- Sep 2, 2021
- 2,309
I was thinking of testing NextDns, Quad9 and another dns vs 2/3 antivirus on malicious links and phishing videos as soon as I have time
NextDNS/ControlD vs Quad9, AV Web Protection
- Thread starter SohanRay
- Start date
Please provide comments and solutions that are helpful to the author of this topic.
I was thinking of testing NextDns, Quad9 and another dns vs 2/3 antivirus on malicious links and phishing videos as soon as I have time
- May 13, 2017
- 2,487
I basically replaced AV and AD/tracker blocking with DNS, along with OS/browser mitigations, that should be enough, for me anyway.
Yes, those tests block known malicious domains, but they test DNS services using defaults. Blocking NRDs, private IPs, TLDs, VPNs, social media, etc, that alone blocks new threats.
Attachments
- Mar 19, 2022
- 246
That would be great!! Please do let know of the results....I was thinking of testing NextDns, Quad9 and another dns vs 2/3 antivirus on malicious links and phishing videos as soon as I have time
Control D has a list for malware. But also another one for phishing.I was thinking of testing NextDns, Quad9 and another dns vs 2/3 antivirus on malicious links and phishing videos as soon as I have time
You might need to create a custom malware + phishing configuration
Free DNS Resolvers
Control D has free DNS resolvers to block ads, malware and more. No account needed, secure protocols and no logging
@Shadowra could you test The European public DNS that makes your Internet safer. (DNS of the EU), Quad9 (logs in Swiss) and NextDNS (logs in EU or Swiss depending on user choice)
Beware that you enable to block in NextDNS the parked, the newly registered domains and enable AI, because a study has proven, that most HTTPS malware domains are hacked, most malvertising comes from redirected parked domains and most phishing from newly (less than 30 days existing) registered domains. AI is important because turnaround time of abused domains is only a few days
As a rule of thumb (in the EU), it s better to block HTTP websites (majority moved to HTTPS, less than 1% of business websites are still on HTTP and 95% of them are HTTP websites of dead companies, so in daily practice HTTP can be blocked)
Beware that you enable to block in NextDNS the parked, the newly registered domains and enable AI, because a study has proven, that most HTTPS malware domains are hacked, most malvertising comes from redirected parked domains and most phishing from newly (less than 30 days existing) registered domains. AI is important because turnaround time of abused domains is only a few days
The average turnaround time and/or mitigate abuse complaints is as follows:
- Response: the average turnaround is 1 day, mitigation is generally as follows:
- Phishing: 24/48/96 hours
- Spam: 96 hours
- Malware: 24/48/96 hours
- CSAM (Child Sex Abuse): 96 hours
- Botnets reported/detected: 24/48/96 hours
- Pharming: 24/48/96 hours
As a rule of thumb (in the EU), it s better to block HTTP websites (majority moved to HTTPS, less than 1% of business websites are still on HTTP and 95% of them are HTTP websites of dead companies, so in daily practice HTTP can be blocked)
Last edited by a moderator:
- Mar 13, 2021
- 417
I only used the best one, like OISD and removed the default one, otherwise it would be even worse.
If you''re not going to block Ads and tracking and only focus on security, then it makes no sense to use NextDNS, just use Quad9 since it's superior for that.
- Apr 4, 2021
- 270
I think NextDNS features are not far behind Quad9 - AI, open specialized lists, general purpose lists, built-in Google Safe, blocking new and parked domains, blocking most untrusted top level domains + blocking bypassing methods (other DNS and VPN).
I feel safe on the web only with NextDNS, although I wish it had some additional features to protect me from scammers, like Emsisoft's recently added integration with Scam Adviser. In fact, there are many opportunities to make it better, but it feels like the project is in a passive state of development.
I feel safe on the web only with NextDNS, although I wish it had some additional features to protect me from scammers, like Emsisoft's recently added integration with Scam Adviser. In fact, there are many opportunities to make it better, but it feels like the project is in a passive state of development.
- Mar 19, 2022
- 246
I agree using NextDNS without ad blocking would be a waste....but I use more than just OISD and I didn't find required domains getting blocked. Could you maybe see the logs in realtime and see which exact domains are getting blocked and by which filter/feature?
- Mar 19, 2022
- 246
Regarding blocking most untrusted top level domains, NextDNS doesn't do that automatically right? I mean the user has to select which top level domains should be blocked manually right?
