Advice Request CleanBrowsing DNS vs NextDNS vs ControlD DNS

Please provide comments and solutions that are helpful to the author of this topic.

CleanBrowsing DNS vs NextDNS vs ControlD DNS

  • CleanBrowsing DNS

    Votes: 0 0.0%
  • NextDNS

    Votes: 9 45.0%
  • ControlD DNS

    Votes: 2 10.0%
  • Other

    Votes: 9 45.0%

  • Total voters
    20

SohanRay

Level 5
Thread author
Mar 19, 2022
246
I am not saying that you are wrong, but based on which tests are you stating that?
I have seen many test results over the Internet. Sometimes NextDns does well, sometimes CleanBrowsing does well. But Quad9 always does well no matter which test results you look at. Now you may say do your own testing and see. But the test results depends a lot on the sources you use to gather the malicious domains. What normal users can gather would be from public lists. Now NextDns uses public lists, so its more likely to shine. But lists from say cybersecurity firms would never be available to general people, if you had tested on their lists NextDns most probably would have done bad. Public lists have a lot of false positives. You'll find opendns not blocking most domains mentioned in Openphish (public list) which they themselves back and is a part of their own company initiative. Why? Its because they don't trust their own initiated source completely. Even Quad9 doesn't block a lot of domains from Openphish. Same reason. But if you see NextDns, it would probably block almost all of it if not all. So the thing is all NextDns has are those free public lists in their arsenal. And these lists are literally accessible by anyone. But the premium private ones are the ones accessible by only authorized entities. So all services using such premium private services, can easily use all or any of those public lists. Its pretty obvious. So now which one is bound to perform better? The answer is obvious right... Quad9 uses threat intel from so many leading cybersecurity companies on near real time basis. And also any vetted domains from public lists.
 
  • Thanks
  • Like
Reactions: Nevi and Kongo

SohanRay

Level 5
Thread author
Mar 19, 2022
246
N
What you guys think about RethinkDNS?
Not much really. They have been mostly inactive since quite some time I think. And all they have is those public blacklists which you can choose from like you can in nextdns in case of privacy, ads and trackers. They don't have any other added feature. So pretty lame basically. Their speeds were good though in my case. They have or had an email to contact them. But they never replied when I mailed them. So I have investigated them before and well, they didn't make it to this list of comparison at all. Its far behind.
 

The_King

Level 12
Verified
Top Poster
Well-known
Aug 2, 2020
549
Quad9 and NextDNS are really great I have tried both for long term testing as well. However I always go back to Cloudflare because they are consistently faster
at my specific location.

So depending on your location one DNS provider can be better than another.

This tool can be useful for checking which DNS providers are the best for your specific location.
 

Kongo

Level 36
Verified
Top Poster
Well-known
Feb 25, 2017
2,597
I have seen many test results over the Internet. Sometimes NextDns does well, sometimes CleanBrowsing does well. But Quad9 always does well no matter which test results you look at. Now you may say do your own testing and see. But the test results depends a lot on the sources you use to gather the malicious domains. What normal users can gather would be from public lists. Now NextDns uses public lists, so its more likely to shine. But lists from say cybersecurity firms would never be available to general people, if you had tested on their lists NextDns most probably would have done bad. Public lists have a lot of false positives. You'll find opendns not blocking most domains mentioned in Openphish (public list) which they themselves back and is a part of their own company initiative. Why? Its because they don't trust their own initiated source completely. Even Quad9 doesn't block a lot of domains from Openphish. Same reason. But if you see NextDns, it would probably block almost all of it if not all. So the thing is all NextDns has are those free public lists in their arsenal. And these lists are literally accessible by anyone. But the premium private ones are the ones accessible by only authorized entities. So all services using such premium private services, can easily use all or any of those public lists. Its pretty obvious. So now which one is bound to perform better? The answer is obvious right... Quad9 uses threat intel from so many leading cybersecurity companies on near real time basis. And also any vetted domains from public lists.
Thats cool and all but just like @cryogent I would really like to see those tests results. Been trying to find stuff for a long time but never was able to find much more than Youtube tests about NextDNS. :unsure:
 
  • Like
Reactions: Trooper

SohanRay

Level 5
Thread author
Mar 19, 2022
246
If you don't mind, can you post some links to those tests?
At least to get a clear idea of the differences.
Well I don't think I can find all of them again. But lets see which ones I can.



