according to their previous articleAdguard Family DNS blocked the most (Any Family DNS filter actually), when I was using it, considering that about 15% malware is hosted on adult webpages.
Blocking at DNS level is very dangerous, since those filters are subjective, like PUP in Malwarebytes. I use OpenDNS Family and it blocks legitimate webpages.
Most browsers include a basic filter (Sophos), which already blocks many webpages, but user can choose to ignore it. As for phishing, there is Netcratf, Avast, etc.
P.S. I wonder, whenever they have used YandexDNS or YandexSafe, the difference is obvious, since the basic version blocks only the confirmed threats, like botnets.
just quickly tested them with so so many links. ~30 links. Much more than other DNSes I tested (~10-15)Pls Test Forti DNS too:
tested using 184.108.40.206 (UK server, closest to me)That's the point! I already test it vs a link that was blocked by Forti in vt and the DNS didn't block it.just wanted to make sure.Slyguy Forti DNS is garbage!
An interesting post:DNS web filtering: setup and server selection - Fortinet Cookbook
DNS forwarding can't be combined. Top level DNS will take precedence. So if your router has for example NortonDNS, your desktop will still resolve to the top level DNS on your network which is your router. Adding 2 DNS entries only applies as a failover between unresolved DNS responders on DNS1.. DNS1->No resolution DNS2. The only way to combine DNS is to have a local DNS server on the network then a forwarder. Local DNS -> Forwarder. So the local DNS server pulls DNS entries from the forwarder then redirects clients after the local DNS filtration/cache is applied.I tried to combine them to use together but unfortunately they can't work together in 1 network
Sorry, Fortinet made some changes in the latest firmware. FortiDNS now validates licensing of a Fortigate device/FortiGuard account. As you can see from this photo;just quickly tested them with so so many links. ~30 links. Much more than other DNSes I tested (~10-15)
they blocked absolutely nothing even with eicar/atmso or a few days old phishtank's links. I assume they are just simple DNSes without any blocking capability
@Slyguy could you please inform us about it? Why those didn't block anything for me
What this test really indicates to me is how crucial a Pi-Hole has become. Remember, with Pi-Hole you can run your own blacklists from curated lists and essentially create the most powerful DNS in the world. You can add Adguard DNS list, combine it with other malware/phishing/exploit lists, then stack it to a forwarder that already filters. (Quad9 or whatever)Thanks for the Testing
I will test it when I have time, today or tomorrow. I don't use the same links in every test because they die very quickly. I just pick randomly the latest links from phishtank and malc0deAlso test Heimdal. Since Heimdal's primary function is a local DNS resolver (encrypted client) and DNS forwarder. The loopback of Heimdal has the purpose of looping back to the 127 address of the local DNS server, then forwarding to the resolver (your router). You can stack safe DNS by using a safer DNS server (on your router, etc) combined with Heimdal and the same thing will be accomplished. Endpoint Lookup-->Heimdal Loopback-->Heimdal Forwarder-->Primary DNS Forwarder-->DNS
Evjl can you test Heimdal Pro with your same subset?
I await your test. Remember, Heimdal does other traffic and malware inspection but DNS filtration is a major part of what it does. So your test will be looking at one specific part of how it works.I will test it when I have time, today or tomorrow. I don't use the same links for every test because they die very quickly. I just pick randomly the latest links from phishtank and malc0de
I just test Heimdal Pro with 50+ links from phishtank, malc0de, virustotal, hphosts EMD and EXPI await your test. Remember, Heimdal does other traffic and malware inspection but DNS filtration is a major part of what it does. So your test will be looking at one specific part of how it works.
I have a theory - Heimdal protects from some really nasty DNS lookups but it isn't inclusive. So I use Heimdal as a 'layer' in my package. I actually use triple-filtered DNS and my DNS resolution is still Sub-1ms because of local caching. In my case; Heimdal-->Primary DNS (router)-->Pi-Hole(local DNS cache/blacklist server)-->Quad9.
So any lookup first goes through Heimdal local loopback, gets it's forwarder from the router (local IP of Pi-Hole), then the Pi-Hole serves DNS pre-cached from Quad9 after applying it's blacklists and rules. This is a relatively bulletproof method that applies SIGNIFICANT protection without any speed degradation (in fact it's faster than any offsite DNS).
As I suspected, Heimdal is a bit of a rockstar in terms of traffic and DNS filtration in some categories. As to your concerns;I just test Heimdal Pro with 50+ links from phishtank, malc0de, virustotal, hphosts EMD and EXP
- very good blocking. It blocked a lot. Much better than DNS, obviously
- No noticeable network slowdown
- Great against >=2 day-old sites but not so good against zero-day sites
- OK against .exe links from malc0de (they are not zero-day)
- so-so against exploits from hphosts EXP
- After the uninstallation, it reverted my DNSes back to the state before installing
- Constant CPU consumption, always 0.9-1.5% on idle/absolute 0kb/s in/out => unacceptable (i7-3630QM)
- High memory usage for this purpose
- It changed my DNS to 127.x.x.x. I didn't know how to modify my default DNS (norton) to a different one => norton DNS was blocking some sites and interfere the test. I assume Heimdal always blocked first. If it didn't block, Norton would block
- Delayed notifications sometimes. When I was doing nothing, the popups showed up for the previously blocked links. Mostly from malc0de's .exe links