Battle dns0 vs NextDns

[I Walk MY Way]

I liked NextDNS bought a year subscription in June, used it on my phones and computers, had some chats with there support but I found its adblocking was not what I had expected, I was seeing way too many ads, So I ditched it on the computers and went to UBO problem sorted, I am still using NextDNS on the phones but when the subscription runs out I will not be renewing it. as for dns0 not even tempted to try it,.

 

[Kongo]

I liked NextDNS bought a year subscription in June, used it on my phones and computers, had some chats with there support but I found its adblocking was not what I had expected, I was seeing way too many ads, So I ditched it on the computers and went to UBO problem sorted, I am still using NextDNS on the phones but when the subscription runs out I will not be renewing it. as for dns0 not even tempted to try it,.

I think you're kind of missing the use case of NextDNS. It isn't meant to replace your adblocker, but it's a nice addition. So I don't really understand why you would disable NextDNS and add uBlock Origin. You can simply use both.

 

[silversurfer]

So I am actually considering to cancel my subscription of NextDNS that I have been using for 2+ years or so. I really love it, but it just feels like it's not their priority anymore. So I'd rather save the money and try dns0. What do you guys think?

Just to inform, I am using "dns0" since a few months, here for my location it's always fast speed (servers are in Germany for me in Frankfurt).
We can get almost same compared to NextDNS if you are fine without ad-blocking on DNS level and some other features...

 

[I Walk MY Way]

too many issues with NextDNS like the adblocking and have had issues with my Vpn's and honestly I dont miss or need it on the pcs my vpns have dns adblocking

 

[Kongo]

Just to inform, I am using "dns0" since a few months, here for my location it's always fast speed (servers are in Germany for me in Frankfurt).
We can get almost same compared to NextDNS if you are fine without ad-blocking on DNS level and some other features...

I am just wondering how much better the malware blocking is compared to NextDNS as they are partnered with more threat intelligence feeds sources if I understood correctly.

 

[Trident]

We can get almost same compared to NextDNS if you are fine without ad-blocking on DNS level and some other features

For me personally the ad blocking is the only reason I use these DNS services. They block ads in many mobile apps without compromising device performance. I am using Control D at the moment. There are minor quirks but in general the experience is OK.

 

[ForgottenSeer 97327]

For me the malware blocking is the most important. That is why I removed OISD and am now only using AdGuardDNS for privacy. NextDNS provides a lot of insights and configurability for a free solution.

 

[silversurfer]

I am just wondering how much better the malware blocking is compared to NextDNS as they are partnered with more threat intelligence feeds sources if I understood correctly.

Yeah that would be interesting to know more details but I can't find more information. Homepage shows about Heuristics, but I think all listed features are also on NextDNS.

Heuristics​

Newly Registered Domains (NRD)

• Block domains registered less than 30 days ago. Those domains are known to be favored by threat actors to launch malicious campaigns.

Newly Active Domains (NAD)

• Block domains that, after having been dormant for a while, are suddenly becoming active. This behavior is more often than not a sign of malicious activity.

Domain Generation Algorithms (DGA)

• Block domains generated by Domain Generation Algorithms (DGAs) seen in various families of malware that can be used as rendezvous points with their command and control servers.

IDN Homographs

• Block domains that impersonate other domains by abusing the large character set made available with the arrival of Internationalized Domain Names (IDN) — e.g. replacing the Latin letter "e" with the Cyrillic letter "е".

Typosquatting

• Block domains registered by malicious actors that target users who incorrectly type a website address into their browser — e.g. gooogle.com instead of google.com.

DNS Rebinding

• Prevent attackers from taking control of local devices through the Internet by automatically blocking DNS responses containing private IP addresses.

Dynamic DNS (DDNS)

• Dynamic DNS (or DDNS) services let malicious actors quickly set up hostnames for free and without any validation or identity verification. While legit DDNS hostnames are rarely accessed in every-day use, their malicious counterparts are heavily used in phishing campaigns — e.g. paypal‑login.duckdns.org.

Cryptojacking

• Prevent the unauthorized use of one's devices to mine cryptocurrency.

Parked Domains

• Parked domains are single-page websites often laden with ads and devoid of any value. Parked domain monetization can sometimes get mixed up with suspicious practices and malicious content.

High-risk Top-level Domains (TLD)

• Block Top-level Domains (TLDs) known to be favored by threat actors because of their low price, the absence of vetting or the lack of legal recourse.

ZERO — Hardened security for highly sensitive environments.

Massively increase the catch rate for malicious domains — especially in their brutal early hours — by combining human-vetted threat intelligence with advanced heuristics that automatically identify high-risk patterns.

www.dns0.eu

 

[Moonhorse]

For me the malware blocking is the most important.

