Advice Request CleanBrowsing DNS vs NextDNS vs ControlD DNS

Please provide comments and solutions that are helpful to the author of this topic.

CleanBrowsing DNS vs NextDNS vs ControlD DNS

  • CleanBrowsing DNS

    Votes: 0 0.0%
  • NextDNS

    Votes: 9 45.0%
  • ControlD DNS

    Votes: 2 10.0%
  • Other

    Votes: 9 45.0%

  • Total voters
    20

SohanRay

Level 5
Thread author
Mar 19, 2022
246
Thats what I said earlier. But why disabling such a feature when it's basically one of the advantages of NextDNS?
Right but as I said that's the result from one of the tests. You can check the Lawrence systems tests, NextDns was good but much behind Quad9.
And OISD is one and only such list in the privacy section that may make a difference. Any others are either just ads blocker or are already included in the threat intelligence feeds either directly or indirectly. And I am only talking about malicious domains filtering here.
 
  • Like
Reactions: cryogent and Kongo

blackice

Level 39
Verified
Top Poster
Well-known
Apr 1, 2019
2,868
Thats what I said earlier. But why disabling such a feature when it's basically one of the advantages of NextDNS?
Because I don't want to block ads on a network level, it results in too many "tech support" requests I don't have time for. And I don't want to sleep on the couch. I found it to work well on a device level basis if I am the one managing the device.

But if I am going to pay for a service I'd like to use it as the main solution for all our network and devices. Otherwise just using Quad9 is fine and then extensions for adblocking in browsers.
 

Kongo

Level 36
Verified
Top Poster
Well-known
Feb 25, 2017
2,597
Because I don't want to block ads on a network level, it results in too many "tech support" requests I don't have time for. And I don't want to sleep on the couch. I found it to work well on a device level basis if I am the one managing the device.

But if I am going to pay for a service I'd like to use it as the main solution for all our network and devices. Otherwise just using Quad9 is fine and then extensions for adblocking in browsers.
But oisd is regularly checked for false positives and is actually meant for those who prefer functionality over aggressive blocking. Did you really have problems with it?

 
  • Like
Reactions: Nevi and Trooper

Trooper

Level 17
Verified
Top Poster
Well-known
Aug 28, 2015
801
Because I don't want to block ads on a network level, it results in too many "tech support" requests I don't have time for. And I don't want to sleep on the couch. I found it to work well on a device level basis if I am the one managing the device.

But if I am going to pay for a service I'd like to use it as the main solution for all our network and devices. Otherwise just using Quad9 is fine and then extensions for adblocking in browsers.

Good point. But it also has Parental Controls etc for blocking social media and the like. I like it for this as well. I also do some geolocation blocking by using TLD. If Quad9 had more customization I would likely use it as default. I would not mind checking out controld but my trial is long gone. Would love to reset the clock on it somehow to see if it is any better than NextDNS.
 

cryogent

Level 7
Verified
Well-known
Oct 1, 2016
311
I don't know how good the other DNS services are but for me NextDNS is ideal especially as a level of customization (a plus for parental control with hourly restriction) , when you have a not very technical wife and a child who in 3-4 cases out of 10 clicks on any crap. I for example have activated in security everything and in privacy - Block disquised third party trackers, native tracking protection for phones and in filter lists - OISD, NextDNS on filter, Goodbye Ads, Adguard mobile filter. All of this combined with Adguard desktop/Android with their filters, the ones they maintain. So far I'm happy with the combination, my wife doesn't come screaming that something isn't working for her, my daughter has no problems with online school or browsing either and if there is a problem I can fix it quickly in Allowlist.
 

blackice

Level 39
Verified
Top Poster
Well-known
Apr 1, 2019
2,868
Good point. But it also has Parental Controls etc for blocking social media and the like. I like it for this as well. I also do some geolocation blocking by using TLD. If Quad9 had more customization I would likely use it as default. I would not mind checking out controld but my trial is long gone. Would love to reset the clock on it somehow to see if it is any better than NextDNS.
Currently I can do parental controls from my router, but yes those kinds of features from NextDNS are great.

But oisd is regularly checked for false positives and is actually meant for those who prefer functionality over aggressive blocking. Did you really have problems with it?

I never had any FPs personally. But leave it to a partner who window shops online in their free time to find something even OISD will break. It also messed with streaming sticks, mainly it kept the PBS kids app from working at all and I couldn't figure out what to exclude despite excluding just about everything that popped up when that stick was active.
 

superleeds27

Level 7
Verified
Apr 5, 2017
339
Because I don't want to block ads on a network level, it results in too many "tech support" requests I don't have time for. And I don't want to sleep on the couch. I found it to work well on a device level basis if I am the one managing the device.

But if I am going to pay for a service I'd like to use it as the main solution for all our network and devices. Otherwise just using Quad9 is fine and then extensions for adblocking in browsers.
This. Use Nextdns for my devices but for everyone else it's a UBO/Adguard browser plugin.

