Advice Request CleanBrowsing DNS vs NextDNS vs ControlD DNS

Please provide comments and solutions that are helpful to the author of this topic.

CleanBrowsing DNS vs NextDNS vs ControlD DNS

  • CleanBrowsing DNS

    Votes: 0 0.0%

  • NextDNS

    Votes: 16 44.4%

  • ControlD DNS

    Votes: 3 8.3%

  • Other

    Votes: 17 47.2%
  • Total voters
    36
JoyousBudweiser said:
If you use tls/quic protocol with nextdns it will not be using anycast and its always the closest dns server gets used.
With TLS......

View attachment 266499
With DOH......

View attachment 266500
Click to expand...
True, it will use the closest server that supports TLS. Unfortunately TLS is the least stable DNS protocol with the highest lookup failure rate. I have had too many complaints in the house when using DoT on our network. The closest NextDNS server to us is not enabled with DoT. So we still get routed pretty far away. DNS is highly variable based on where the user is and what is available near them. We are in a medium sized city in the US, and the closest DNS servers by hundreds of miles are our ISP servers.
 
  • Like
Reactions: cryogent, flaubert1971 and Brahman
My point is not to throw shade at these services. I in fact like NextDNS, Quad9, Cloudflare, and Cleanbrowsing. But rather it is good to know you can't just tell someone what DNS setup is going to be fastest for their location and use case.
 
  • Like
Reactions: cryogent, flaubert1971 and Brahman
blackice said:
My point is not to throw shade at these services. I in fact like NextDNS, Quad9, Cloudflare, and Cleanbrowsing. But rather it is good to know you can't just tell someone what DNS setup is going to be fastest for their location and use case.
Click to expand...
Exactly, it differs from one location to another and the quality is subjective, to some speed is everything and to some security. So it boils down to one's personal preference.
 
  • Like
Reactions: cryogent, Back3 and blackice
No, I don't want to put these dns services in a bad light either. I wrote about nextdns because there is a lot of talk about it in this forum and this led me to try it.
The strange thing is that I see many who worry about choosing an antivirus that does not slow down the web browsing speed but who then do not care if a dns service does this.😀
 
  • Like
Reactions: Brahman and blackice
flaubert1971 said:
No, I don't want to put these dns services in a bad light either. I wrote about nextdns because there is a lot of talk about it in this forum and this led me to try it.
The strange thing is that I see many who worry about choosing an antivirus that does not slow down the web browsing speed but who then do not care if a dns service does this.😀
Click to expand...
Yep! With a browser extension you can just not bother and use your ISP if you want speed. For my network I use the ISP for streaming devices and other people's devices not having issues. For my personal devices I play around with encrypted DNS. I go back to the ISP sometimes for performance.
 
  • Like
Reactions: flaubert1971, Brahman and cryogent
Some users on NextDNS forums say that NextDNS with OISD list is better than Quad9.
When I check the lists it always say updated hours ago. So how come they're not updated for months?
 
Last edited:
Templarware said:
Some users on NextDNS forums say that NextDNS with OISD list is better than Quad9.
When I check the lists it always say updated hours ago. So how come they're not update d for months?
Click to expand...

This is from my NextDNS portal.

1652397490580.png
 
  • Like
Reactions: Kongo
blackice said:
I sincerely doubt OISD outperforms Quad9 in terms of threat intelligence. Quad9 works with major players in corporate security and OISD is more focused on blocking trackers and ads.
Click to expand...
What about OISD,, with a few other lists, block new domains and AI-Driven Threat Protection?
Also I'm curious to know if Quad9 has DNS Rebinding protectiona and Cryptojacking protection.
 
  • Like
Reactions: blackice and Kongo
Templarware said:
What about OISD,, with a few other lists, block new domains and AI-Driven Threat Protection?
Also I'm curious to know if Quad9 has DNS Rebinding protectiona and Cryptojacking protection.
Click to expand...
DNS Rebinding protection is integrated into most routers nowadays. Cryptojacking protection is also just a simple combination of blocklist as far as I know. So Quad9 Threat Intelligence will probably block most of the cryptomining websites too. Still I think that NextDNS with oisd blocklist provides similar protection compared to Quad9. NextDNS development seems to be very slow tho, and also the support is pretty much non-existent. So I am not sure how well maintained their built in blocklists will be in the future. Might be a reason to switch DNS providers…
 
  • Like
Reactions: blackice and Templarware
Templarware said:
What about OISD,, with a few other lists, block new domains and AI-Driven Threat Protection?
Also I'm curious to know if Quad9 has DNS Rebinding protectiona and Cryptojacking protection.
Click to expand...
With NextDNS other security filters OISD can be a good addition. It all depends on what you need. For purely security I could use Quad9. Hard to test though since NextDNS gets all of their feeds from public bad URL lists, which is what most people use to test. It makes it look very strong, and it is, but that could be potentially misleading.
 