As adguard user i agree, just started using dns0 zero filter with the adguard on desktop & mobile. No need for av web filter or security extension

For being free its suberb, nextdns is just faster

 

[Ink]

So I am actually considering to cancel my subscription of NextDNS that I have been using for 2+ years or so. I really love it, but it just feels like it's not their priority anymore. So I'd rather save the money and try dns0. What do you guys think?

Ultimately if you need the customisation stick with NextDNS, else do consider DNS0. Only some of their datacenter’s rely on 100% renewable energy. Check out DNS0 Known Issues before switching all your devices over.

Here’s a comment quoted from reddit.com/r/nextdns/dns0eu_a_new_dnsservice_by_nextdns_ehm_what/ (Feb 2023).

I see multiple differences between NextDNS and DNS0.eu:

1. Most obvious is that NextDNS is built and sold around the customisation features it offers. You configure the resolver that fits your needs. DNS0.eu doesn't offer any customisation.
2. NextDNS is a US company while DNS0 is a French non-profit association, which means:
   1. US laws have no impact on DNS0.
   2. DNS0 is an official non-profit and benefits from the laws applied to non-profit organisations.
   3. DNS0 is an entity under EU laws, offering better warranties to EU citizen about their data.
3. The project of a DNS for the EU built by EU entities exists and this was probably built to participate into that initiative: Equipping backbone networks with high-performance and secure DNS resolution infrastructures - Works

 

[ForgottenSeer 97327]

The partners without green square have joined DNS0.eu in the last 5 months. Looks like DNS0.eu seems to be reasonable successful in acquiring partners

 

[enaph]

Does someone know where to find the IP6 settings for DNS0.eu?

It's on their website:

 

[Trident]

I just used the “report” option on the dns0.eu page that allows url/domain lookup. I pasted few URLs from my junk-rich inboxes and none have been blocked.
Last one:
hxxp://sulpiride[.]store

It doesn’t seem to be doing great job against that. We can test it against malware links as well.

 

[ForgottenSeer 97327]

I just used the “report” option on the dns0.eu page that allows url/domain lookup. I pasted few URLs from my junk-rich inboxes and none have been blocked.
Last one:
hxxp://sulpiride[.]store

It doesn’t seem to be doing great job against that. We can test it against malware links as well.

DNS0.eu does not resolve that domain for me? Usually a sign it is blocked ???

 

[wat0114]

Just a few weeks ago I've been using NextDNS with AdGuard DNS, EasyList and HaGeZi Multi PRO lists combined with uBO with only its built-in default filters and the combo has been excellent. I just use the free service and I'm nowhere near the 300k/month query limit. It was easy to install and setup on OpenSUSE Tumbleweed.

 

[ForgottenSeer 97327]

When you look at the documentation, DNS0 does a few extra's heuristic lookups over NextDNS:

Newly Observed Domains (NOD)
Newly Observed Hostnames (NOH)
Newly Active Hostnames (NAH)
Newly Issued Certificates (NIC)

DNS0.eu has more protections and more data feeds than NextDNS, but everytime a DNS0.eu user asks for a domain to be resolved which is flagged as malicious/phishing, this IP' is shared with all other DNS0 partners. So NextDNS receives a bit of this data back. On the other hand I have not found that DNS0.eu has AI detection like NextDNS and probably does not use Google safe search (considering the fines the EU has imposed on Google in the past )

NextDNS is a company of 5 people, DNS0.eu of 2 (also the founding fathers of NextDNS).
It looks DNS0 is virtual network organization where the EU only provides the funding.

 

[Moonhorse]

I just used the “report” option on the dns0.eu page that allows url/domain lookup. I pasted few URLs from my junk-rich inboxes and none have been blocked.
Last one:
hxxp://sulpiride[.]store

It doesn’t seem to be doing great job against that. We can test it against malware links as well.

Please test it against malware links! i suppose that the url you provided is newly registered domain, as only fortinet lists it as spam?

 

[Trident]

Please test it against malware links! i suppose that the url you provided is newly registered domain, as only fortinet lists it as spam?

View attachment 277707

I just got a few from ridiculous emails in my inboxes. On the “report” page they show as “not blocked” but perhaps there is discrepancy from the actual product, not sure. All of these URLs are blocked by Control D without AI being turned on (it produces a lot of false positives). I will test the actual dns0 next time.

 

[cryogent]

I am using Adguard desktop/mobile with NextDns on my computers and phones and I wasn't have a problem using this setup for more than 1. 5 year. Maybe dns0 is more safe but I like more the NextDns customization. With ControlD and dsn0 I have slower connections.

 

[superleeds27]

Been using NextDNS for quite a while and tend to just use it on the mobile, using the default lists. It just works, blocks pretty much everything and i've only had to whitelist a few domains.

I'm not sure what more people want from it?

Assuming DNS0 will never have a Server situated in the UK because of you know what(!)?