(you'll have to scroll down in this one)


(here it mentions about Quad9 being 97 percent effective)




There are others too, but I can't find them now. Would require much time.
There it was properly explained that when we do tests for these filtering services the results entirely depend on the sources we use. The more close sources a service uses, the better its results are. So things can't be compared really based on such individual tests to that extent. You'll have to investigate the other aspects to be sure.
 
Last edited:

Kongo

Level 36
Verified
Top Poster
Well-known
Feb 25, 2017
2,597
Well I don't think I can find all of them again. But lets see which ones I can.



(you'll have to scroll down in this one)


(here it mentions about Quad9 being 97 percent effective)




There are others too, but I can't find them now. Would require much time.
There it was properly explained that when we do tests for these filtering services the results entirely depend on the sources we use. The more close sources a service uses, the better its results are. So things can't be compared really based on such individual tests to that extent. You'll have to investigate the other aspects to be sure.

Thanks for sharing. In the end none of those sources are stating that NextDNS is weaker in malware and phishing protection than Quad9 except in this twitter post from another DNS provider. In the Youtube video it even performed a little better than Quad9. I like Quad9 and NextDNS but just think that there are not enough trustworthy tests about NextDNS to judge its efficiency. Considering that most people would also add external blocklists like oisd or Energized it's hard to rate NextDNS anyway.
 

SohanRay

Level 5
Thread author
Mar 19, 2022
246
The main reason behind NextDns shining in most people's individual tests is that it entirely uses and depends on public free lists. And almost all individuals use the public free lists to test the filtering, because that is essentially what they can acquire without paying for a subscription fee.
So, its obvious that NextDns would shine in those tests. But that isn't the whole picture at all. So it doesn't prove NextDns is as good as it says or as some others say who did such tests of their own.
 
  • Like
Reactions: Nevi and Kongo

Kongo

Level 36
Verified
Top Poster
Well-known
Feb 25, 2017
2,597
The main reason behind NextDns shining in most people's individual tests is that it entirely uses and depends on public free lists. And almost all individuals use the public free lists to test the filtering, because that is essentially what they can acquire without paying for a subscription fee.
So, its obvious that NextDns would shine in those tests. But that isn't the whole picture at all. So it doesn't prove NextDns is as good as it says or as some others say who did such tests of their own.
You said that multiple times. But you are only talking about the Threat Intelligence Feeds of NextDNS. It has more than that.
 

SohanRay

Level 5
Thread author
Mar 19, 2022
246
Thanks for sharing. In the end none of those sources are stating that NextDNS is weaker in malware and phishing protection than Quad9 except in this twitter post from another DNS provider. In the Youtube video it even performed a little better than Quad9. I like Quad9 and NextDNS but just think that there are not enough trustworthy tests about NextDNS to judge its efficiency. Considering that most people would also add external blocklists like oisd or Energized it's hard to rate NextDNS anyway.
Yeah i know, NextDns isn't compared by its filtering much. It isn't that popular yet. Its shouldn't be hard to compare actually. There shouldn't be any lists added in the privacy section and all the other security features should be turned on and then tested.
By the way, there were 2 youtube videos. In one quad9 performed much better. And that one is the more reliable one.
 

SohanRay

Level 5
Thread author
Mar 19, 2022
246
You said that multiple times. But you are only talking about the Threat Intelligence Feeds of NextDNS. It has more than that.
Well except for 2 or 3 of other security features like dns rebinding protection, all other security features are also just based on some public blocklists only. If you investigate their Github repository, you'll know.
And if you're talking about finding newly registered domains and AI... Well Quad9's partners have that too. Infact Quad9 is like using a dozen of such AI engines all combined effectively.
 
  • Like
Reactions: Nevi and Kongo

blackice

Level 39
Verified
Top Poster
Well-known
Apr 1, 2019
2,868
Yeah i know, NextDns isn't compared by its filtering much. It isn't that popular yet. Its shouldn't be hard to compare actually. There shouldn't be any lists added in the privacy section and all the other security features should be turned on and then tested.
By the way, there were 2 youtube videos. In one quad9 performed much better. And that one is the more reliable one.
I did note that in one of the tests where NextDNS came out on top that they used OISD and it blocked 2 extra items that Quad9 didn't. Which was the difference in the test.
 

