0

Nextdns web filtering

I surf the web a lot, so can I rely solely on NextDns to keep me protected from malicious sites? Or do I need something additional too? 

12 replies

null
    • Pro subscriber ✓
    • DynamicNotSlow
    • 2 yrs ago
    • Reported - view

    NextDNS and Quad9 are the two most secure DNS you can get.

    NextDNS with OISD filter list is even more secure

      • Sohan_Ray
      • 2 yrs ago
      • Reported - view

      DynamicNotSlow https://github.com/nextdns/metadata/blob/master/security/threat-intelligence-feeds.json

      Looking at the sources of Nextdns's threat intelligence feed sources , could you say that it uses better or equivalent sources than Quad9 which uses feeds from Global cyber alliance, its partners and IBM X force? 

      • Pro subscriber ✓
      • DynamicNotSlow
      • 2 yrs ago
      • Reported - view

      Sohan Ray do to some YouTube Tests, NextDNS with OISD filterlist is more secure than Quad9 but Quad9 is good too 👍

      • Sohan_Ray
      • 2 yrs ago
      • Reported - view

      DynamicNotSlow I saw those youtube videos, but I wonder how much of it is reliable. I mean, first the source of those malicious links is important to see how much of it is a valid list of malicious sites. The sites not blocked by Quad9 maybe not malicious at all. So it just avoided 2 false positives. Also I don't feel that just one test can really say which one is better. I did some looking into the sources from which NextDns and Quad9 gather intelligence feeds. And found that Quad9 is not only founded by organizations like Global cyber alliance and IBM, but it also uses threat intelligence feeds from established cybersecurity companies. Global cyber alliance itself is partners with world's many renowned security companies like Sophos, Crowdstrike etc. 

      Whereas, NextDns uses sources which are mostly opensource and some good like covid 19 Cyber threat coalition and covid 19 phishing feeds from sophoslabs. 

      • Hey
      • 2 yrs ago
      • Reported - view

      Sohan Ray I understand your approach but here is something that should paint a clear winniner on your mind. NextDNS using public sources is better than using private for both ADs and security. I use around 5 filters myself (yeah a bit extreme but I never see ads) I got this super weird sexual popup once reported it and it was fixed the same day. Thanks OISD man for adding them even tho I didn't read the FAQ about not having anything manually added (I'm an idiot.)  for things that are private you don't get this type of flexibility. I used another service that went the private so called very good, reliable, no false positives way of having their own filter. The tiny tiny issue is Adblocking dropped drastically. On sites I wouldn't see a single AD I was seeing multiple ADs. I'm taking about extremely AD filled sites here but it's a point nonetheless. You also can't depend on corporate secuity for home users in this case. On a corporate network a lot of things are controlled. Their workers aren't going on websites such with weird ADs and miners, the average users goes as far as clicking that one link about Hot Moms in your area just 1 mile away. Also I can't stop prasiging the NRD protection / Newly Registered Domains Blocking. That alone protects you from a lot of things you might otherwise have gotten into weather be ADs or Malware. It blocks websites that are created 30 days ago / websites that aren't older than a month. That helps a lot since 99% of the websites that we use have been around for years and if there is this new domain it's probably something suspicious. That alone blocked many ADs for me personally and usually in that 1 month period other filters have the domain blacklisted. So I would say clearly NextDNS is the winner by having public sources. While companies are looking at Malwre that's specially made for corporate users the blocklists are also protecting you from the meme Malware that is floating around on the web. There is no 100% protection but I could say that NextDNS is better than most if not all when it comes to what it does. I would also ad basic knowledge about not going into shady sites should help, you might have this super special malware that bypasses all your protections but honestly at that point nearly nothing is useful but for most it will be perfectly fine. 

