Please provide comments and solutions that are helpful to the author of this topic.
Sure, false positives are always a problem with attack surface or risk reduction measures. In the end I still think that it's easier to whitelist sites in NextDNS compared to DNS services like Quad9 or Cloudflare, where you basically have to disable the DNS to access a blocked page. In NextDNS you have to access your dashboard and simply add those sites to the allowlist, which never was a problem for me at least.
About that Newly registered domains blocking, ControlD also does that. They don't have an AI ,but they claim they keep their threat intelligence sources up to date. Infact they said compared to Nextdns , they found many of Nextdns threat feed sources to be unusable due to the outdated and lot of false positives issue.
I personally had way better experiences with NextDNS. With ControlID I always had ping issues. Might try it again tho.
Ok. Do try again and test their filtering too.
I had really bad latency issues with ControlD when I did a trial. I did try one of their free ones on my phone the other day and it seemed improved.
True, but unacceptable for a paid service in my opinion. I don't pay for bad latency...
I just noticed it is probably because I'm being routed to Montreal. I'm in the Desert Southwest in the US...I should be routed to Dallas or LA. Maybe an ISP issue, or their anycast needs some work.
True. But again you are paying for a service that uses a lot of outdated threat feeds but claim they use a blend of most reputable intelligence feeds.
I am using a service that gives me the features I need. So far I am okay with it's blocking capabilities and don't see a reason to switch to another provider. It would also be appreciated if you could share your request from GitHub on their official forum, as the chance is bigger that the devs are replying there.
help.nextdns.io
Actually one of my mates in the nextdns forum already asked them about this personally. So they said they wouldn't remove those feeds as many users want them apparently. So removing them would be making them disappointed.I am using a service that gives me the features I need. So far I am okay with it's blocking capabilities and don't see a reason to switch to another provider. It would also be appreciated if you could share your request from GitHub on their official forum, as the chance is bigger that the devs are replying there.
Discussions - Community - NextDNS Help Center
Join the community discussion of general topics.
Do what you think is best. Thanks for mentioning tho, didn't know about some of the Threat Intelligence Feeds being outdated. One big downside is that the devs are quite unresponsive and barely listen to user requests. Let's hope that they will in this case.
Just adding my input. This is why I would recommend testing DNS performance using something like the app DNSBench.
Quad9 has an implementation with ECS that helps route to closer CDNs. It won’t get you routed to the edge servers hosted by your ISP, but closer. Some consider EDNS Client Subnet a privacy concern since partial IP info is used to geolocate you to about the city level to find the closest CDN. NextDNS has a way to use a fake edns that gets around that. I have used Quad9 9.9.9.11 with ECS and it gets close to my ISP performance. Some streaming services are just instant with my ISP. When I’m using quad9 I use it with the ECS IPs. I wish NextDNS didn’t have the quirks I’ve experienced, because their ECS implementation works just about as well.
Exactly. That has been a long persistent problem. The devs are very inactive and rarely respond. That's another major demerit of NextDns. One of the feeds, that is from abuse ch, urlhaus.abuse.ch.. They use the urls file which they themselves claim is incompatible with Dns filtering. So I gave them the domain names counterpart for urlhaus.abuse.ch, but they never saw or responded.Do what you think is best. Thanks for mentioning tho, didn't know about some of the Threat Intelligence Feeds being outdated. One big downside is that the devs are quite unresponsive and barely listen to user requests. Let's hope that they will in this case.
Well that would be different from different perspectives. From my perspective though, I don't feel I can rely on the service and expect more from such a service if I am paying for it. It needs to have better support for customers using it (at least for those who are paying for it). They need to be more actively involved in maintaining their product and delivering to a promise that they have made and also to live up to their own claims.
Again its about perspective. But if you compare just the blocking malicious domains part, yeah Quad9 is definitely better. But if you want ads and tracker blocking and some parental control and some other controls too then that's only possible with NextDNS. For me blocking malicious domains is the most important part. So if its unreliable, then it doesn't make sense to pay for it.
