Advice Request CleanBrowsing DNS vs NextDNS vs ControlD DNS

Please provide comments and solutions that are helpful to the author of this topic.

CleanBrowsing DNS vs NextDNS vs ControlD DNS

  • CleanBrowsing DNS

    Votes: 0 0.0%

  • NextDNS

    Votes: 9 45.0%

  • ControlD DNS

    Votes: 2 10.0%

  • Other

    Votes: 9 45.0%
  • Total voters
    20
blackice

blackice

Level 38
Verified
Top Poster
Well-known
Apr 1, 2019
2,781
JoyousBudweiser said:
If you use tls/quic protocol with nextdns it will not be using anycast and its always the closest dns server gets used.
With TLS......

View attachment 266499
With DOH......

View attachment 266500
Click to expand...
True, it will use the closest server that supports TLS. Unfortunately TLS is the least stable DNS protocol with the highest lookup failure rate. I have had too many complaints in the house when using DoT on our network. The closest NextDNS server to us is not enabled with DoT. So we still get routed pretty far away. DNS is highly variable based on where the user is and what is available near them. We are in a medium sized city in the US, and the closest DNS servers by hundreds of miles are our ISP servers.
 
  • Like
Reactions: cryogent, flaubert1971 and Brahman
blackice

blackice

Level 38
Verified
Top Poster
Well-known
Apr 1, 2019
2,781
My point is not to throw shade at these services. I in fact like NextDNS, Quad9, Cloudflare, and Cleanbrowsing. But rather it is good to know you can't just tell someone what DNS setup is going to be fastest for their location and use case.
 
  • Like
Reactions: cryogent, flaubert1971 and Brahman
Brahman

Brahman

Level 17
Verified
Top Poster
Well-known
Aug 22, 2013
821
blackice said:
My point is not to throw shade at these services. I in fact like NextDNS, Quad9, Cloudflare, and Cleanbrowsing. But rather it is good to know you can't just tell someone what DNS setup is going to be fastest for their location and use case.
Click to expand...
Exactly, it differs from one location to another and the quality is subjective, to some speed is everything and to some security. So it boils down to one's personal preference.
 
  • Like
Reactions: cryogent, Back3 and blackice
flaubert1971

flaubert1971

Level 2
Oct 14, 2019
65
No, I don't want to put these dns services in a bad light either. I wrote about nextdns because there is a lot of talk about it in this forum and this led me to try it.
The strange thing is that I see many who worry about choosing an antivirus that does not slow down the web browsing speed but who then do not care if a dns service does this.😀
 
  • Like
Reactions: Brahman and blackice
blackice

blackice

Level 38
Verified
Top Poster
Well-known
Apr 1, 2019
2,781
flaubert1971 said:
No, I don't want to put these dns services in a bad light either. I wrote about nextdns because there is a lot of talk about it in this forum and this led me to try it.
The strange thing is that I see many who worry about choosing an antivirus that does not slow down the web browsing speed but who then do not care if a dns service does this.😀
Click to expand...
Yep! With a browser extension you can just not bother and use your ISP if you want speed. For my network I use the ISP for streaming devices and other people's devices not having issues. For my personal devices I play around with encrypted DNS. I go back to the ISP sometimes for performance.
 
  • Like
Reactions: flaubert1971, Brahman and cryogent
Templarware

Templarware

Level 9
Verified
Well-known
Mar 13, 2021
417
Some users on NextDNS forums say that NextDNS with OISD list is better than Quad9.
When I check the lists it always say updated hours ago. So how come they're not updated for months?
 
Last edited:
Trooper

Trooper

Level 16
Verified
Top Poster
Well-known
Aug 28, 2015
772
Templarware said:
Some users on NextDNS forums say that NextDNS with OISD list is better than Quad9.
When I check the lists it always say updated hours ago. So how come they're not update d for months?
Click to expand...

This is from my NextDNS portal.

1652397490580.png
 
  • Like
Reactions: Kongo
Templarware

Templarware

Level 9
Verified
Well-known
Mar 13, 2021
417
blackice said:
I sincerely doubt OISD outperforms Quad9 in terms of threat intelligence. Quad9 works with major players in corporate security and OISD is more focused on blocking trackers and ads.
Click to expand...
What about OISD,, with a few other lists, block new domains and AI-Driven Threat Protection?
Also I'm curious to know if Quad9 has DNS Rebinding protectiona and Cryptojacking protection.
 
  • Like
Reactions: blackice and Kongo
Kongo

Kongo

Level 35
Verified
Top Poster
Well-known
Feb 25, 2017
2,498
Templarware said:
What about OISD,, with a few other lists, block new domains and AI-Driven Threat Protection?
Also I'm curious to know if Quad9 has DNS Rebinding protectiona and Cryptojacking protection.
Click to expand...
DNS Rebinding protection is integrated into most routers nowadays. Cryptojacking protection is also just a simple combination of blocklist as far as I know. So Quad9 Threat Intelligence will probably block most of the cryptomining websites too. Still I think that NextDNS with oisd blocklist provides similar protection compared to Quad9. NextDNS development seems to be very slow tho, and also the support is pretty much non-existent. So I am not sure how well maintained their built in blocklists will be in the future. Might be a reason to switch DNS providers…
 
  • Like
Reactions: blackice and Templarware
blackice

blackice

Level 38
Verified
Top Poster
Well-known
Apr 1, 2019
2,781
Templarware said:
What about OISD,, with a few other lists, block new domains and AI-Driven Threat Protection?
Also I'm curious to know if Quad9 has DNS Rebinding protectiona and Cryptojacking protection.
Click to expand...
With NextDNS other security filters OISD can be a good addition. It all depends on what you need. For purely security I could use Quad9. Hard to test though since NextDNS gets all of their feeds from public bad URL lists, which is what most people use to test. It makes it look very strong, and it is, but that could be potentially misleading.
 
