Battle Which DNS would you choose for Security and Content blocking?

alakazam

Level 9
Verified
Mar 25, 2014
398
No need to install anything, just set it up in your router, windows or a browser by entering 4 numbers, that is all. You can test various DNS services for effectiveness.


Or you can use this utility for a quick setup. Pick Family Safe DNS List, pick one DNS and Apply DNS.

How do I return to my original IP if I decide I no longer want to use the DNS?
 
  • Like
Reactions: Nevi

monkeylove

Level 13
Verified
Top Poster
Well-known
Mar 9, 2014
617
How do I return to my original IP if I decide I no longer want to use the DNS?
At least for Windows PC, check out programs like DNS Jumper, which also comes with a tester:

 

Stopspying

Level 19
Verified
Top Poster
Well-known
Jan 21, 2018
814
I've used DNSJumper a lot in the past but now I stick to AdGuard DNS.

I use NextDNS on all of my devices.

I used AdguardDNS on parents devices and advised friends to use it but they were annoyed by the fact it blocked the links Google gives you for "shopping" so I resorted to Quad9 in their cases.
AdGuard does make using commercial sites a bit of a pain to use for this reason, but I'd rather they did this than Google slurps up even more about my online activities, a bit of extra tweaking as and when i want to access certain sites isn't too much of a hassle.
 

valvaris

Level 6
Verified
Well-known
Jul 26, 2015
263
Changed things up again - Went away from NextDNS to Commercial ones like 1.1.1.2 / 1.0.0.2 @853 DoT and Quad9 as fallback - For Content Control I build a OPNsense Firewall with Sensei from SunnyValley - Extension on the browser Ublock Origin for Edge Chromium.

Have to say the performance is nice and reporting with exclusions for lists is as easy as just clicking the Checkmark and go...

PC refers to Local DNS 192.168.100.254 -----> Firewall (OPNsense with Unbound Default) Uplink to <-----DoT----> Cloudflare / Quad9

Sincerely
Val.
 
Last edited:

valvaris

Level 6
Verified
Well-known
Jul 26, 2015
263
Why not RPi with pi-hole and Unbound and the ISP´s DNS?
Why?

It would be another device in the network and since OPNsense has this feature build inside it will take care of the DNS requests very reliable. :)

Why not using the ISPs DNS here is a nice read from Cloudflare -> Introducing 1.1.1.1 for Families

So I do not need to take care of lists anymore and with Sensei (Sunny Valley) NGFW Lists for Application Protection / Web Protection and Control they work very reliable too. The Reports are very good and if something gets blocked its easy as 1-2-3 to troubleshoot including what Ports communicate with stats.
Here is a read for Sensei -> Sensei: Overview — OPNsense documentation

Pihole:
PC ----> PIhole ----> Router -----> DNS

OPNsense DNS:
PC -----> OPNsense ----> DNS

Long story short since OPNsense is your gateway communication is shorter and all under one console/webinterface. :)

Sincerely
Val.
 
F

ForgottenSeer 85179

The @Quad9DNS service was blocking our grapheneos.network connectivity check server for a period of time yesterday/today. It was unblocked after users reported it. It's very strange and I think it reflects quite badly on their processes for blocking supposed malware domains.

I'd really like to know why a domain using DNSSEC and running an HTTP / HTTPS server serving empty 204 responses for /generate_204 was blocked.

It doesn't serve anything else beyond redirects to GrapheneOS Frequently Asked Questions for /, a static MTA-STS configuration and 404 responses...


Maybe they accidentally block .network domains so more then just this domain was affected but who knows. At least nice to see a fast fix.
 

Ink

Administrator
Verified
Jan 8, 2011
22,490
Has anyone even tried cloudflare’s 1.1.1.2/3?
Only 1.1.1.1
  • 1.1.1.2 – blocks known malware
  • 1.1.1.3 – blocks malware and adult content

Edit:

Problems where filtering may cause censorship concerns:
 
Last edited:

valvaris

Level 6
Verified
Well-known
Jul 26, 2015
263
Is that site safe to buy from?
Hello @alakazam

to be honest I would prefer to buy from the dev. site directly - Like this you support the Devs. fully.


stacksocial / stackcommerce are trustworthy sites. They do very special deals with the vendors of the products.

www.neowin.net has its own store with such offers and it is powered by stacksocial / stackcommerce :)

Best regards
Val.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top