Advice Request CleanBrowsing DNS vs NextDNS vs ControlD DNS

Please provide comments and solutions that are helpful to the author of this topic.

CleanBrowsing DNS vs NextDNS vs ControlD DNS

  • CleanBrowsing DNS

    Votes: 0 0.0%
  • NextDNS

    Votes: 9 45.0%
  • ControlD DNS

    Votes: 2 10.0%
  • Other

    Votes: 9 45.0%

  • Total voters
    20

blackice

Level 39
Verified
Top Poster
Well-known
Apr 1, 2019
2,868
If you use tls/quic protocol with nextdns it will not be using anycast and its always the closest dns server gets used.
With TLS......

View attachment 266499
With DOH......

View attachment 266500
True, it will use the closest server that supports TLS. Unfortunately TLS is the least stable DNS protocol with the highest lookup failure rate. I have had too many complaints in the house when using DoT on our network. The closest NextDNS server to us is not enabled with DoT. So we still get routed pretty far away. DNS is highly variable based on where the user is and what is available near them. We are in a medium sized city in the US, and the closest DNS servers by hundreds of miles are our ISP servers.
 

blackice

Level 39
Verified
Top Poster
Well-known
Apr 1, 2019
2,868
My point is not to throw shade at these services. I in fact like NextDNS, Quad9, Cloudflare, and Cleanbrowsing. But rather it is good to know you can't just tell someone what DNS setup is going to be fastest for their location and use case.
 

Brahman

Level 18
Verified
Top Poster
Well-known
Aug 22, 2013
892
My point is not to throw shade at these services. I in fact like NextDNS, Quad9, Cloudflare, and Cleanbrowsing. But rather it is good to know you can't just tell someone what DNS setup is going to be fastest for their location and use case.
Exactly, it differs from one location to another and the quality is subjective, to some speed is everything and to some security. So it boils down to one's personal preference.
 

flaubert1971

Level 2
Oct 14, 2019
71
No, I don't want to put these dns services in a bad light either. I wrote about nextdns because there is a lot of talk about it in this forum and this led me to try it.
The strange thing is that I see many who worry about choosing an antivirus that does not slow down the web browsing speed but who then do not care if a dns service does this.😀
 

blackice

Level 39
Verified
Top Poster
Well-known
Apr 1, 2019
2,868
No, I don't want to put these dns services in a bad light either. I wrote about nextdns because there is a lot of talk about it in this forum and this led me to try it.
The strange thing is that I see many who worry about choosing an antivirus that does not slow down the web browsing speed but who then do not care if a dns service does this.😀
Yep! With a browser extension you can just not bother and use your ISP if you want speed. For my network I use the ISP for streaming devices and other people's devices not having issues. For my personal devices I play around with encrypted DNS. I go back to the ISP sometimes for performance.
 

Templarware

Level 10
Verified
Well-known
Mar 13, 2021
462
Some users on NextDNS forums say that NextDNS with OISD list is better than Quad9.
When I check the lists it always say updated hours ago. So how come they're not updated for months?
 
Last edited:

Trooper

Level 17
Verified
Top Poster
Well-known
Aug 28, 2015
801
Some users on NextDNS forums say that NextDNS with OISD list is better than Quad9.
When I check the lists it always say updated hours ago. So how come they're not update d for months?

This is from my NextDNS portal.

1652397490580.png
 
  • Like
Reactions: Kongo

Templarware

Level 10
Verified
Well-known
Mar 13, 2021
462
I sincerely doubt OISD outperforms Quad9 in terms of threat intelligence. Quad9 works with major players in corporate security and OISD is more focused on blocking trackers and ads.
What about OISD,, with a few other lists, block new domains and AI-Driven Threat Protection?
Also I'm curious to know if Quad9 has DNS Rebinding protectiona and Cryptojacking protection.
 
