Advice Request CleanBrowsing DNS vs NextDNS vs ControlD DNS

Please provide comments and solutions that are helpful to the author of this topic.

CleanBrowsing DNS vs NextDNS vs ControlD DNS

  • CleanBrowsing DNS

    Votes: 0 0.0%
  • NextDNS

    Votes: 9 45.0%
  • ControlD DNS

    Votes: 2 10.0%
  • Other

    Votes: 9 45.0%

  • Total voters
    20

AG3S

Level 2
Oct 14, 2020
62
No dns blocking can ever block YouTube ads. That's not possible. You'll require specific https filtering extension or app for that.
UBlock on my PC's FireFox and also on my Android's is blocking Youtube ads.

But obviously you can not block the ads inside the YT app. For that I would recommend "NewPipe" which is amazing.... but since it does not have any trackers therefore, the suggestions will not be as it is in the official YT app.

Privacy is always give and take.
 

Templarware

Level 10
Verified
Well-known
Mar 13, 2021
462
If some network is blocking the use of encrypted DNS, what are your choices? Anything on the software level, like an adblocker, what can prevent them for seeing the websites you visit?
 

Nightwalker

Level 24
Verified
Honorary Member
Top Poster
Content Creator
Well-known
May 26, 2014
1,339
If some network is blocking the use of encrypted DNS, what are your choices? Anything on the software level, like an adblocker, what can prevent them for seeing the websites you visit?

I dont think that is possible to block encrypted DNS on a network level without blocking "everything" (ex: DNS over HTTPS); nothing besides a VPN or a Tor browser (not recommended) can prevent that kind of snoop.

With DNS over HTTPS (DoH), DNS queries and responses are encrypted and sent via the HTTP or HTTP/2 protocols. DoH ensures that attackers cannot forge or alter DNS traffic. DoH uses port 443, which is the standard HTTPS traffic port, to wrap the DNS query in an HTTPS request. DNS queries and responses are camouflaged within other HTTPS traffic, since it all comes and goes from the same port.
 

Templarware

Level 10
Verified
Well-known
Mar 13, 2021
462
I dont think that is possible to block encrypted DNS on a network level without blocking "everything" (ex: DNS over HTTPS); nothing besides a VPN or a Tor browser (not recommended) can prevent that kind of snoop.
I use a network that it shows in the Wifi settings "This network doesn't allow the use of cryptographed DNS", when I use NextDNS, I get no internet.
 

Nightwalker

Level 24
Verified
Honorary Member
Top Poster
Content Creator
Well-known
May 26, 2014
1,339
I use a network that it shows in the Wifi settings "This network doesn't allow the use of cryptographed DNS", when I use NextDNS, I get no internet.

Did you tried DNS Over HTTPS (DoH) ?

The other methods can be blocked, DoH cant.

Try to use NextDNS directly in your browser or via YogaDNS client with the appropriate configuration.
 

blackice

Level 39
Verified
Top Poster
Well-known
Apr 1, 2019
2,867
I dont think that is possible to block encrypted DNS on a network level without blocking "everything" (ex: DNS over HTTPS); nothing besides a VPN or a Tor browser (not recommended) can prevent that kind of snoop.
All you need is the destination IP address to block DoH. The packet has to be going somewhere even if you can’t read it.
 

Nightwalker

Level 24
Verified
Honorary Member
Top Poster
Content Creator
Well-known
May 26, 2014
1,339
All you need is the destination IP address to block DoH. The packet has to be going somewhere even if you can’t read it.

This is more theoretical than pratical, DoH is camouflaged within other HTTPS traffic.
 
  • Like
Reactions: Kongo

blackice

Level 39
Verified
Top Poster
Well-known
Apr 1, 2019
2,867
This is more theoretical than pratical, DoH is camouflaged within other HTTPS traffic.
No you just use an ip table list of DoH providers and block packets heading to those IPs through port 443. It’s cumbersome, but organizations are definitely capable if they want to deal with the hassle.
 

Nightwalker

Level 24
Verified
Honorary Member
Top Poster
Content Creator
Well-known
May 26, 2014
1,339
No you just use an ip table list of DoH providers and block packets heading to those IPs through port 443. It’s cumbersome, but organizations are definitely capable if they want to deal with the hassle.

By this method?


Dont seen that effective.
 

Nightwalker

Level 24
Verified
Honorary Member
Top Poster
Content Creator
Well-known
May 26, 2014
1,339
  • Thanks
Reactions: Kongo

blackice

Level 39
Verified
Top Poster
Well-known
Apr 1, 2019
2,867
By this method?


Dont seen that effective.
It's effective to block, ineffective to redirect because it breaks the encryption. You would just have no ability to resolve anything and have to maintain the IP tables.
 
  • Like
Reactions: Kongo

Kongo

Level 36
Verified
Top Poster
Well-known
Feb 25, 2017
2,585
  • Like
Reactions: blackice

blackice

Level 39
Verified
Top Poster
Well-known
Apr 1, 2019
2,867
Anyway, sorry to derail the conversation. The point is it can be blocked, easily by corps with the resources to do it. But it would be noticeable and very difficult to redirect. One would know they are being blocked.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top