Battle dns0 vs NextDns

[Marko :)]

This is the first time I'm hearing for DNS0. When I visited their website, I really thought it was a DNS resolver made by the EU. LOL
Tested it right now and it's rather slow for me; ping is around 25-30ms with the nearest servers in Klagenfurt. For some weird reason, two DNS IPs resolve to different countries; first one takes me to France, the other one to Austria.

Anyway, staying on CloudFlare because it has servers in Croatia, so ping is 1-3ms max for me.

 

[cartaphilus]

For me personally the ad blocking is the only reason I use these DNS services. They block ads in many mobile apps without compromising device performance. I am using Control D at the moment. There are minor quirks but in general the experience is OK.

Funny since I don't feel any ad blocking in either my PC and especially my android. I do feel it in my TV. Or at least it blocks the stupid LG ads and LG AI based BS which is worth the price of admission in my book.

The only thing that blocks ads on my phone is AdGuard and even that is beginning to fail as more and more apps are starting to serve double encapsulated encrypted ads in their apps.

 

[SohanRay]

I believe they both use the same servers and partners, NextDNS just does not brag about it.
But in the end, it all comes down to this: some logging vs no logging (theoretically):

Privacy Policy - NextDNS

nextdns.io

Privacy Policy

www.dns0.eu

I more interested in security than a "fake" privacy, otherwise I would switch to DNS0 in a heartbeat.

Verified today that NextDNS definitely doesn't use the same threat intel as Dns0.eu . I came across malicious links that were recognized as such by Dns0 but not by NextDNS(all security features on).

 

[Kongo]

Verified today that NextDNS definitely doesn't use the same threat intel as Dns0.eu . I came across malicious links that were recognized as such by Dns0 but not by NextDNS(all security features on).

Could you share some examples via dm?

 

[sanxh]

Verified today that NextDNS definitely doesn't use the same threat intel as Dns0.eu . I came across malicious links that were recognized as such by Dns0 but not by NextDNS(all security features on).

This website webhotpics.com is blocked by DNS0 but not blocked by NextDNS.

 

[ForgottenSeer 97327]

This website webhotpics.com is blocked by DNS0 but not blocked by NextDNS.

 

[Kongo]

View attachment 277955

Also blocked on my end

 

[ForgottenSeer 97327]

When you look at the documentation, DNS0 does a few extra's heuristic lookups over NextDNS:

Newly Observed Domains (NOD)
Newly Observed Hostnames (NOH)
Newly Active Hostnames (NAH)
Newly Issued Certificates (NIC)

DNS0.eu has more protections and more data feeds than NextDNS, but everytime a DNS0.eu user asks for a domain to be resolved which is flagged as malicious/phishing, this IP' is shared with all other DNS0 partners. So NextDNS receives a bit of this data back. On the other hand I have not found that DNS0.eu has AI detection like NextDNS and probably does not use Google safe search (considering the fines the EU has imposed on Google in the past )

NextDNS is a company of 5 people, DNS0.eu of 2 (also the founding fathers of NextDNS).
It looks DNS0 is virtual network organization where the EU only provides the funding.

@SohanRay and @sanxh you are correct DNS0 has more feeds, but when someone triggers a blocked domain at DNS0, their partners get this domain as feed to block also,
That is why NextDNS is blocking it now also, so when you do test it might seem they have the protection, but DNS0 definitely has more feeds

 

[Morro]

Also blocked on my end

Also on my end, first by NextDNS and 0.5 seconds later by SafeToOpen Online Security, classifying it as a "Unsafe Visit".

 

[SohanRay]

Could you share some examples via dm?

if you search for revanced youtube on google for android, you'll 1 or 2 links that dns0 will block , but nextDns won't. But do note that you should be using just the NextDNS security features to see that, and not add any other blocklist from privacy tab. There are other links as well, but I found it on Alienvault OTX, and haven't saved them. e.g
revanced.io - blocked by nextDNS threat intelligence but not blocked by Dns0.

 

[SohanRay]

This website webhotpics.com is blocked by DNS0 but not blocked by NextDNS.

The website doesn't seem malicious. ControlD, Quad9 didn't block it. Bitdefender, trendMicro also didn't block it , eventhough they also scan websites in realtime for malicious code. So most probably its a false positive.