  • Like
Reactions: blackice and Kongo

Kongo

Level 36
Verified
Top Poster
Well-known
Feb 25, 2017
2,597
What about OISD,, with a few other lists, block new domains and AI-Driven Threat Protection?
Also I'm curious to know if Quad9 has DNS Rebinding protectiona and Cryptojacking protection.
DNS Rebinding protection is integrated into most routers nowadays. Cryptojacking protection is also just a simple combination of blocklist as far as I know. So Quad9 Threat Intelligence will probably block most of the cryptomining websites too. Still I think that NextDNS with oisd blocklist provides similar protection compared to Quad9. NextDNS development seems to be very slow tho, and also the support is pretty much non-existent. So I am not sure how well maintained their built in blocklists will be in the future. Might be a reason to switch DNS providers…
 

blackice

Level 39
Verified
Top Poster
Well-known
Apr 1, 2019
2,868
What about OISD,, with a few other lists, block new domains and AI-Driven Threat Protection?
Also I'm curious to know if Quad9 has DNS Rebinding protectiona and Cryptojacking protection.
With NextDNS other security filters OISD can be a good addition. It all depends on what you need. For purely security I could use Quad9. Hard to test though since NextDNS gets all of their feeds from public bad URL lists, which is what most people use to test. It makes it look very strong, and it is, but that could be potentially misleading.
 

Templarware

Level 10
Verified
Well-known
Mar 13, 2021
462
DNS Rebinding protection is integrated into most routers nowadays. Cryptojacking protection is also just a simple combination of blocklist as far as I know. So Quad9 Threat Intelligence will probably block most of the cryptomining websites too. Still I think that NextDNS with oisd blocklist provides similar protection compared to Quad9. NextDNS development seems to be very slow tho, and also the support is pretty much non-existent. So I am not sure how well maintained their built in blocklists will be in the future. Might be a reason to switch DNS providers…
With NextDNS other security filters OISD can be a good addition. It all depends on what you need. For purely security I could use Quad9. Hard to test though since NextDNS gets all of their feeds from public bad URL lists, which is what most people use to test. It makes it look very strong, and it is, but that could be potentially misleading.

So maybe Quad9 is a better choice for home routers, while NextDNS is a better option for smartphones.
 
  • Like
Reactions: Kongo

Kongo

Level 36
Verified
Top Poster
Well-known
Feb 25, 2017
2,597
So maybe Quad9 is a better choice for home routers, while NextDNS is a better option for smartphones.
I would always pick NextDNS over Quad9 on any mobile device, as it's a solid option to block trackers and ads in any app. I also enabled Apple-Tracking Protection in the privacy tab, that blocks even some trackers related to Apple. Quad9 is no doubt a great DNS service, but it's too unflexible for my taste...

NextDNS gets all of their feeds from public bad URL lists, which is what most people use to test. It makes it look very strong, and it is, but that could be potentially misleading.
I am pretty sure that @SohanRay also mentioned that NextDNS is adding Threat Intelligence Feeds from big players. Not sure if they did that already tho...
 

Templarware

Level 10
Verified
Well-known
Mar 13, 2021
462
The same way on PC you can use uBlock, but Quad9 won't block adds outside de browser and on Smart TVs, etc...
If Quad9 had adblocking it would be the absolute favorite.
 
  • Like
Reactions: SohanRay

SohanRay

Level 5
Thread author
Mar 19, 2022
246
DNS Rebinding protection is integrated into most routers nowadays. Cryptojacking protection is also just a simple combination of blocklist as far as I know. So Quad9 Threat Intelligence will probably block most of the cryptomining websites too. Still I think that NextDNS with oisd blocklist provides similar protection compared to Quad9. NextDNS development seems to be very slow tho, and also the support is pretty much non-existent. So I am not sure how well maintained their built in blocklists will be in the future. Might be a reason to switch DNS providers…
Not a chance . Nextdns is better at protecting privacy as it blocks ads and trackers. But Quad9 has far better and vast threat intelligence from leading cybersecurity companies, finance companies, Health companies and also law enforcement agencies. Nextdns uses open source free sources only, that too 35% of them are outdated and not updated any more. That goes for other protection features apart from threat intelligence feeds that uses blocklists too.
AI and NRD are the only good things.
Quad9 though doesn't have dns rebinding protection in built. Nextdns has it but for only one kind of dns rebinding attack. There are several forms of dns rebinding attacks present, and Nextdns has protection against only one kind. So does others like ControlD. But I guess some is better than nothing. Quad9 also has AI threat feeds from Bfore.ai that predicts future malicious domains that will come into existence.
No matter what extra blocklists one adds from the privacy settings in Nextdns,it cannot come close to Quad9. Although, if Nextdns in future at all does start importing threat intel from premium sources, only then it might stand a chance. But that's a big IF. Because, since past quite a few months, Nextdns devs and other team members have been dormant like a volcano. Not responding to requests or making any developments. It won't be surprising if they give up and shut down Nextdns for good.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top