SeriousHoax

Level 10
Verified
Malware Tester
Great indeed, thank you. I have found a filter there, that works really well, not 100% effective, but darn close to it. Just what I was looking for.
There are some other adult filter hosts too. Check what happens if you add them. It really is great and simple way to block ads, trackers, adult contents.
 

SeriousHoax

Level 10
Verified
Malware Tester
checked out NextDNS last night. I don't know how this DNS service went under my radar because it looks fantastic. I haven't tried it yet, I have signed up for the Beta and I will be setting up and trying it out today. Judging from the looks and settings alone it looks like the best third party DNS I've seen for a long time. Thank you for sharing the link and making me aware of it. Everyone who uses a third party/Custom DNS service should check NextDNS out it looks very promising indeed.
Happy to share it. I'm using it for more than two months now and works great. If you're looking to set it up on your PC or router then I would suggest to use another DNS as the second option. Sometimes I've seen it not working but very rarely. It's still in beta so that's expected.
 

Burrito

Level 20
Verified
Happy to share it. I'm using it for more than two months now and works great. If you're looking to set it up on your PC or router then I would suggest to use another DNS as the second option. Sometimes I've seen it not working but very rarely. It's still in beta so that's expected.
Yeah, this is interesting.

From the nextdns.io website:

>>"100+ popular blocklists to choose from, all of them updated in real-time."

Are these the same blocklists that one might get at fliterlists.com?


Thanks.
 

Burrito

Level 20
Verified
1566139314236.png


I wonder why I don't see them in the DNS Jumper speed test?

Maybe DNS Jumper doesn't automatically include all DNS providers.... I dunno.

And NextDNS is very new.

But yeah, thanks for bringing this to our attention.

As an aside, it's strange to see Norton DNS there and active... as they announced long ago that it would no longer be supported.
 

SeriousHoax

Level 10
Verified
Malware Tester
View attachment 220463

I wonder why I don't see them in the DNS Jumper speed test?

Maybe DNS Jumper doesn't automatically include all DNS providers.... I dunno.

And NextDNS is very new.

But yeah, thanks for bringing this to our attention.

As an aside, it's strange to see Norton DNS there and active... as they announced long ago that it would no longer be supported.
Yes the main reason is, it's new. Besides, NextDNS gives every user a separate dns address. You can manually check ping via CMD like this,
ping.png
 

Burrito

Level 20
Verified
Ok, I guess you have to add new DNS numbers manually with DNS Jumper.

I did that with the DNS numbers from the website.

45.90.28.139
45.90.30.139

The results follow. And really.... a few milliseconds is not a big deal potentially for increased security.

But it's hard to know if adding filterlists actually increases security over Neustar -- the DNS that @Evjl's Rain determined possibly blocks the most malware.

And.... does adding filter lists slow DNS resolution by a significant degree? (probably still measured in milliseconds)

I'll try it.

1566141472053.png
 

ZeroDay

Level 28
Verified
Malware Tester
There is in Windows, in accounts, but you may need to set it up with M$ account. I'm not sure as I haven't used it. If you click on the info link under family in WSC it will take you to M$ website.
I thought there was. That's another avenue for the OP although I understand he wants network wide protection for all devices. There's plenty of info on this thread for the OP now.
 

SeriousHoax

Level 10
Verified
Malware Tester
Ok, I guess you have to add new DNS numbers manually with DNS Jumper.

I did that with the DNS numbers from the website.

45.90.28.139
45.90.30.139

The results follow. And really.... a few milliseconds is not a big deal potentially for increased security.

But it's hard to know if adding filterlists actually increases security over Neustar -- the DNS that @Evjl's Rain determined possibly blocks the most malware.

And.... does adding filter lists slow DNS resolution by a significant degree? (probably still measured in milliseconds)

I'll try it.

View attachment 220465
Ping varies depending on the server and distance mostly. Yes, in real world you probably won't notice any difference between 10 ms and 36 ms. On my location I get the same ping for Cloudflare, Open DNS and NextDNS so probably filters doesn't slowdown dns resolutions by much.
I've seen the co-founder of NextDNS replies to questions asked by users on twitter. You may ask him if you want.
 

Evjl's Rain

Level 43
Verified
Trusted
Content Creator
Malware Hunter
View attachment 220463

I wonder why I don't see them in the DNS Jumper speed test?

Maybe DNS Jumper doesn't automatically include all DNS providers.... I dunno.

