Menu
What's new
By:
Filters Better Search

How do malware-blocking DNS providers compare?

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

avtella said:
@coxhaus Quad 9 doesn't seem to have as much latency as it once had when I last tried it a while back, Cloudflare is still faster but not enough for me to notice.


You can try the combination of redirecting all DNS queries on port 53 on the firewall and additionally using pfblockerng with DNSBL & IP DoH blocklists plus the DoH/DoT block option under "DNSBL Safe Search". Then users on your network "for the most part" should be forced to go through unbound on the firewall. That's the way I do it.
Click to expand...
If you run all those DNS servers you have listed then it defeats using QUAD9. If you are going to use QUAD9 you need to only use QUAD9 otherwise the other DNS servers will resolve the bad names. I should say any filtering DNS is defeated if you use a non-filtering DNS server also. Focus on the DNS server you choose don't list a lot of DNS servers like the old days.

The caching is so much better now and longer lasting that I don't think you need all those DNS servers like in the old days.
 
Last edited:
I ran Q9 mostly for the test in the other thread per your request that’s why there were 8 in the list including the fallback servers for Cloudflare and Q9. But yeah I agree with you, and I’m thinking of switching to Q9 now.
 
Last edited:
avtella said:
@coxhaus Quad 9 doesn't seem to have as much latency as it once had when I last tried it a while back, Cloudflare is still faster but not enough for me to notice.


You can try the combination of redirecting all DNS queries on port 53 on the firewall and additionally using pfblockerng with DNSBL & IP DoH blocklists plus the DoH/DoT block option under "DNSBL Safe Search". Then users on your network "for the most part" should be forced to go through unbound on the firewall. That's the way I do it.
Click to expand...
I would like to block all DOH and DNS.txt.
 
coxhaus said:
I would like to block all DOH and DNS.txt.
Click to expand...
Try what I mentioned and see how effective it is.
It has been effective for me but reason I said for the most part rather than a certainty is that I’m sure one can find ways get around it if they want, ie VPN.



Do the following to redirect DNS port 53 for IPv4/v6 first, I forgot to give the instructions last time:

Redirecting Client DNS Requests | pfSense Documentation

docs.netgate.com docs.netgate.com

Then:
Use the “TheGreatWall” DoH IPv4/IPv6 Blocklists and DNSBL blocklists on pfblockerng.
I can guide you through pfblockerng on the forum private chat but this should be good enough on basic pfblocker setup, one thing missing in the video is a more recent feature for DNSBL there is now a python mode which should be enabled as it’s more memory efficient and unlocks extra stuff like cname validiation, hsts etc:
 
Last edited:
I hope it's okay to link a youtube video here: "Which Is The Best DNS for Secure Browsing: CloudFlare, Quad9, NextDNS, and AdGuard DNS". This particular one was published just a few days ago and shows similar results to those of the original post, especially regarding the significant difference between Cloudflare Security and Quad9. Results start at the 5:10 mark.

I have no previous experience with the mentioned youtube channel. I'm just linking it here as an additional data point. I hope it's helpful.

EDIT: Adding a follow-up video with revised results for NextDNS: "DNS Secure Browsing Follow Up: NextDNS Tweaked and Re-Tested".
 
Last edited:
If you use QUAD9 do not use any other DNS servers as they will defeat QUAD9. Do not add Cloudflare DNS as you will reduce your DNS to Cloudflare's level. QUAD9 will be defeated.
 
  • Like
Reactions: Gar
You must log in or register to reply here.

Similar threads

S
VPN on devices and DNS resolver on Router
Replies
0
Views
820
smodu
S
torstein
How do you protect your home network from online and local threats?
Replies
16
Views
4K
torstein
torstein
CaptnDanLKW
Updated my DNS Settings - DoT implications and DNS Rebind Attack message
2
Replies
20
Views
5K
manup85
manup85
Viktor Jaep
VPNMON VPNMON-R3 Custom Server List Generation Tutorials and Examples
2 3 4
Replies
63
Views
5K
Viktor Jaep
Viktor Jaep
A
AdGuard DNS
Replies
1
Views
3K
oOMrYairOo
O
Similar threads
Thread starter Title Forum Replies Date
D Android based banking malware “Snowblind” General Network Security 0
D News New Discord application malware General Network Security 0
PR3MIUM News Mirai DDoS malware variant expands targets with 13 router exploits [D-Link, TP-Link Archer, Yealink, Zyxel...] General Network Security 10
S Is there good VPN tunnel plain DNS filtering software for Windows? General Network Security 2
bbunge Microsoft plans to lock down Windows DNS - ZTDNS General Network Security 5
sfx2000 Microsoft, DNS, and 192.168.1.0 General Network Security 4
B Which 3rd party dns filters do you use? General Network Security 19

Similar threads

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 530 (members: 8, guests: 522)
Top