- Feb 25, 2017
- 2,585
Thanks
You can find the partners here. Not all are listed. As they say, partners from sensitive industry like finance or Health aren't listed. You can go to the partners mentioned individual websites to find out more about them.
CleanBrowsing DNS vs NextDNS vs ControlD DNS
- Thread starter SohanRay
- Start date
Please provide comments and solutions that are helpful to the author of this topic.
- Mar 19, 2022
- 246
Right but as I said that's the result from one of the tests. You can check the Lawrence systems tests, NextDns was good but much behind Quad9.
And OISD is one and only such list in the privacy section that may make a difference. Any others are either just ads blocker or are already included in the threat intelligence feeds either directly or indirectly. And I am only talking about malicious domains filtering here.
- Apr 1, 2019
- 2,868
Because I don't want to block ads on a network level, it results in too many "tech support" requests I don't have time for. And I don't want to sleep on the couch. I found it to work well on a device level basis if I am the one managing the device.
But if I am going to pay for a service I'd like to use it as the main solution for all our network and devices. Otherwise just using Quad9 is fine and then extensions for adblocking in browsers.
- Feb 25, 2017
- 2,585
But oisd is regularly checked for false positives and is actually meant for those who prefer functionality over aggressive blocking. Did you really have problems with it?
- Aug 28, 2015
- 801
Good point. But it also has Parental Controls etc for blocking social media and the like. I like it for this as well. I also do some geolocation blocking by using TLD. If Quad9 had more customization I would likely use it as default. I would not mind checking out controld but my trial is long gone. Would love to reset the clock on it somehow to see if it is any better than NextDNS.
- Oct 1, 2016
- 310
I don't know how good the other DNS services are but for me NextDNS is ideal especially as a level of customization (a plus for parental control with hourly restriction) , when you have a not very technical wife and a child who in 3-4 cases out of 10 clicks on any crap. I for example have activated in security everything and in privacy - Block disquised third party trackers, native tracking protection for phones and in filter lists - OISD, NextDNS on filter, Goodbye Ads, Adguard mobile filter. All of this combined with Adguard desktop/Android with their filters, the ones they maintain. So far I'm happy with the combination, my wife doesn't come screaming that something isn't working for her, my daughter has no problems with online school or browsing either and if there is a problem I can fix it quickly in Allowlist.
- Apr 1, 2019
- 2,868
Currently I can do parental controls from my router, but yes those kinds of features from NextDNS are great.
I never had any FPs personally. But leave it to a partner who window shops online in their free time to find something even OISD will break. It also messed with streaming sticks, mainly it kept the PBS kids app from working at all and I couldn't figure out what to exclude despite excluding just about everything that popped up when that stick was active.
This. Use Nextdns for my devices but for everyone else it's a UBO/Adguard browser plugin.
DNS is the default ISP, which I'm tempting to switch away from to Quad9. If that's the right move
- Mar 19, 2022
- 246
Well Quad9 does what it says. So, you can rest assured about that.
- Apr 1, 2019
- 2,868
If you are worried about CDN performance for things like streaming you can use 9.9.9.11, their DNS with ECS support. Just know that the CDNs will be able to see part of your IP associated with the DNS request and know what city you are in. For me, that's fine, but for others that's an issue. If you are using a big ISP like Verizon or Comcast (in the US for example) they have cached servers that host things like Netflix on their edge systems that will be faster and don't (supposedly) get accessed when going with an outside DNS provider.
- Mar 19, 2022
- 246
I used to use Nextdns, but as I investigated more, I found around 35 percent of the free public lists that they use for their protection features like Threat intelligence feeds, Typosquating protection, Cryptojacking protection, Blocking parked domains are outdated and haven't been updated for months. Even the rest of other threat feeds ,many don't even receive daily updates, let alone hourly updates.
Also, no matter how much you try to reach them and ask them to fix things, they are just not there to listen or respond. Sometimes they ignore so much I feel they might be planning to shut down the service soon.
So in the end I decided not to continue with it.
- Apr 1, 2019
- 2,868
Yeah, they have been pretty spotty with responses to issues. As for Quad9, I had a routing issue the other day and within 8 hours I got a thorough and detailed response, which I really appreciated.
- Mar 19, 2022
- 246
Exactly, even after being free and providing such a reliable threat intelligence, their responses over emails are commendable.
- Aug 28, 2015
- 801
So you can reach out to them for issues and they respond? That is certainly nice.
- Apr 1, 2019
- 2,868
Yes, they were quick to respond. They couldn't fix the issue due to my ISP, but they explained thoroughly why it was happening and informed me of an upcoming change in the near future near me that might help.
In regards to Nextdns. Is it worth disabling the malware blocking etc? Surely if the lists are outdated or not checked/updated then valid/clean domains could still be in that list?
Edit
This article is interesting too:
medium.com
However it's 4 years old so things could have changed? Cleanbrowsing seems to work well, but again, 4 years old!
Edit
This article is interesting too:
Phishing Protection — Comparing DNS Security Filters
I was reading an article from Brian Krebs about the Real Jokers Stash and the crazy stuff that goes into the darkweb / cybercrime forums…
medium.com
However it's 4 years old so things could have changed? Cleanbrowsing seems to work well, but again, 4 years old!
Last edited:
- Mar 19, 2022
- 246
No, there's no need to disable protection features. What would happen when outdated lists are being used, is that probably those domains in the lists are already dead. And of course the new malicious ones aren't being added. So if the old domains are present in any case, the lists might help. There could be false positives, but i would recommend to add them manually in the allow list.
And about safedns, i had talked to them. I don't know how well their filtering works exactly. But they seem to focus on parental features than security ones. And also their implementation of their service is, well with issues. They can't be used in Android devices by putting a hostname in private dns settings. Also I think they don't support dns encryption in many platforms/scenarios. I had a chat with them on email and that's what I discovered.
So really for a bog standard home router config, NextDNS isn't the answer.
Ideally needs to be something that's active. So either Quad9 or Cleanbrowsing