@SohanRay Yes NextDNS has user configurable block options on TopLevelDomain and Domain level (also an allow list for domains)
It is really usefull for the stuff you want to block completely
When you are a happy Quad9 user, there are also Github users (like LennyFox) who keep TLD blocklists which you can add to AdGuard or uBlockOrigin:
When you are a happy Quad9 user, there are also Github users (like LennyFox) who keep TLD blocklists which you can add to AdGuard or uBlockOrigin:
Last edited by a moderator:
- Mar 19, 2022
- 246
yeah I mean I know its user configurable , as in user needs to select each TLD that needs to be blocked. I was asking if there is any setting or something that automatically blocks the most abused TLDs. Because I require currently to check the top 10 most abused TLDs in Spamhuase site from time to time to select which TLDs to block.
- Jan 13, 2019
- 203
NextDNS reduced the speed for me so I went for Quad9 which was better than Next. Few days back, I found out about Mullvad DNS and now I am using MullvadDNS (adblock.doh.mullvad.net) on mobile phone which is performing best for me till now.I was thinking of testing NextDns, Quad9 and another dns vs 2/3 antivirus on malicious links and phishing videos as soon as I have time
For your upcoming test, please include MullvadDNS (doh.mullvad.net and adblock.doh.mullvad.net) too. Thanks.
I am playing a bit DNS settings in router, network adaptor and browser, but (question) is it correct that the priority sequence is application > network adaptor > router ? Meaning when I have enabled NextDNS in my browser, that is the DNS my browser uses. Other applications use the DNS set in network adaptor and other devices (not having set a DNS) will use the DNS set in the router?
- Mar 19, 2022
- 246
The browser uses the DNS set in its settings, and the DNS set in the device if no DNS is set. The device uses the DNS set in its settings, or the DNS of the network its connected to if no DNS is set. The DNS set in the router is practically the network's DNS , unless theres some other network present too. Like mobile data.
Any application, would use the Device DNS settings unless some DNS is set in the application explicitly, in case its possible to do so in that application.
- Mar 19, 2022
- 246
I was looking into Cloudflare Gateway DNS and NextDNS as a comparision. Which one do you think is better at blocking malicious domains?
www.cloudflare.com
Cloudflare partners with Virustotal which gathers intel from a lot of security companies.
Threat Intelligence Partnerships
Cloudflare partners with leading threat intelligence providers to protect customers from the latest cyber threats.
- May 29, 2018
- 2,607
NextDNS is betterI was looking into Cloudflare Gateway DNS and NextDNS as a comparision. Which one do you think is better at blocking malicious domains?
Cloudflare partners with Virustotal which gathers intel from a lot of security companies.Threat Intelligence Partnerships
Cloudflare partners with leading threat intelligence providers to protect customers from the latest cyber threats.
Ran bunch of malware/phishing urls and controld free did much better than quad9 & cloudflare free
expecially against phishingPersonally im gonna swap from quad9 to controld
- Mar 19, 2022
- 246
Wait...so where was NextDNS ranking in this test? And by Cloudflare do you mean you used the Cloudflare gateway DNS?NextDNS is better
Ran bunch of malware/phishing urls and controld free did much better than quad9 & cloudflare free
Personally im gonna swap from quad9 to controld
- May 29, 2018
- 2,607
I did not test cloudflare gateway, just public resolvers of quad9 , cloudflare & ControlD ....and ControlD did best against malicious urls
About wich is better cloudflare gateway or NextDNS, you asked
I have used both cloudflare warp/ gateway paid dns & NextDNS
In my opinion NextDNS is better , because you can configure it more than cloudflare. You can block newly registered domains & use AI to block malicious sites, its aswell fastest dns on my end
You should trial them both and test wich suits best for you
- Mar 19, 2022
- 246
Could you run the test with NextDNS, and cloudflare gateway DNS too?
I understand NextDNS provides better configurability but is it better at blocking malicious domains than Cloudflare? Also, is ControlD better than these two at malicious domain blocking?
- May 9, 2015
- 625
NextDNS if well configured offers more protection than Quad9. Features like "Block Newly Registered Domains" for example blocks every domain that was created less than 30 days. Since most of the malicious, phishing domains are quite new and often short lived, the feature is quite effective in dealing with such threats and hardly cause any interference to normal browsing. Configurability is NextDNS highlight when compared to other DNS service providers.
In addition to Ad blocking and security features, NextDNS can also block Native Windows Tracking to a good extent if you enable the feature. After enabling it, my 3rd most blocked tracking queries is from Windows 10 itself. ControlD, even though I haven't tried it yet but would recommend trying it over the ordinary DNS services like Quad9, Cloudflare etc.
In addition to Ad blocking and security features, NextDNS can also block Native Windows Tracking to a good extent if you enable the feature. After enabling it, my 3rd most blocked tracking queries is from Windows 10 itself. ControlD, even though I haven't tried it yet but would recommend trying it over the ordinary DNS services like Quad9, Cloudflare etc.
Similar threads
