AVLab: NextDNS vs Quad9 vs CleanBrowsing vs Cloudflare ...
AVLab Cybersecurity Foundation from Poland (https://avlab.pl/en/) tested a few DNS services - speed, anti-phishing and anti-malware protection. The article about tests is in Polish only but the tables with results are easy to understand and you can use google translate.
Polecane serwery DNS — które z nich są najszybsze i najlepiej chronią użytkownika?
(Recommended DNS servers - which ones are the fastest and best protect the user?)
My comments in relation to the article:
There is nothing about NextDNS settings during testing in the article but I clarified with AVLab that they used default settings. I don't remember what features are enabled in default settings but I am sure that AI-Driven Threat Detection BETA and Block Dynamic DNS Hostnames BETA are not enabled by default.
Source of phishing sites used during testing:
1) CERT Poland - https://cert.pl/en/posts/2020/03/malicious_domains/
2) PhishTank - https://phishtank.org/
Source of sites infected by malware used during testing:
3) URLhaus - https://urlhaus.abuse.ch/
All sources (CERT.pl, PhishTank, URLhaus) are part of NextDNS Threat Intelligence Feeds:
URLhaus (ABUSE CH) is also provider of threat intelligence for Quad9 - https://quad9.net/about/partners
NextDNS results in blocking were not very good and I can't understand why. AI-Driven Threat Detection was not enabled but all three sources of phishing and malware websites are in NextDNS Threat Intelligence Feeds. Any possible explanation?
CleanBrowsing was the best in blocking malicious websites (phishing and malware).
Quad9 - second spot in blocking malicious websites.
"Our list of malicious (and phishing) domains are considered one of the best in the market and is updated every 3 hours. We are specially good at filtering phishing, malware and malicious domains used by web exploit attacks."
There’s so many variables to determine what’s “best”. Do you prefer faster vs safer vs ad/tracker blocking. Much of that also depends on your region, isp and your own personal preference and your ability to use and troubleshoot a DNS problem. What works best for you will likely be different than what works best for grandma.
From my own testing with a few providers like urlhaus and a few more using only OISD with all the security options turned on, AI alone got about 60-70% of threats by itself then the rest was more or less gotten through OISD/NDR/Threat Intelligence etc this was before the DDNS Hostname Blocking.
AI would mostly also be backed/overlapped by Threat Intelligence most of the time so even without AI it should be fine but AI does a lot from my testing.
Anyhow, with the default settings on many tests including ones by me, a Youtuber (https://www.youtube.com/watch?v=wSAWCMTwPiU) and a few tests on Twitter that I'd seen, NextDNS most of the time gets even better results than Quad9.