Battle dns0 vs NextDns

Compare list
NextDNS
dns0

I Walk MY Way

Level 6
Verified
Well-known
May 27, 2013
291
I liked NextDNS bought a year subscription in June, used it on my phones and computers, had some chats with there support but I found its adblocking was not what I had expected, I was seeing way too many ads, So I ditched it on the computers and went to UBO problem sorted, I am still using NextDNS on the phones but when the subscription runs out I will not be renewing it. as for dns0 not even tempted to try it,.
 

Kongo

Level 36
Verified
Top Poster
Well-known
Feb 25, 2017
2,520
I liked NextDNS bought a year subscription in June, used it on my phones and computers, had some chats with there support but I found its adblocking was not what I had expected, I was seeing way too many ads, So I ditched it on the computers and went to UBO problem sorted, I am still using NextDNS on the phones but when the subscription runs out I will not be renewing it. as for dns0 not even tempted to try it,.
I think you're kind of missing the use case of NextDNS. It isn't meant to replace your adblocker, but it's a nice addition. So I don't really understand why you would disable NextDNS and add uBlock Origin. You can simply use both.
 

silversurfer

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
Aug 17, 2014
10,298
So I am actually considering to cancel my subscription of NextDNS that I have been using for 2+ years or so. I really love it, but it just feels like it's not their priority anymore. So I'd rather save the money and try dns0. What do you guys think?
Just to inform, I am using "dns0" since a few months, here for my location it's always fast speed (servers are in Germany for me in Frankfurt).
We can get almost same compared to NextDNS if you are fine without ad-blocking on DNS level and some other features...
 

Kongo

Level 36
Verified
Top Poster
Well-known
Feb 25, 2017
2,520
Just to inform, I am using "dns0" since a few months, here for my location it's always fast speed (servers are in Germany for me in Frankfurt).
We can get almost same compared to NextDNS if you are fine without ad-blocking on DNS level and some other features...
I am just wondering how much better the malware blocking is compared to NextDNS as they are partnered with more threat intelligence feeds sources if I understood correctly.
 

Trident

Level 28
Verified
Top Poster
Well-known
Feb 7, 2023
1,758
We can get almost same compared to NextDNS if you are fine without ad-blocking on DNS level and some other features
For me personally the ad blocking is the only reason I use these DNS services. They block ads in many mobile apps without compromising device performance. I am using Control D at the moment. There are minor quirks but in general the experience is OK.
 
F

ForgottenSeer 97327

For me the malware blocking is the most important. That is why I removed OISD and am now only using AdGuardDNS for privacy. NextDNS provides a lot of insights and configurability for a free solution.

1691580170575.png
 
Last edited by a moderator:

silversurfer

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
Aug 17, 2014
10,298
I am just wondering how much better the malware blocking is compared to NextDNS as they are partnered with more threat intelligence feeds sources if I understood correctly.
Yeah that would be interesting to know more details but I can't find more information. Homepage shows about Heuristics, but I think all listed features are also on NextDNS.

Heuristics​


Newly Registered Domains (NRD)
  • Block domains registered less than 30 days ago. Those domains are known to be favored by threat actors to launch malicious campaigns.

Newly Active Domains (NAD)
  • Block domains that, after having been dormant for a while, are suddenly becoming active. This behavior is more often than not a sign of malicious activity.

Domain Generation Algorithms (DGA)
  • Block domains generated by Domain Generation Algorithms (DGAs) seen in various families of malware that can be used as rendezvous points with their command and control servers.

IDN Homographs
  • Block domains that impersonate other domains by abusing the large character set made available with the arrival of Internationalized Domain Names (IDN) — e.g. replacing the Latin letter "e" with the Cyrillic letter "е".

Typosquatting
  • Block domains registered by malicious actors that target users who incorrectly type a website address into their browser — e.g. gooogle.com instead of google.com.

DNS Rebinding
  • Prevent attackers from taking control of local devices through the Internet by automatically blocking DNS responses containing private IP addresses.

Dynamic DNS (DDNS)
  • Dynamic DNS (or DDNS) services let malicious actors quickly set up hostnames for free and without any validation or identity verification. While legit DDNS hostnames are rarely accessed in every-day use, their malicious counterparts are heavily used in phishing campaigns — e.g. paypal‑login.duckdns.org.

Cryptojacking
  • Prevent the unauthorized use of one's devices to mine cryptocurrency.

Parked Domains
  • Parked domains are single-page websites often laden with ads and devoid of any value. Parked domain monetization can sometimes get mixed up with suspicious practices and malicious content.

High-risk Top-level Domains (TLD)
  • Block Top-level Domains (TLDs) known to be favored by threat actors because of their low price, the absence of vetting or the lack of legal recourse.
 

