Battle NextDns vs ControlD DNS

Compare list
NextDNS
ControlD

ddave

Level 2
Verified
Nov 17, 2014
86
NextDNS and their public dns resolver dns0 is simply better than ControlD when comparing free versions. Paid Version of NextDNS is ahead of ControlD aswell
I didn't know dns0, thank you for the advice!
dns0 zero can block ads?
 
Last edited:

SohanRay

Level 5
Thread author
Mar 19, 2022
246
I didn't know dns0, thank you for the advice!
dns0 zero can block ads?
it can block some percent of ads if you use the kids mode version. But that will also block other adult content, mixed content sites like reddit etc.
 
  • Like
Reactions: ddave
F

ForgottenSeer 97327

You can add lists to the denylist.
In the block section (5th tab) or the privacy section (3rd tab) I don't see an option to add a custom filter. What do you mean with denylist? Could post where this option is located in NextDNS gui?
 

toto_10

Level 5
Verified
Well-known
Feb 12, 2017
241
Sorry for the confusion - fully understandable.

I meant, is it possible to add filters from filterlists.com as you wish or are there only certain filters you can add?
 

SohanRay

Level 5
Thread author
Mar 19, 2022
246
Thats a good blog post.

I have tested dns0 with zero and Controld free with phishing + malware filter enabled against phishtank & urlhaus and dns0 zero blocks more than ControlD does.

Its my personal opinion but i think NextDNS needs to be tweaked to '' maximium' to meet same level of protection than dns0 zero does
And my personal opinion is that NextDNS is better than ControlD

Do you use antivirus?
As dns0 has threat intel partners, I think even if NextDNS is tweaked, it would fall behind. Maybe you could perform the same test using NextDNS and ControlD? As far as I know both nextDNS and ControlD actually directly import from urlhause and phishtank. So the result should be very similar for both. Also, I tested from 2 sources which both of them definitely cannot import from directly like that, as that's impossible. I used Alienvault and IBM X-Force to get some malicious links manually and tested them with both of them. They both were very close in both cases. When used links from IBM, NextDNS did a little better and When used AlienVault, ControlD did a little better. It should also be taken into consideration that ControlD doesn't have AI yet(coming this month as mentioned in their blog) and NextDNS does. So, basically I am currently sticking with ControlD as they have customer support. They listen to their customers , their requests and info provided by them and take actions very quickly if needed. And their ad filter is maintained by them with aggressive blocking and false positives removed.
 

SohanRay

Level 5
Thread author
Mar 19, 2022
246
In the block section (5th tab) or the privacy section (3rd tab) I don't see an option to add a custom filter. What do you mean with denylist? Could post where this option is located in NextDNS gui?
We can't add lists, only individual domains...
 
  • Like
Reactions: toto_10

Moonhorse

Level 37
Verified
Top Poster
Content Creator
Well-known
May 29, 2018
2,600
As dns0 has threat intel partners, I think even if NextDNS is tweaked, it would fall behind. Maybe you could perform the same test using NextDNS and ControlD? As far as I know both nextDNS and ControlD actually directly import from urlhause and phishtank. So the result should be very similar for both. Also, I tested from 2 sources which both of them definitely cannot import from directly like that, as that's impossible. I used Alienvault and IBM X-Force to get some malicious links manually and tested them with both of them. They both were very close in both cases. When used links from IBM, NextDNS did a little better and When used AlienVault, ControlD did a little better. It should also be taken into consideration that ControlD doesn't have AI yet(coming this month as mentioned in their blog) and NextDNS does. So, basically I am currently sticking with ControlD as they have customer support. They listen to their customers , their requests and info provided by them and take actions very quickly if needed. And their ad filter is maintained by them with aggressive blocking and false positives removed.
Both NextDNS and ControlD are good options. If using free dns i would stick to dns0, with the paid i would choose ControlD. Its hard to find recent malware/phishing sites outside of phishtank/ urlhaus. About the antivirus i asked if you use one as people usually use quad9 as dns and just rely on the antivirus webfilter instead of having suberb dns protecting their devices.
 

TairikuOkami

Level 35
Verified
Top Poster
Content Creator
Well-known
May 13, 2017
2,435
We can't add lists, only individual domains...
You can add a list of domains, but that takes some time (1 domain per second, so thousands would take forever), it is possible to add them to the config, but I am not sure how.
 

Attachments

  • capture_03202023_213344.jpg
    capture_03202023_213344.jpg
    233.4 KB · Views: 120
  • Like
Reactions: toto_10

SohanRay

Level 5
Thread author
Mar 19, 2022
246
Both NextDNS and ControlD are good options. If using free dns i would stick to dns0, with the paid i would choose ControlD. Its hard to find recent malware/phishing sites outside of phishtank/ urlhaus. About the antivirus i asked if you use one as people usually use quad9 as dns and just rely on the antivirus webfilter instead of having suberb dns protecting their devices.
Actually Blocking Ads and trackers t DNS level are an essential requirement of mine. It works best in Android/IOS devices, and speeds of all types of loading times saves bandwidth and even saves battery therefore in mobile devices.
Just a note: While I was checking phishing links from AlienVault/IBM X Force, I saw that Phishtank, Openphish did miss them, at least 50% of them. At least from the bunch I checked.
 
  • Like
Reactions: Moonhorse

nishaddesilva

Level 3
Aug 26, 2012
257
The problem with ControlD is there's no proper query/history log. If for some reason some site is blocked you can't go to the log and see whether it was blocked by DNS or the server is down. Their 'Activity log' is run on demand only. So you have to be running the log first and then check the domain.
NextDNS and Adguard DNS have realtime logging features. Of course, you can define log retention period as well if you are privacy conscious.
 

SohanRay

Level 5
Thread author
Mar 19, 2022
246
The problem with ControlD is there's no proper query/history log. If for some reason some site is blocked you can't go to the log and see whether it was blocked by DNS or the server is down. Their 'Activity log' is run on demand only. So you have to be running the log first and then check the domain.
NextDNS and Adguard DNS have realtime logging features. Of course, you can define log retention period as well if you are privacy conscious.
There is an Activity Log in ControlD, which shows which queries are being blocked and by which filter and which ones are bypassed. Sorry I couldn't understand what you are talking about. Could you maybe rephrase?
 

nishaddesilva

Level 3
Aug 26, 2012
257
There is an Activity Log in ControlD, which shows which queries are being blocked and by which filter and which ones are bypassed. Sorry I couldn't understand what you are talking about. Could you maybe rephrase?
For their log to work, I think that the Activity log has to be running already first. It will run for 2 or 3 hours after running. During that time anything that was queried will be logged.
But on NextDNS and Adguard you always have a log running and you can always go to the log and see what was blocked.
 
  • Like
Reactions: SohanRay

SohanRay

Level 5
Thread author
Mar 19, 2022
246
For their log to work, I think that the Activity log has to be running already first. It will run for 2 or 3 hours after running. During that time anything that was queried will be logged.
But on NextDNS and Adguard you always have a log running and you can always go to the log and see what was blocked.
Ohh I got that now.. yeah maybe that's so...I only turn it on when I suspect something is blocked when it shouldn't be.
 
  • Like
Reactions: nishaddesilva

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top