Which DNS Service are you using?

  • Total voters


Staff member
The practical reality is that DNS has its limitations when it comes to security. A secure DNS will only block the the domain and URL .A secure DNS will only manage to block around 40-50% of the malware domains so it's not a good idea to rely on a DNS product as protection against malware.


New Member
jamescv7 said:
Yes, so alongside like AV will help it a lot.
Not really, because malware links are such a moving target. As anyone who has done any sort of testing can tell you, malware links can pop up and disappear pretty quickly. It's a truly monumental (and somewhat futile...) task to try and stay on top of this turnover with a domain blacklist.

(Not to mention that your list quickly fills up with links that are basically a one-shot deal that will never be used again and bloat your list)

There are no heuristics with DNS block lists. They are all links that someone has discovered and reported, which are then added to the list. With the virtually infinite number of links that exist on the internet, chances are pretty good someone will click on one that has just popped up and hasn't been discovered/reported. Their secure DNS option will be of no help to them. There is no such thing as zero-day protection with a DNS blacklist.

The only sites a DNS blacklists are any good with are the rare sort of malicious links that somehow manage to stick around.

So if you feel a particular DNS service affords you quicker browsing, (and no, "it feels faster" doesn't cut it, because the difference is likely only tenths of a second which you won't even notice, and a single benchmark point tells you nothing...) then by all means use them. But don't count on any of the current offerings being much of a security advantage.