  • Like
  • +Reputation
Reactions: Kongo, Templarware and Gandalf_The_Grey
Templarware

Templarware

Level 9
Verified
Well-known
Mar 13, 2021
417
SecureKongo said:
DNS Rebinding protection is integrated into most routers nowadays. Cryptojacking protection is also just a simple combination of blocklist as far as I know. So Quad9 Threat Intelligence will probably block most of the cryptomining websites too. Still I think that NextDNS with oisd blocklist provides similar protection compared to Quad9. NextDNS development seems to be very slow tho, and also the support is pretty much non-existent. So I am not sure how well maintained their built in blocklists will be in the future. Might be a reason to switch DNS providers…
Click to expand...
blackice said:
With NextDNS other security filters OISD can be a good addition. It all depends on what you need. For purely security I could use Quad9. Hard to test though since NextDNS gets all of their feeds from public bad URL lists, which is what most people use to test. It makes it look very strong, and it is, but that could be potentially misleading.
Click to expand...

So maybe Quad9 is a better choice for home routers, while NextDNS is a better option for smartphones.
 
  • Like
Reactions: Kongo
Kongo

Kongo

Level 35
Verified
Top Poster
Well-known
Feb 25, 2017
2,498
Templarware said:
So maybe Quad9 is a better choice for home routers, while NextDNS is a better option for smartphones.
Click to expand...
I would always pick NextDNS over Quad9 on any mobile device, as it's a solid option to block trackers and ads in any app. I also enabled Apple-Tracking Protection in the privacy tab, that blocks even some trackers related to Apple. Quad9 is no doubt a great DNS service, but it's too unflexible for my taste...

blackice said:
NextDNS gets all of their feeds from public bad URL lists, which is what most people use to test. It makes it look very strong, and it is, but that could be potentially misleading.
Click to expand...
I am pretty sure that @SohanRay also mentioned that NextDNS is adding Threat Intelligence Feeds from big players. Not sure if they did that already tho...
 
  • Like
Reactions: Thales and Templarware
Templarware

Templarware

Level 9
Verified
Well-known
Mar 13, 2021
417
The same way on PC you can use uBlock, but Quad9 won't block adds outside de browser and on Smart TVs, etc...
If Quad9 had adblocking it would be the absolute favorite.
 
  • Like
Reactions: SohanRay
SohanRay

SohanRay

Level 5
Thread author
Mar 19, 2022
246
SecureKongo said:
DNS Rebinding protection is integrated into most routers nowadays. Cryptojacking protection is also just a simple combination of blocklist as far as I know. So Quad9 Threat Intelligence will probably block most of the cryptomining websites too. Still I think that NextDNS with oisd blocklist provides similar protection compared to Quad9. NextDNS development seems to be very slow tho, and also the support is pretty much non-existent. So I am not sure how well maintained their built in blocklists will be in the future. Might be a reason to switch DNS providers…
Click to expand...
Not a chance . Nextdns is better at protecting privacy as it blocks ads and trackers. But Quad9 has far better and vast threat intelligence from leading cybersecurity companies, finance companies, Health companies and also law enforcement agencies. Nextdns uses open source free sources only, that too 35% of them are outdated and not updated any more. That goes for other protection features apart from threat intelligence feeds that uses blocklists too.
AI and NRD are the only good things.
Quad9 though doesn't have dns rebinding protection in built. Nextdns has it but for only one kind of dns rebinding attack. There are several forms of dns rebinding attacks present, and Nextdns has protection against only one kind. So does others like ControlD. But I guess some is better than nothing. Quad9 also has AI threat feeds from Bfore.ai that predicts future malicious domains that will come into existence.
No matter what extra blocklists one adds from the privacy settings in Nextdns,it cannot come close to Quad9. Although, if Nextdns in future at all does start importing threat intel from premium sources, only then it might stand a chance. But that's a big IF. Because, since past quite a few months, Nextdns devs and other team members have been dormant like a volcano. Not responding to requests or making any developments. It won't be surprising if they give up and shut down Nextdns for good.
 
  • Like
Reactions: brambedkar59, Trooper and Templarware

Similar threads

SohanRay
Question Does blocking private IP addresses to protect against DNS rebinding really help?
Replies
1
Views
497
VPN and DNS
Bot
Bot
SohanRay
    • Like
Advice Request NextDNS/ControlD vs Quad9, AV Web Protection
Replies
93
Views
14,676
VPN and DNS
windscribe
windscribe
jetman
    • Like
    • Thanks
Question Is there any independent testing of DNS providers?
Replies
4
Views
1,285
VPN and DNS
jetman
jetman

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top