- Apr 1, 2019
- 2,786
This kind of thing is the reason I stopped using DNS ControlD, and DNS blocking in general. The ‘best’ is when they randomly block Apple or google services and suddenly nothing works on the device or network.
NextDNS/ControlD vs Quad9, AV Web Protection
- Thread starter SohanRay
- Start date
Please provide comments and solutions that are helpful to the author of this topic.
- Apr 4, 2021
- 271
I want to switch from NextDNS to ControlD, as NextDNS seems to me to be a frankly abandoned project that has not been updated for over a year, which to me is a factor of decreasing trust. The proxying feature is also an important plus for me, as I essentially don't need a full-blown VPN for my normal tasks.
And this is where I have a question. Could someone please tell me what proxying locations ControlD has. Are they the same as Windscribe? I am particularly interested in Israel, Turkey, Russia.
And this is where I have a question. Could someone please tell me what proxying locations ControlD has. Are they the same as Windscribe? I am particularly interested in Israel, Turkey, Russia.
- Feb 26, 2021
- 818
I want to switch from NextDNS to ControlD, as NextDNS seems to me to be a frankly abandoned project that has not been updated for over a year, which to me is a factor of decreasing trust. The proxying feature is also an important plus for me, as I essentially don't need a full-blown VPN for my normal tasks.
And this is where I have a question. Could someone please tell me what proxying locations ControlD has. Are they the same as Windscribe? I am particularly interested in Israel, Turkey, Russia.
Here's their proxy list. It's pretty extensive.
- Jul 13, 2014
- 766
It is a well know fact that sometimes DNS services will give you results like that, blocking legitimate sites, false positive and so on, due to the way they work. Also, when you activate the different filters, ControlD warns you about that. Remember that you can unblock websites by whitelisting them. Nevertheless a DNS service and in that case, ControlD, is an excellent addition to your security setup.
- Apr 1, 2019
- 2,786
I understand that. Here is the problem. Usability issues that cripple functionality lead to users bypassing the DNS. Either changing DNS, switching to mobile from wifi, using a hotspot. This then defeats any security benefit if users get in the habit of bypassing any block. If I am not available to whitelist something, it just leads to bypass. Also, it was near impossible to whitelist the Apple issue as dozens of urls used in the background were causing the issues. So, I see DNS as a tool that’s mostly beneficial to higher knowledge individuals. It doesn’t work for those who don’t understand what’s happening. I wouldn’t have the patience to deal with it if I did t know what was happening either.
- Feb 26, 2021
- 818
So, let me see if I have this right. Instead of whitelisting something you'd rather stop using DNS filtering because it can *maybe* block something legitimate? Isn't that like refusing to shower because you might drown? Also, that's your own fault for using Apple anything. They suck.
- Apr 1, 2019
- 2,786
- Jul 13, 2014
- 766
@blackice DNS services are not that complicated to use.Of course, if you are an advance user you may dwell into advanced settings. But most DNS services are user friendly.
Again, better use a DNS service in combination with a good antivirus for most users, rather than using some advanced default/deny programs, combining different adblockers and all sorts of anti-tracking softwares. You get good protection against all kinds of online threats, without having headaches with your security setup.
Again, better use a DNS service in combination with a good antivirus for most users, rather than using some advanced default/deny programs, combining different adblockers and all sorts of anti-tracking softwares. You get good protection against all kinds of online threats, without having headaches with your security setup.
- Dec 28, 2016
- 121
On the subject of malware protection, Control D (as far as I know) is the only service that implements IP blocklists into a DNS service, meaning it will block domains that resolve to malicious IP networks, and doesn't just leverage "domain rules" like all the others. This is part of the Balanced filter: Malware
Also, Control D also implements an in-house made machine learning model that can block domains without them appearing on any blocklist. The description of the v1 model is here: Improving Our Malware Filter With Machine Learning
(Contrary to NextDNS where there is no info on how it works except "It uses AI, trust me bro").
Currently in production the v2 model is used (much better than the v1), and we're wrapping up v3 which has been audited by a 3rd party and will have a new write up sometime in January when it's released. It's very effective.
Also, Control D also implements an in-house made machine learning model that can block domains without them appearing on any blocklist. The description of the v1 model is here: Improving Our Malware Filter With Machine Learning
(Contrary to NextDNS where there is no info on how it works except "It uses AI, trust me bro").
Currently in production the v2 model is used (much better than the v1), and we're wrapping up v3 which has been audited by a 3rd party and will have a new write up sometime in January when it's released. It's very effective.
- Feb 25, 2017
- 2,504
I don't have any experience with ControlD but transparency is always a good thing. Yet, I don't really care how NextDNS does it, as long as it works. And it does work.
- Feb 7, 2023
- 1,737
NextDNS blocks a lot less based on AI compared to ControlD (and not only based on AI but in general). However, the Control D AI, even in its mildest form, produces very many FPs and makes browsing a hell. Specially when not-so-popular, non-US/UK websites are used.
It looks like when collecting the training set, they forgot other parts of the world exist.
They’ve just used a collection of popular websites.
The number of false positives needs to be urgently mitigated before the AI filter can become usable. I currently have it well off!
- Dec 28, 2016
- 121
You are referring to the old v1 model from many months ago. The v2 one has 3 aggressiveness settings, if you set it to "Relaxed" you won't have any false positives. We've had zero complaints from those running it in this mode.
- Apr 4, 2021
- 271
Do you have any plans to add scam protection as well? For example, integration with Scamadviser, blocking low-rated websites on WOT and Trustpilot, etc.? I think this would be a very interesting feature. Fake online stores and companies are also one of the important threats.
- Dec 28, 2016
- 121
Hi, yes that's on the roadmap part of a much bigger project where we will slowly stop relying on 3rd party services and lists and classify every domain ourselves using a system we're building.
This is a rather large scope of work, and will take some time.
Similar threads