 

[SohanRay]

@SohanRay and @sanxh you are correct DNS0 has more feeds, but when someone triggers a blocked domain at DNS0, their partners get this domain as feed to block also,
That is why NextDNS is blocking it now also, so when you do test it might seem they have the protection, but DNS0 definitely has more feeds

Do you think all the false negatives that Dns0 automatically records for each partner are also ingested by NextDNS system (AI maybe)?

 

[ForgottenSeer 97327]

Do you think all the false negatives that Dns0 automatically records for each partner are also ingested by NextDNS system (AI maybe)?

Well you got a point there. Looking back the obvious block reason should have been "threat intelligence feeds" and not "artificial intelligence". The sharing of a blocked domain triggered by one partner to all other partners, is explicitly mentioned in the documentation of DNS0. Maybe my post was a wrong example and the AI engine decided to block it after initially allowing it. Long story short: I don't know the answer of your question.

 

[SohanRay]

I have developed a bit of a confusion regarding the dns0 versions (i.e dns0.eu , zero.dns0.eu , kids.dns0.eu) . dns0.eu , the default version uses the threat intelligence provided by the partners right? So does it also use any threat intel from elsewhere ?
Now regarding the zero.dns0.eu, does it use all the threat intel as dns0.eu in addition to the heuristics that it has ?
And regarding the kids.dns0.eu , does it use all the threat intel as dns0.eu and also the heuristics as the ZERO version in addition to the extras like porn that it blocks ?

 

[l0rdraiden]

Another important difference is that NextDNS supports DNSCrypt and dns0 does not

 

[l0rdraiden]

Another important difference is that NextDNS supports DNSCrypt and dns0 does not

Sorry this is not entirely correct, NextDNS supports DNSCrypt format for DOH addresses but does not support DNSCrypt protocol.
I mean they give you a DNSCrypt format dns but it is actually DOH. So they do not support DNSCrypt, due to this I'm using quad9 with Adguard Home

 

[SohanRay]

Sorry this is not entirely correct, NextDNS supports DNSCrypt format for DOH addresses but does not support DNSCrypt protocol.
I mean they give you a DNSCrypt format dns but it is actually DOH. So they do not support DNSCrypt, due to this I'm using quad9 with Adguard Home

I have tried using Adguard on Android, always come across issues. So finally have given it up for good this time. Rely on dns level ad blocking only.

 

[l0rdraiden]

I mean Adguard Home, not Adguard for android

GitHub - AdguardTeam/AdGuardHome: Network-wide ads & trackers blocking DNS server

Network-wide ads & trackers blocking DNS server. Contribute to AdguardTeam/AdGuardHome development by creating an account on GitHub.

github.com

AdGuard Home | Network-wide software for any OS: Windows, macOS, Linux

AdGuard Home is a network-wide software for blocking ads & tracking. After you set it up, it’ll cover ALL your home devices, and you don’t need any client-side software for that.

adguard.com

 

[SohanRay]

I mean Adguard Home, not Adguard for android

GitHub - AdguardTeam/AdGuardHome: Network-wide ads & trackers blocking DNS server

Network-wide ads & trackers blocking DNS server. Contribute to AdguardTeam/AdGuardHome development by creating an account on GitHub.

github.com

AdGuard Home | Network-wide software for any OS: Windows, macOS, Linux

AdGuard Home is a network-wide software for blocking ads & tracking. After you set it up, it’ll cover ALL your home devices, and you don’t need any client-side software for that.

adguard.com

yeah I know, Adguard Android is product of Adguard only, so I mentioned. Even in windows it was very flawed.

 

[Ink]

Just to inform, I am using "dns0" since a few months, here for my location it's always fast speed (servers are in Germany for me in Frankfurt).
We can get almost same compared to NextDNS if you are fine without ad-blocking on DNS level and some other features...

Does this block all Ads, or ones that may not be suitable for Kids?

Kids — A childproof version of the Internet.

Make any device or network safe to use for children in just a few seconds. By filtering out content from the Internet that is not suitable for children, you can provide a safe online environment for kids at home, at school and on the go.

www.dns0.eu

• No porn or other adult websites
• No explicit search results
• No mature videos on YouTube
• No dating websites or apps
• No mixed-content websites
• No piracy
• No ads