  • Like
  • +Reputation
Reactions: Kongo, Templarware and Gandalf_The_Grey
SecureKongo said:
DNS Rebinding protection is integrated into most routers nowadays. Cryptojacking protection is also just a simple combination of blocklist as far as I know. So Quad9 Threat Intelligence will probably block most of the cryptomining websites too. Still I think that NextDNS with oisd blocklist provides similar protection compared to Quad9. NextDNS development seems to be very slow tho, and also the support is pretty much non-existent. So I am not sure how well maintained their built in blocklists will be in the future. Might be a reason to switch DNS providers…
Click to expand...
blackice said:
With NextDNS other security filters OISD can be a good addition. It all depends on what you need. For purely security I could use Quad9. Hard to test though since NextDNS gets all of their feeds from public bad URL lists, which is what most people use to test. It makes it look very strong, and it is, but that could be potentially misleading.
Click to expand...

So maybe Quad9 is a better choice for home routers, while NextDNS is a better option for smartphones.
 
  • Like
Reactions: Kongo
Templarware said:
So maybe Quad9 is a better choice for home routers, while NextDNS is a better option for smartphones.
Click to expand...
I would always pick NextDNS over Quad9 on any mobile device, as it's a solid option to block trackers and ads in any app. I also enabled Apple-Tracking Protection in the privacy tab, that blocks even some trackers related to Apple. Quad9 is no doubt a great DNS service, but it's too unflexible for my taste...

blackice said:
NextDNS gets all of their feeds from public bad URL lists, which is what most people use to test. It makes it look very strong, and it is, but that could be potentially misleading.
Click to expand...
I am pretty sure that @SohanRay also mentioned that NextDNS is adding Threat Intelligence Feeds from big players. Not sure if they did that already tho...
 
  • Like
Reactions: Thales and Templarware
The same way on PC you can use uBlock, but Quad9 won't block adds outside de browser and on Smart TVs, etc...
If Quad9 had adblocking it would be the absolute favorite.
 
  • Like
Reactions: SohanRay
SecureKongo said:
DNS Rebinding protection is integrated into most routers nowadays. Cryptojacking protection is also just a simple combination of blocklist as far as I know. So Quad9 Threat Intelligence will probably block most of the cryptomining websites too. Still I think that NextDNS with oisd blocklist provides similar protection compared to Quad9. NextDNS development seems to be very slow tho, and also the support is pretty much non-existent. So I am not sure how well maintained their built in blocklists will be in the future. Might be a reason to switch DNS providers…
Click to expand...
Not a chance . Nextdns is better at protecting privacy as it blocks ads and trackers. But Quad9 has far better and vast threat intelligence from leading cybersecurity companies, finance companies, Health companies and also law enforcement agencies. Nextdns uses open source free sources only, that too 35% of them are outdated and not updated any more. That goes for other protection features apart from threat intelligence feeds that uses blocklists too.
AI and NRD are the only good things.
Quad9 though doesn't have dns rebinding protection in built. Nextdns has it but for only one kind of dns rebinding attack. There are several forms of dns rebinding attacks present, and Nextdns has protection against only one kind. So does others like ControlD. But I guess some is better than nothing. Quad9 also has AI threat feeds from Bfore.ai that predicts future malicious domains that will come into existence.
No matter what extra blocklists one adds from the privacy settings in Nextdns,it cannot come close to Quad9. Although, if Nextdns in future at all does start importing threat intel from premium sources, only then it might stand a chance. But that's a big IF. Because, since past quite a few months, Nextdns devs and other team members have been dormant like a volcano. Not responding to requests or making any developments. It won't be surprising if they give up and shut down Nextdns for good.
 
  • Like
Reactions: brambedkar59, Trooper and Templarware

You may also like...