliable, then it doesn't make sense to pay for it.
Although not being able to block ads and trackers is a deal breaker for me. So I am using an entirely different setup in my Android devices. And another different one on my windows pc.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top