And NextDNS is very new.

But yeah, thanks for bringing this to our attention.

As an aside, it's strange to see Norton DNS there and active... as they announced long ago that it would no longer be supported.
the blocking DNS might be in another DNS group. You need to find if they are there or not
Untitled.png

+ if you change to a blocking DNS by DNS jumper, you MUST change 1 option or they may not block anything
Capture.PNG
why? because if a website is blocked by the DNS but windows thinks it's due to DNS issue so windows will try to use the second DNS -> fail -> third DNS
with this option checked, DNS jumper will add a third DNS which is your localhost address (192.168.1.1 or 192.168.x.1,...) and this localhost will use the DNS provided by your router!!! (if I'm not mistaken)
So you should uncheck the option

by the way, DNS ping time varies a lot during the day. Your fastest DNS in the morning might be the slowest one in the afternoon. Use the consistent ones
 
Last edited:

Burrito

Level 20
Verified
why? because if a website is blocked by the DNS but windows thinks it's due to DNS issue so windows will try to use the second DNS -> fail -> third DNS
with this option checked, DNS jumper will add a third DNS which is your localhost address (192.168.1.1 or 192.168.x.1,...) and this localhost will use the DNS provided by your router!!! (if I'm not mistaken)
So you should uncheck the option

by the way, DNS ping time varies a lot during the day. Your fastest DNS in the morning might be the slowest one in the afternoon. Use the consistent ones
Good info. I never really looked at those options.

Maybe...

I just tested it empirically.

I went to a Neustar blocked website with the box checked, and with it unchecked.

In both cases, Neustar blocked it.

Maybe the Neustar block screen still registers as 'resolved.'

But that's with a test of 1 sample... and maybe there is some other variable I'm not accounting for.

Thanks for making me examine that stuff more carefully.

1566148343498.png



=============

Just so this post is on-topic, Neustar is very good, and has different filtering based on your needs, and could be a good option for the OP also.

1566148719034.png
 

Evjl's Rain

Level 43
Verified
Trusted
Content Creator
Malware Hunter
Good info. I never really looked at those options.

Maybe...

I just tested it empirically.

I went to a Neustar blocked website with the box checked, and with it unchecked.

In both cases, Neustar blocked it.

Maybe the Neustar block screen still registers as 'resolved.'

But that's with a test of 1 sample... and maybe there is some other variable I'm not accounting for.

Thanks for making me examine that stuff more carefully.

View attachment 220468


=============

Just so this post is on-topic, Neustar is very good, and has different filtering based on your needs, and could be a good option for the OP also.

View attachment 220469
yeah, the blocking depends. I noticed it because my adguard DNS didn't block any ad. I found that third DNS was the culprit
neustar redirects a blocked page to their Block page that you show in the screenshot. That's why neustar isn't affected
but for other DNS, if something is blocked, the browser will fail to resolve and other DNS-es will be used
 

TairikuOkami

Level 23
Verified
Content Creator
There are some other adult filter hosts too. Check what happens if you add them.
I have tried them "all", some are too weak, some do not work and some work way too well, like Shalla with a million entries, but it blocks youtube.
Code:
https://raw.githubusercontent.com/cbuijs/shallalist/master/porn/urls
 

Attachments

SeriousHoax

Level 10
Verified
Malware Tester
I have tried them "all", some are too weak, some do not work and some work way too well, like Shalla with a million entries, but it blocks youtube.
Wait, are you adding those to the Adguard extension? I was talking about the list of NextDNS. Personally I don't block Adult content but I tested with NextDNS before and it was blocking those sites for me.
 
  • Like
Reactions: oldschool

TairikuOkami

Level 23
Verified
Content Creator
Wait, are you adding those to the Adguard extension? I was talking about the list of NextDNS.
Security is still my main concern and NextDNS offers nothing valuable in this category, they merely allow users to add third party lists, which can be used within extensions. Besides I would not feel comfortable allowing DNS for every software within my PC, just to be able to use dnscrypt.
 
  • Like
Reactions: oldschool

Burrito

Level 20
Verified
Don't Neustar keep logs? I've used them a lot in the past but I read somewhere (Maybe on MT) That they keep logs and use them.
Hmmm..... I dunno.

To some degree, we all learn to live with privacy incursions into our lives.

The DNS keeping logs... I don't really care.

If I decide to run for president and somebody digs up all the crazy porn I've looked at.... then I'll care. :)
 
Last edited: