AVLab.pl Recommended DNS servers – which ones are the fastest and best protect the user?

[Adrian Ścibor]

Dear All,

We have published a new DNS server comparison. We have tested response times using the top 1000 list of the Cloudflare Radar. In addition, we have checked the protection against phishing and malware.

Link to the publication: Recommended DNS Servers: Speed And Protection Test » AVLab

The analysis is by the author Michal Giza.

 

[SumTingWong]

Quad9

 

[ForgottenSeer 97327]

Dear All,

We have published a new DNS server comparison. We have tested response times using the top 1000 list of the Cloudflare Radar. In addition, we have checked the protection against phishing and malware.

Link to the publication: Recommended DNS Servers: Speed And Protection Test » AVLab

The analysis is by the author Michal Giza.

Adrian,

For NextDNS free you need to create an account and eneable all protections to get a better impression on its capabilities. Did you use the general IP addresses of Next-DNS or personal with protections enabled? Looking at the huge difference with DNS0.eu, you only used the general/generic free version (DNS0.eu runs on NextDNS software). see video below for explanation.


Normally NextDNS should score the same as DNS0.eu (which is the overall winner now)

​	Cloudflare​	Quad9​	Comodo Secure DNS​	CleanBrowsing​	Alternate DNS​	AdGuard DNS​	NextDNS​	dns0.eu​
Phishing​	​	3​	​	2​	​	​	​	1​
Day 1​	75​	45​	29​	55​	28​	40​	30​	89​
Day 2​	66​	74​	28​	96​	29​	66​	28​	78​
Day 3​	47​	61​	32​	93​	12​	18​	12​	61​
Malware​	​	​	​	​	​	​	​	​
Day 1​	87​	92​	25​	90​	17​	16​	25​	100​
Day 2​	86​	92​	31​	86​	20​	19​	32​	100​
Day 3​	87​	89​	50​	86​	16​	18​	28​	100​
​	​	​	​	​	​	​	​	​
​	74.67%​	75.50%​	32.50%​	84.33%​	20.33%​	29.50%​	25.83%​	88.00%​

 

[Jan Willy]

Maybe I don't understand well next site, but it seems there's a problem with updating.

NextDNS

The new firewall for the modern Internet. NextDNS has 18 repositories available. Follow their code on GitHub.

github.com

 

[Shadowra]

Dns0.eu

 

[Moonhorse]

2 days ago someone asked about wich dns to choice, now you publish the test

 

[Adrian Ścibor]

Adrian,

For NextDNS free you need to create an account and eneable all protections to get a better impression on its capabilities. Did you use the general IP addresses of Next-DNS or personal with protections enabled? Looking at the huge difference with DNS0.eu, you only used the general/generic free version (DNS0.eu runs on NextDNS software). see video below for explanation.


Normally NextDNS should score the same as DNS0.eu (which is the overall winner now)

​	Cloudflare​	Quad9​	Comodo Secure DNS​	CleanBrowsing​	Alternate DNS​	AdGuard DNS​	NextDNS​	dns0.eu​
Phishing​	​	3​	​	2​	​	​	​	1​
Day 1​	75​	45​	29​	55​	28​	40​	30​	89​
Day 2​	66​	74​	28​	96​	29​	66​	28​	78​
Day 3​	47​	61​	32​	93​	12​	18​	12​	61​
Malware​	​	​	​	​	​	​	​	​
Day 1​	87​	92​	25​	90​	17​	16​	25​	100​
Day 2​	86​	92​	31​	86​	20​	19​	32​	100​
Day 3​	87​	89​	50​	86​	16​	18​	28​	100​
​	​	​	​	​	​	​	​	​
​	74.67%​	75.50%​	32.50%​	84.33%​	20.33%​	29.50%​	25.83%​	88.00%​

No, as I know, he didn't use any external configuration for NextDNS. Just simply IP address from vendor's webpage.

Maybe next time, when we go through with refreshing test edition in 2024. Until that time, any feedback from the community would be helpful.

 

[ForgottenSeer 97327]

No, as I know, he didn't use any external configuration for NextDNS. Just simply IP address from vendor's webpage.

Maybe next time, when we go through with refreshing test edition in 2024. Until that time, any feedback from the community would be helpful.

Thanks that explains it. The video of the youtube tester clearly shows that differs a lot (general IP is NO malware protection)

 

[ForgottenSeer 97327]

@TommyHillis

How could a public feeds sourced pihole out perform (protection wise) the data feeds of security specialists?
When you look at the partners of Quad9 for instance, that is an impressive list of security companies joining forces.
How could Github based malware feeds of amateurs and hobbyists be superior to that?