      • Hey
      • 2 yrs ago
      • Reported - view

      Hey I would also add that for ideal protection I would say use at least OISD and 1HostPro. OISD is a great list but imo 1HostPro is faster at updating. Usually I see that 1HostPro gets the new AD Servers that are out in a day or two so its good for Malwaretising etc imo. NRD should be on, security tab Newly Registered Domains Protection. Turning on Safe Search should help. I personally use a few more than the two filters above for reasons of having more lists so Incase a dev gets sick or can't update for a while / basically adding more things to lessen the chances of failure. And with basic logic process of not clicking and not going onto shady links you should be fine. If you want even more security as Muta / SomeOrdinaryGamers would say get hooked on Linux and start using KVM for everything lol, in a few months you might become a VM addict but yeah if you really are worried not a bad idea but the above other than VM should be more than enough. 

      • Sohan_Ray
      • 2 yrs ago
      • Reported - view

      Hey Your thoughts are right. But say if you compare open sources with sources like global cyber alliance or IBM, the open source project developers may leave the project due to several reasons at any time and so those feeds would be of no use any more. But in case of companies, the vacancies or absence is always filled up by other recruits/employees. So such sources are like long-lived reliable. 

      • Hey
      • 2 yrs ago
      • Reported - view

      Sohan Ray Yeah that's true, the mentioned sources above have global corporations behind them. Adguard is semi like them, they have a paid plan / an economy that should be a motivating factor. At least for now everything is just fine. Let's just hope we still have the people's heros making lists and services like NextDNS for a long time. The internet is only getting worse at this point.

    • Hey
    • 2 yrs ago
    • Reported - view

    Just to add onto this topic it's actually sad that we need blocklists in the first place, like I felt bad for watching YouTube without ads and said you know what goodbye to Ad-Free YouTube and the second I said it, I was getting more than a single Ad per video and basically on every single video like at least put one Ad in minimally 2 videos so I get breathing room. For the malware devs if they bothered to find a proper idea and use their coding knowledge to make a product/service they would maybe make less but at least not be on the run all the time and deal with the psychological impacts of being a total duche / basically being caught always on their mind. There are good sites out there that don't have annoying popup ads, I wouldn't mind seeing an Ad that doesn't hurt my experience so the people can be supported but there are more people that go I shall make as much money as possible and put 40 different ads with 40 different popups in a single webpage just sucks that we evolved this way. If it weren't for services like NextDNS I don't even know what I would do while browsing anymore the user expecince without blocking Ads is horrible at this point. 

    • caleb
    • 2 yrs ago
    • Reported - view

    If your on a browser then get ublock origin to block all ads and trackers.

      • Pro subscriber ✓
      • DynamicNotSlow
      • 2 yrs ago
      • Reported - view

      caleb not needed. DNS blocking is enough against malware

      • Hey
      • 2 yrs ago
      • Reported - view

      caleb Basically with purely blocking a page they both use the same Filter sets so there should be no difference with the same filters on each side, the only real benefit is cosmetic filtering and modifying the requests. As a side note on NextDNS you could use more filters without any increase in your system usage because it's all done in the Cloud so that's pretty nice.

       

      A bit more advanced answer if anyone wants to read lol.

      As DynamicNotSlow said For malware and other things such as malwaretisments the domain is only used for malicious purposes so there is no real need for any cosmetic filtering like UBlock. At some points NextDNS is better than local blockers like UBlock. With a local Adblocker your filters depend on your System and it's Speed, so it could slow down your avarage browsing with a lot of filters while with NextDNS you can enable as much as you want to your hearts consent and it doesn't effect your query times. Also with NextDNS since all the filtering is done on the Cloud you could get better security without any CPU usage or Webpage load time penalties. UBlock and other local/cosmetic Adlockers have certain benefits like they can filter parts of the connection and modify the webpage while DNS based filters don't. (They technically can  modify certain things with certificates etc but that's not a thing being used as of right now.) Altho I would say yeah if you want to block let's say YouTube, Twitch and other integrated services where it's really hard to do with any other type of blocking go for it. But otherwise DNS level filtering is better in almost every aspect.

Content aside

  • 2 yrs agoLast active
  • 12Replies
  • 831Views
  • 4 Following