Ink

Administrator
Verified
Staff Member
Well-known
Jan 8, 2011
22,370
So I am actually considering to cancel my subscription of NextDNS that I have been using for 2+ years or so. I really love it, but it just feels like it's not their priority anymore. So I'd rather save the money and try dns0. What do you guys think?
Ultimately if you need the customisation stick with NextDNS, else do consider DNS0. Only some of their datacenter’s rely on 100% renewable energy. Check out DNS0 Known Issues before switching all your devices over.

Here’s a comment quoted from reddit.com/r/nextdns/dns0eu_a_new_dnsservice_by_nextdns_ehm_what/ (Feb 2023).
I see multiple differences between NextDNS and DNS0.eu:
  1. Most obvious is that NextDNS is built and sold around the customisation features it offers. You configure the resolver that fits your needs. DNS0.eu doesn't offer any customisation.
  2. NextDNS is a US company while DNS0 is a French non-profit association, which means:
    1. US laws have no impact on DNS0.
    2. DNS0 is an official non-profit and benefits from the laws applied to non-profit organisations.
    3. DNS0 is an entity under EU laws, offering better warranties to EU citizen about their data.
  3. The project of a DNS for the EU built by EU entities exists and this was probably built to participate into that initiative: Equipping backbone networks with high-performance and secure DNS resolution infrastructures - Works
 

Trident

Level 28
Verified
Top Poster
Well-known
Feb 7, 2023
1,758
I just used the “report” option on the dns0.eu page that allows url/domain lookup. I pasted few URLs from my junk-rich inboxes and none have been blocked.
Last one:
hxxp://sulpiride[.]store

It doesn’t seem to be doing great job against that. We can test it against malware links as well.
 
F

ForgottenSeer 97327

I just used the “report” option on the dns0.eu page that allows url/domain lookup. I pasted few URLs from my junk-rich inboxes and none have been blocked.
Last one:
hxxp://sulpiride[.]store

It doesn’t seem to be doing great job against that. We can test it against malware links as well.
DNS0.eu does not resolve that domain for me? Usually a sign it is blocked ???
 

wat0114

Level 12
Verified
Top Poster
Well-known
Apr 5, 2021
565
Just a few weeks ago I've been using NextDNS with AdGuard DNS, EasyList and HaGeZi Multi PRO lists combined with uBO with only its built-in default filters and the combo has been excellent. I just use the free service and I'm nowhere near the 300k/month query limit. It was easy to install and setup on OpenSUSE Tumbleweed.
 
F

ForgottenSeer 97327

When you look at the documentation, DNS0 does a few extra's heuristic lookups over NextDNS:

Newly Observed Domains (NOD)
Newly Observed Hostnames (NOH)
Newly Active Hostnames (NAH)
Newly Issued Certificates (NIC)

DNS0.eu has more protections and more data feeds than NextDNS, but everytime a DNS0.eu user asks for a domain to be resolved which is flagged as malicious/phishing, this IP' is shared with all other DNS0 partners. So NextDNS receives a bit of this data back. On the other hand I have not found that DNS0.eu has AI detection like NextDNS and probably does not use Google safe search (considering the fines the EU has imposed on Google in the past ) :)

NextDNS is a company of 5 people, DNS0.eu of 2 (also the founding fathers of NextDNS).
It looks DNS0 is virtual network organization where the EU only provides the funding.
 
Last edited by a moderator:

Moonhorse

Level 37
Verified
Top Poster
Content Creator
Well-known
May 29, 2018
2,608
I just used the “report” option on the dns0.eu page that allows url/domain lookup. I pasted few URLs from my junk-rich inboxes and none have been blocked.
Last one:
hxxp://sulpiride[.]store

It doesn’t seem to be doing great job against that. We can test it against malware links as well.
Please test it against malware links! i suppose that the url you provided is newly registered domain, as only fortinet lists it as spam?

1691650871890.png
 

Trident

Level 28
Verified
Top Poster
Well-known
Feb 7, 2023
1,758
Please test it against malware links! i suppose that the url you provided is newly registered domain, as only fortinet lists it as spam?

View attachment 277707
I just got a few from ridiculous emails in my inboxes. On the “report” page they show as “not blocked” but perhaps there is discrepancy from the actual product, not sure. All of these URLs are blocked by Control D without AI being turned on (it produces a lot of false positives). I will test the actual dns0 next time.
 

superleeds27

Level 6
Verified
Apr 5, 2017
278
Been using NextDNS for quite a while and tend to just use it on the mobile, using the default lists. It just works, blocks pretty much everything and i've only had to whitelist a few domains.

I'm not sure what more people want from it?

Assuming DNS0 will never have a Server situated in the UK because of you know what(!)?
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top