 

[Moonhorse]

Guys user zero trust cloudflare, and setup an automated pihole on github and its superior to every single paid DNS, and its 100% free.
Using these other ones is not a real long term solution and a waste of money. Cloudflare is the leading dns and with cloudflare zero trust you can literally filter ads, urls, and configure url lists and even a automatic pihole on it.

Vanilla Cloudflare is kids play.

You require credit card details to use zero trust, so basically its not free otherwise its great service

 

[jetman]

@TommyHillis

How could a public feeds sourced pihole out perform (protection wise) the data feeds of security specialists?
When you look at the partners of Quad9 for instance, that is an impressive list of security companies joining forces.
How could Github based malware feeds of amateurs and hobbyists be superior to that?

This is a good point.

Its also not clear where NextDNS and dns0 get their thereat intelligence from. Does anyone here know?

 

[ForgottenSeer 97327]

This is a good point.

Its also not clear where NextDNS and dns0 get their thereat intelligence from. Does anyone here know?

It is not on DNS0 website, but on their social media somewhere. I once posed a picture of the logo's of their partners. Quad9 has more feeds

 

[jetman]

It is not on DNS0 website, but on their social media somewhere. I once posed a picture of the logo's of their partners. Quad9 has more feeds

I found it on their website, although personally have never heard of these partners. Does anyone know much about these companies? Based on the test results DNS0 are doing something right.

Quad9 also has partners I have never heard of, although they also list F-Secure and IBM.

 

[Moonhorse]

I googled all of them and they are real companies ( who would though that)

So many trust nextdns, and they come from france so i believe in them

seems quad9 is not that bigger of ''company'' either

 

[ForgottenSeer 97327]

Two founders of NextDNS are also the founders of DNS0.eu Romain Cointepas (also CEO DNS0.eu) and Olivier Poitrey (also Director of Engineering at Netflix). Because DNS0.eu is probably sponsored by the European Union, my guess is that the software and infrastructure partners of NextDNS and DNS0.eu are the same. The EU probably pays an annual lump-sum to NextDNS and the infrastructure partners to use the platform (GandiNet for hosting, Annexia for server network). The other DNS0 partners are probably paid by sharing data and specific services or projects (e.e. CERT.PL maintaining the threat data exchange hub).

There are some differences between NextDNS and DNS0.eu. Before AI helped to develop the AI-detection module of NextDNS, but AI is not part of DNS0.eu (yet) while Before AI also is a partner for DNS0.eu. There is also a cross link with Quad9. Cert.PL build N6 (also founded by the EU) an open source security threats exchange hub, which was also used by No-more-ransomware and GlobalCyberAlliance of which some founding parters (of those two inititaives) are also part of Quad9. That said, I can imagine there is a Chinese wall between the two (because IBM and F-secure take part in Quad9 and they might not agree their data being used by other entities).

 

[jetman]

There are some differences between NextDNS and DNS0.eu. Before AI helped to develop the AI-detection module of NextDNS, but AI is not part of DNS0.eu (yet)

There seems to be two options for dns0 one is the 'default' option, but there is also a 'zero' option.
Does this take advantage of AI? Was this version which showed 100% malware blocking in the tests?

ZERO — Hardened security for highly sensitive environments.

The EU probably pays an annual lump-sum to NextDNS

I can't find any references to this on the dns0 website.

 

[ForgottenSeer 97327]

There seems to be two options for dns0 one is the 'default' option, but there is also a 'zero' option.
Does this take advantage of AI? Was this version which showed 100% malware blocking in the tests?

ZERO — Hardened security for highly sensitive environments.



I can't find any references to this on the dns0 website.

I can't find any references of AI (yet). Also when a government supported DNS would use AI, some might speculate that the AI is not used for malware protection alone.

That was speculation from my side. The company's providing the platform for DNS0.eu probably won't do that for free.

 

[Moonhorse]

No, it doesnt. Its completely free, i have dozens of customer accounts with no payment method.
If they did change the TOS, just toss a paypal on the account.

paypal requires credit card aswell to pass the buying

Nothing is free, you give them your credit card details as payment

 

[Alexai]

So, what dns service is the best?

 

[Ink]

So, what dns service is the best?

Use the report in the first post as an indicator, then find out by trying the services to see which one works best for your devices.

The best may be heavily restrictive and therefore not suitable, whereas a service with customization will allow more flexibility.