DNS is the default ISP, which I'm tempting to switch away from to Quad9. If that's the right move
 

SohanRay

Level 5
Thread author
Mar 19, 2022
246
This. Use Nextdns for my devices but for everyone else it's a UBO/Adguard browser plugin.

DNS is the default ISP, which I'm tempting to switch away from to Quad9. If that's the right move
Well Quad9 does what it says. So, you can rest assured about that.
 
  • Like
Reactions: Trooper

blackice

Level 39
Verified
Top Poster
Well-known
Apr 1, 2019
2,868
This. Use Nextdns for my devices but for everyone else it's a UBO/Adguard browser plugin.

DNS is the default ISP, which I'm tempting to switch away from to Quad9. If that's the right move
If you are worried about CDN performance for things like streaming you can use 9.9.9.11, their DNS with ECS support. Just know that the CDNs will be able to see part of your IP associated with the DNS request and know what city you are in. For me, that's fine, but for others that's an issue. If you are using a big ISP like Verizon or Comcast (in the US for example) they have cached servers that host things like Netflix on their edge systems that will be faster and don't (supposedly) get accessed when going with an outside DNS provider.
 
  • Like
Reactions: superleeds27

SohanRay

Level 5
Thread author
Mar 19, 2022
246
Well Quad9 does what it says. So, you can rest assured about that.
I used to use Nextdns, but as I investigated more, I found around 35 percent of the free public lists that they use for their protection features like Threat intelligence feeds, Typosquating protection, Cryptojacking protection, Blocking parked domains are outdated and haven't been updated for months. Even the rest of other threat feeds ,many don't even receive daily updates, let alone hourly updates.
Also, no matter how much you try to reach them and ask them to fix things, they are just not there to listen or respond. Sometimes they ignore so much I feel they might be planning to shut down the service soon.
So in the end I decided not to continue with it.
 

SohanRay

Level 5
Thread author
Mar 19, 2022
246
Yeah, they have been pretty spotty with responses to issues. As for Quad9, I had a routing issue the other day and within 8 hours I got a thorough and detailed response, which I really appreciated.
Exactly, even after being free and providing such a reliable threat intelligence, their responses over emails are commendable.
 
  • Like
Reactions: SeriousHoax

superleeds27

Level 7
Verified
Apr 5, 2017
339
If you are worried about CDN performance for things like streaming you can use 9.9.9.11, their DNS with ECS support. Just know that the CDNs will be able to see part of your IP associated with the DNS request and know what city you are in. For me, that's fine, but for others that's an issue. If you are using a big ISP like Verizon or Comcast (in the US for example) they have cached servers that host things like Netflix on their edge systems that will be faster and don't (supposedly) get accessed when going with an outside DNS provider.
Thanks. Might take a look at that 9.9.9.11
 

superleeds27

Level 7
Verified
Apr 5, 2017
339
Thanks for sharing. In the end none of those sources are stating that NextDNS is weaker in malware and phishing protection than Quad9 except in this twitter post from another DNS provider. In the Youtube video it even performed a little better than Quad9. I like Quad9 and NextDNS but just think that there are not enough trustworthy tests about NextDNS to judge its efficiency. Considering that most people would also add external blocklists like oisd or Energized it's hard to rate NextDNS anyway.
 

superleeds27

Level 7
Verified
Apr 5, 2017
339
In regards to Nextdns. Is it worth disabling the malware blocking etc? Surely if the lists are outdated or not checked/updated then valid/clean domains could still be in that list?

Edit
This article is interesting too:


However it's 4 years old so things could have changed? Cleanbrowsing seems to work well, but again, 4 years old!
 
Last edited:
  • Like
Reactions: Nevi and SohanRay

SohanRay

Level 5
Thread author
Mar 19, 2022
246
Any thoughts on SafeDNS?

In regards to Nextdns. Is it worth disabling the malware blocking etc? Surely if the lists are outdated or not checked/updated then valid/clean domains could still be in that list?
No, there's no need to disable protection features. What would happen when outdated lists are being used, is that probably those domains in the lists are already dead. And of course the new malicious ones aren't being added. So if the old domains are present in any case, the lists might help. There could be false positives, but i would recommend to add them manually in the allow list.

And about safedns, i had talked to them. I don't know how well their filtering works exactly. But they seem to focus on parental features than security ones. And also their implementation of their service is, well with issues. They can't be used in Android devices by putting a hostname in private dns settings. Also I think they don't support dns encryption in many platforms/scenarios. I had a chat with them on email and that's what I discovered.
 

superleeds27

Level 7
Verified
Apr 5, 2017
339
No, there's no need to disable protection features. What would happen when outdated lists are being used, is that probably those domains in the lists are already dead. And of course the new malicious ones aren't being added. So if the old domains are present in any case, the lists might help. There could be false positives, but i would recommend to add them manually in the allow list.
So really for a bog standard home router config, NextDNS isn't the answer.

Ideally needs to be something that's active. So either Quad9 or Cleanbrowsing
 
  • Like
Reactions: SohanRay

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top