I plan to test the block rate of free DNS resolvers against half-hour Phistank URLs. So, it can also be Quad9.
Cloudflare ZT too?
DNS Providers for Home Users – Still Cloudflare/Quad9, or Did NextDNS/Control D Finally Win?
- Thread starter Bot
- Start date
- Featured
Cloudflare ZT too?
Cloudflare was tested by me (blocks close to those of Avast extension):
Blocking efficiency of QuadDNS compared to NextDNS (NRD enabled) & Symantec Browser Protection.
Phishtank URLs up to half-hour-old. Only live URLs included.
QuadDNS & Chrome Safe Browsing ~ 50% of NextDNS & Symantec Browser Protection
The same is probably true for most public & free versions of DNS resolvers.
Phishtank URLs up to half-hour-old. Only live URLs included.
QuadDNS & Chrome Safe Browsing ~ 50% of NextDNS & Symantec Browser Protection
The same is probably true for most public & free versions of DNS resolvers.
Last edited:
Cloudflare was tested by me (blocks close to those of Avast extension):
Thank you for your reply.
Forgive me, I'm just a poor fisherman, but I understand that NextDNS ranks first in terms of blocking efficiency?
I also did a personal test with AdGuard DNS account vs NextDNS account using the same filter list, but NextDNS outperformed AG in terms of efficiency.
Could you post a summary ranking or table in this thread when you have finished your tests, if you prefer?
I remember things better with an image/table or a ranking (maybe it's my age...
).
Summary ranking:
Forgive me, I'm just a poor fisherman, but I understand that NextDNS ranks first in terms of blocking efficiency?
NextDNS configured with the aggressive settings via a personal (free) account, scored best in blocking fresh URLs, compared to other free solutions like:
Osprey/Avast/Symantec browser extensions and free public DNS resolvers.
Cloudflare ZT legacy can probably be tweaked to get the same blocking rate or better (with paranoid rules).
If one uses Avast or Symantec extension as primary protection, it can be improved by adding any DNS resolver that can block NRDs.
There are public DNS providers which can be partially configured without account; in ControlD free, I can select for example their native malware and ad blocking or Hagezi ultimate or Hagezi TIF.
Those features have only a small impact on results when the test is conducted on less than half-hour URLs. The improvement is mainly via blocking NRDs and AI features.
I have the impression that ControlD free without account can provide approximately the block rate provided by NextDNS free with account; NextDNS has the advantage of selectively allow certain blocked domains, and ControlD has the advantage of being slightly faster for me.
Just FYI Avast extension for firefox was discontinued completely, one should just stick to norton safe web instead
Personally i would just go with norton safe web + paid nextdns, but since my mothers samsung device somehow doest work if the dns i changed manually or via app ( adguard, nextdns, controlD) i didnt bother with it, even i had the year of paid nextDNS, im just sticking regular cloudflare malware blocking DNS
Personally i would just go with norton safe web + paid nextdns, but since my mothers samsung device somehow doest work if the dns i changed manually or via app ( adguard, nextdns, controlD) i didnt bother with it, even i had the year of paid nextDNS, im just sticking regular cloudflare malware blocking DNS
I did not test Control D with custom config. I can test it if you post instructions about your custom configuration.
Currently I switched from Hagezi to its native filters
For Hagezi, I have to select either TIF for complete malware protection or ultimate for ad and tracker protection with partial malware protection, while the native ControlD filters provide both.What advantage do you gain?
In addition, I could not observe a significant difference between Hagezi TIF and ControlD native malware filter regarding blocking malicious websites.
There is never complete protection against malware at the DNS level, as I have already demonstrated (github-malware).
Only up to a certain point and no further.
The advantage of using a list of filters with lots of remote rules is undeniable.
Ad blocking is also rather lacking because it is essentially cosmetic filtering.
Network filtering (trackers), on the other hand, is more efficient than ad filtering.
Regardless of the free plan I pick, I like ControlD in general; fast and rarely down.
There is never complete protection against malware at the DNS level, as I have already demonstrated (github-malware).
Only up to a certain point and no further.
The advantage of using a list of filters with lots of remote rules is undeniable.
Ad blocking is also rather lacking because it is essentially cosmetic filtering.
Network filtering (trackers), on the other hand, is more efficient than ad filtering.
Blocking efficiency of Control D (DNS-over-HTTPS/3) compared to NextDNS (NRD enabled) & Symantec Browser Protection.
Phishtank URLs up to half-hour-old. Only live URLs included.
Control D & Chrome Safe Browsing ~ 60% of NextDNS & Symantec Browser Protection
Phishtank URLs up to half-hour-old. Only live URLs included.
Control D & Chrome Safe Browsing ~ 60% of NextDNS & Symantec Browser Protection
So NextDNS and Symantec browser extension is the most effecient combination.
Last time I tried ControlD, it failed NRDs! How the hell do you fail that? It is dumb proof, if the domain is less then 30 days old, you block it, but they cheated!
So far, yes. I am not sure about Cloutflare ZT legacy + Symantec Browser Protection.
When using NextDNS, I disable NRD; it throws too many FP blocks.
So using ControlD with Hagezi list is almost equal to NextDNS for me.