SeriousHoax

Level 49
Verified
Top Poster
Well-known
Mar 16, 2019
3,867
For me an adblocking DNS is more important because my AV and if required a reputable browser extension can help with blocking malicious domains. Blocking ad related domains via DNS also reduces bandwidth and improves browsing speed. So NextDNS is an easier choice for me with its adblocking and malicious domain blocking ability.
There's also Adguard DNS, which can block ads as well as malicious sites, but the later part isn't as effective.
 

SohanRay

Level 5
Thread author
Mar 19, 2022
246
For me an adblocking DNS is more important because my AV and if required a reputable browser extension can help with blocking malicious domains. Blocking ad related domains via DNS also reduces bandwidth and improves browsing speed. So NextDNS is an easier choice for me with its adblocking and malicious domain blocking ability.
There's also Adguard DNS, which can block ads as well as malicious sites, but the later part isn't as effective.
True, adblocking is really important for me too for the same reasons and also that I am too used to a clean experience . But instead of paying for that, I am using the controld free dns with malware and ad blocking alongside Bitdefender antivirus which has the web protection feature and scam alert security features.
Why ControlD? Well you can see this post:

 

Kongo

Level 36
Verified
Top Poster
Well-known
Feb 25, 2017
2,597
Well except for 2 or 3 of other security features like dns rebinding protection, all other security features are also just based on some public blocklists only. If you investigate their Github repository, you'll know.
And if you're talking about finding newly registered domains and AI... Well Quad9's partners have that too. Infact Quad9 is like using a dozen of such AI engines all combined effectively.

Sources of Blocking Data​

Quad9 partners with many threat intelligence (TI) sources, both commercial and public. These partners provide threat data to Quad9 as part of their missions to help reduce risk and cybercrime on the Internet and also because their partnership with Quad9 may help them improve their own ability to detect these risks. The combination of philanthropic sponsorship coupled with a virtuous feedback loop of detection improvement creates conditions in which Quad9 users benefit as the usage of the platform increases – more blocks mean increased improvement of blocking feedback.
TI partners supply Quad9 with information about domains or hosts that they believe should be blocked, and in turn the partners receive near-real-time feedback from Quad9 on the volumetric rates of the threats they list. This volumetric data allows them to understand the rising or falling status of various threatening campaigns and allows them to improve the lists of risky domains they provide to Quad9. Quad9 is exclusively a distribution tool for the threat data generated by partners – we do not generate our own set of domain-based Indicators of Compromise (IOCs) and, therefore, do not compete with our TI partners.
Typically Quad9 obtains malicious domains from around twenty difference TI sources. Many of these sources have broad malware detection capabilities and provide wide coverage against newly emerging domain threats. Some are more specific – they may, for example, target niche markets such as financial fraud, homoglyphs, network IDS past behaviors, phishing detectable by visual object recognition, optical character recognition (OCR), structure and linkages to other sites, or app-based spyware. This combination of extremely diverse TI provider expertise allows Quad9 to be more effective than any other DNS blocking system that relies upon only its own source of malware or fraud domain detection.
This model of donated data and cooperative improvement exists because Quad9 is a not-for-profit organization whose goals are specifically aligned with the security and privacy of our end users and not with the extraction of money from customers. Quad9 continually adds to and modifies the set of threat providers to extend more accurate and rapid threat-blocking abilities to our user community.
Thats a quote from the Quad9 website. They don't say who their TI partners are and they don't say anything about their AI driven threat detection. Wish they would be more transparent in that matter.
 

SohanRay

Level 5
Thread author
Mar 19, 2022
246
Thats a quote from the Quad9 website. They don't say who their TI partners are and they don't say anything about their AI driven threat detection. Wish they would be more transparent in that matter.

You can find the partners here. Not all are listed. As they say, partners from sensitive industry like finance or Health aren't listed. You can go to the partners mentioned individual websites to find out more about them.
 
  • Thanks
Reactions: Kongo

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top