Advice Request NextDNS/ControlD vs Quad9, AV Web Protection

Please provide comments and solutions that are helpful to the author of this topic.

rashmi

Level 12
Jan 15, 2024
575
@n8chavez

I tried the ControlD Some Control version and liked it. For the kids' profile, the default adult filter setting should be in strict mode. In the default relaxed mode, ControlD didn't catch all adult sites, but it blocked them in strict mode. The dating and social filters are effective, but they permit certain Chinese social network platforms. The gaming filter operates in a relaxed mode, allowing a few sites to pass through. I appreciated that ControlD enforced YouTube's strict-restricted mode. NextDNS and AdGuardDNS enforced YouTube's moderate-restricted mode. Overall, I'm impressed with ControlD.

I prefer Cloudflare Gateway because it includes categories, subcategories, and nuclear filters, which I find easier and more effective at blocking. The Cloudflare Gateway free plan has sufficient features for home users. If I encounter issues with Cloudflare Gateway, I will definitely purchase ControlD.

66918eb946fec.png

66918e7e96b99.png
 

rashmi

Level 12
Jan 15, 2024
575
Great. I'm glad you found what works for you. I have no experience with Cloudflare Gateway, and don't know anything about it. Let me know you experiences with it.
Cloudflare Gateway performs excellently. This is not a simple service; it's a business product that comes with usage policies. ControlD is a user-friendly and comprehensive solution designed with features for home users.
 

Trident

Level 34
Verified
Top Poster
Well-known
Feb 7, 2023
2,349
Cloudflare Gateway performs excellently. This is not a simple service; it's a business product that comes with usage policies. ControlD is a user-friendly and comprehensive solution designed with features for home users.
I am using ControlD currently, second year in a raw, but tbh I am considering cancelling. Blocklists are wildly inaccurate, for example, even though I have set Ad Blocking to moderate, which should allow affiliate links, a lot of them are blocked (sometimes, other times they are not). For 2-3 days, Check Point research was blocked. I was unable to send and receive Messages on FB messenger 2-3 days, I thought it was an issue with the app, I reinstalled, still not working. Turned out ControlD was at fault again (I’ve never activated anything that blocks FB Graph).

All in all, very frequent issues and mishaps, a lot of manual poking required, much more than NextDNS.
 

rashmi

Level 12
Jan 15, 2024
575
@Trident I don't use the adblocking function of DNS-based services, so I have nothing to add. ControlD is effective for my specific need, which is parental control. I also enjoyed NextDNS, and the free plan is sufficient for my usage. NDNS's adult filter is reliable, but other nuclear filters allow many websites.
 
  • Like
Reactions: Trident

windscribe

From Windscribe
Verified
Developer
Well-known
Dec 28, 2016
128
I am using ControlD currently, second year in a raw, but tbh I am considering cancelling. Blocklists are wildly inaccurate, for example, even though I have set Ad Blocking to moderate, which should allow affiliate links, a lot of them are blocked (sometimes, other times they are not). For 2-3 days, Check Point research was blocked. I was unable to send and receive Messages on FB messenger 2-3 days, I thought it was an issue with the app, I reinstalled, still not working. Turned out ControlD was at fault again (I’ve never activated anything that blocks FB Graph).

All in all, very frequent issues and mishaps, a lot of manual poking required, much more than NextDNS.
If you click a lot of affiliate links, you need to use the Relaxed mode as there are many different types out there, and balanced may block more obscure ones.

As for "unable to send and receive Messages on FB messenger" - which filter blocked domains related to this? We haven't gotten any reports about this, and when a popular app is blocked we hear about it from a lot of people.

Lastly, if you don't like the native filters, you can always use 3rd party which is the only option with NextDNS
 

Trident

Level 34
Verified
Top Poster
Well-known
Feb 7, 2023
2,349
I do click a lot of affiliate links and I am using the relaxed mode. Latest instance where something wasn’t working was sponsored links inside amazon app (just 2-3 days ago). Upon clicking on one, I was seeing my custom block page inside the app.
It seems to have been fixed now.

As I browse, there is always something here and there that is blocked, some security software blog 2-3 days ago was blocked as well (I’ll search the logs but it will take very long to find which one).

As for "unable to send and receive Messages on FB messenger" - which filter blocked domains related to this? We haven't gotten any reports about this, and when a popular app is blocked we hear about it from a lot of people.
I didn’t check to be honest. I just created a rule to allow the graph. All in all, there are loads of blocks that “come and go” and I am not certain why is that. As I said, Check Point Research (CPR) at one point was blocked as well. A lot of times blocks’ve got wrong categories (blocked under the wrong filter). If you are curious to obtain details, I can monitor the situation more closely.
Lastly, if you don't like the native filters, you can always use 3rd party which is the only option with NextDNS
They’ve got native filters as well but they now feel like abandonware so not sure what I will do and who I will choose. ControlD is much more actively developed.
 

windscribe

From Windscribe
Verified
Developer
Well-known
Dec 28, 2016
128
@n8chavez

I tried the ControlD Some Control version and liked it. For the kids' profile, the default adult filter setting should be in strict mode. In the default relaxed mode, ControlD didn't catch all adult sites, but it blocked them in strict mode. The dating and social filters are effective, but they permit certain Chinese social network platforms. The gaming filter operates in a relaxed mode, allowing a few sites to pass through. I appreciated that ControlD enforced YouTube's strict-restricted mode. NextDNS and AdGuardDNS enforced YouTube's moderate-restricted mode. Overall, I'm impressed with ControlD.

