Thanks for the explanation on number of servers not relevant
It is slightly (but not noticeable) faster, does well in malware test and has zero breakage, so I will stick with my choices.
DNS Providers for Home Users – Still Cloudflare/Quad9, or Did NextDNS/Control D Finally Win?
- Thread starter Bot
- Start date
- Featured
It is slightly (but not noticeable) faster, does well in malware test and has zero breakage, so I will stick with my choices.
It's right below; thank you
so ive been testing Quad9's malware blocking ability, and so far its 0, maybe im wrong in my thinking but shouldnt DNS block before any web or AV extension? because on my pc its always either blocked by McAfee web protection first, then if it misses it ESET blocks it (even though Vivaldi isnt a "supported" browser) but i have yet to see a block by quad9. ill keep it for the security and anonymity.
DNS, even hagezi lists, are always behind AV web protection (except weak one such as SmartScreen) and browser extensions (I am using Norton safe web, for example).
So not feasible to use secure dns? No
In specific instances, it can catch a url missed by web protection and extension.
This is the rationale of using multilayered protection.
Anti-Phishing Protection in AVs and Browsers (AV-Comparatives tests in 2025 and 2024):
It may happen that DNS protection intervenes and then, immediately afterwards, browser protection or extension protection also intervenes in sequence.
Continue your tests if Quad9 does not seem to be the right DNS for you, and change it.
P.S.
This is my DNS block of the most recent phishing link on this list:
PhishTank > Phish Search
In this case, Google Safe Browsing browser protection does not currently have the ability to intervene:
NextDNS
Google Safe Browsing:
In the second image, you can see the GSB block, but my DNS had intervened first.
Obviously, many phishing tests alone have limited validity; you also need to test links to malware content and fake sites.
Last edited:
In my manual anti-phishing tests, SmartScreen + OpenDNS had better scores compared to public servers provided by NextDNS or Control D. However, the free NextDNS with an account and additional configuration scored as well as Norton.
Last edited:
NextDNS public has no filtering, which explains the low score, but ControlD public is definitely better than NextDNS public.
On several occasions, malicious websites were flagged by Norton safe web extension, but not by NextDNS, and less frequently the reverse; I think Norton is better.
This probably depends on NextDNS settings. I use very aggressive security and privacy settings.
I conducted a few similar tests in the past with similar results. The URLs were the newest ones confirmed as phishing on PhishTank.
Most of SmartScreen blocks are included in NextDNS blocks.
I use the NextDNS free account with all security features enabled and HaGeZi - Multi PRO++ filter.
Reminder: those of you who care about privacy and tend to use more privacy-friendly products should stay away from SmartScreen.
Interesting.
The best thing would be a duel
with the new star “Cloudflare Zero Trust,” obviously carried out by users who use that DNS.I use HaGeZi Multi Ultimate, which has more tracker blocks than Pro++.
I'm not afraid of FPs on websites I never visit.
I like SS, and I love Bill.
Using 10 confirmed phishing websites (so not the last 10 pf PhishTank but the last 10 confirmed) Cloudlare scores (in my setup) 10 out of 10 (with Google Safe Browsing disabled).For reference Google safe browsing scored 7 out 10 (using ISP=Ziggo DNS).
Neither SmartScreen nor DNS providers are privacy-friendly. I cannot recall any privacy-friendly anti-phishing solution.
Emsisoft is (no logs) and GData (only collects non-personal data of blocked domains). Avira should with German Privacy laws also do a good job (as long as their legal location is Germany, Avast has already moved it from Tsjechië to US for comparison).Neither SmartScreen nor DNS providers are privacy-friendly. I cannot recall any privacy-friendly anti-phishing solution.
Some DNS providers also store nothing (Quad9, ControldD) and with NextDNS you can set it yourself (logging and retention)
I can.Neither SmartScreen nor DNS providers are privacy-friendly. I cannot recall any privacy-friendly anti-phishing solution.
Cloudflare's 1.1.1.1 is privacy-friendly and was audited multiple times. Zero Trust also lets you to set logging as you want. Quad9 is privacy-friendly too.
Google Safe Browsing (standard protection) is privacy friendly as it downloads list of malicious domains and then does checking locally on device. If match found, Google only gets hashed domain, not full URL. Emsisoft Web Protection doesn't collect any data as well.
The worst offender is SmartScreen which collects full URLs and hardware ID. It used to tie the collected information to Microsoft account, but stopped when they were called out publicly about that.
Anti-phishing solution can be effective and private at the same time. The only question is if the developer want to make it that way.
You may also like...
-
I need some honest advice about which DNS server to pick in Portmaster Firewall.- Started by Morro
- Replies: 2
-
-
The official release of AdGuard DNS — a new unique approach to privacy-oriented DNS
- Started by HarborFront
- Replies: 3