I prefer Cloudflare Gateway because it includes categories, subcategories, and nuclear filters, which I find easier and more effective at blocking. The Cloudflare Gateway free plan has sufficient features for home users. If I encounter issues with Cloudflare Gateway, I will definitely purchase ControlD.



We're building our own domain classification system, which will eliminate reliance on 3rd party blocklists which can be less reliable (since they're maintained by some dude on Github). It will function similarly to Cloudflare, except with fewer options as a lot of those are highly ambiguous and I can't see how those can be very accurate.

Considering how bad the Cloudflare malware filter is (Public DNS malware filters tested in 2024) I'm not sure of the true efficacy here.
 

windscribe

From Windscribe
Verified
Developer
Well-known
Dec 28, 2016
128
I do click a lot of affiliate links and I am using the relaxed mode. Latest instance where something wasn’t working was sponsored links inside amazon app (just 2-3 days ago). Upon clicking on one, I was seeing my custom block page inside the app.
It seems to have been fixed now.

As I browse, there is always something here and there that is blocked, some security software blog 2-3 days ago was blocked as well (I’ll search the logs but it will take very long to find which one).


I didn’t check to be honest. I just created a rule to allow the graph. All in all, there are loads of blocks that “come and go” and I am not certain why is that. As I said, Check Point Research (CPR) at one point was blocked as well. A lot of times blocks’ve got wrong categories (blocked under the wrong filter). If you are curious to obtain details, I can monitor the situation more closely.

They’ve got native filters as well but they now feel like abandonware so not sure what I will do and who I will choose. ControlD is much more actively developed.
Id love to get some specific domains if you still got them. You can email them directly to me if you want: yegor@controld.com
 

Trident

Level 34
Verified
Top Poster
Well-known
Feb 7, 2023
2,349
Id love to get some specific domains if you still got them. You can email them directly to me if you want: yegor@controld.com
I was mistaken when I said the Amazon sponsored links are fixed, turns out I’ve disabled ControlD.
There are many Amazon blocks, amongst which:
fls-eu.amazon.com
appx.transient.amazon.co.uk
unagi.amazon.co.uk
Responsible for these blocks is 1Hosts at the moment. My understanding was that when using “Relaxed” mode, these affiliate links will be “allowed” even if some dude has decided that they should be blocked. This is the NextDNS situation and I believe somewhere in ControlD documentation or comparison I’ve read something similar.
IMG_4579.png
 
  • Like
Reactions: simmerskool

windscribe

From Windscribe
Verified
Developer
Well-known
Dec 28, 2016
128
Well, these domains are blocked by multiple 3rd party filters: 1hosts Pro, and several Hagezi levels (pro, proplus, ultimate). These domains do not appear in our native Ads & Trackers filter.

Since you're using native filters and 3rd party, if a domain appears in any of them, it will be blocked.

For this reason, we recommend sticking with native filters only, and don't mix them with 3rd party as you did - which is the source of the issue.
 

Trident

Level 34
Verified
Top Poster
Well-known
Feb 7, 2023
2,349
Well, these domains are blocked by multiple 3rd party filters: 1hosts Pro, and several Hagezi levels (pro, proplus, ultimate). These domains do not appear in our native Ads & Trackers filter.

Since you're using native filters and 3rd party, if a domain appears in any of them, it will be blocked.

For this reason, we recommend sticking with native filters only, and don't mix them with 3rd party as you did - which is the source of the issue.
Ok, that explains! Thanks.
It’s probably in these filters that these blocks are coming and going, as people are reporting there, to the third-party.
 

Trident

Level 34
Verified
Top Poster
Well-known
Feb 7, 2023
2,349
Ads & Trackers - Relaxed is all you need in this scope. Wife and grandma approved.
The reason I enabled these third-party filters is, they block a lot of links in junk mail. I got some decoy accounts that receive loads of SPAM. Large number leads to https://firebasestorage.googleapis.com/ which then redirects to another domain.
This other domain varies but most of the time is blocked by 1Hosts only.

But I can block the firebasestorage 🙃
 

rashmi

Level 12
Jan 15, 2024
575
We're building our own domain classification system, which will eliminate reliance on 3rd party blocklists which can be less reliable (since they're maintained by some dude on Github). It will function similarly to Cloudflare, except with fewer options as a lot of those are highly ambiguous and I can't see how those can be very accurate.

Considering how bad the Cloudflare malware filter is (Public DNS malware filters tested in 2024) I'm not sure of the true efficacy here.
Yes, Cloudflare has many options. It took me a few tests to figure out the categories and settings that suited my needs. However, I would prefer fewer options. Every content filtering or parental control solution has false positives and wrong categorizations. In terms of parental control features, my experience with Cloudflare has been excellent. However, their malware and phishing protection are disappointing. Overall, I prefer ControlD because it is simple, efficient, and provides a complete solution. It would be excellent if ControlD could offer a free plan to Windscribe Pro and lifetime subscription users 😊, similar to AdGuard.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top