NextDNS vs ControlD, ControlD has a problem.
I've seen many people mention it, some said that it was better and I was intrigued. Yesterday I was asked to test it, so here are the results.
I had done test of malicious domains with reports from a day earlier. ContolD had 57 of them blocked and I was like yeah just like NextDNS so that's nice.
NextDNS was even better, it caught 39 domains by using purely using AI, giving a 68.42% zero day type detection ratio. The rest were caught by the Threat Intelligence and Filters.
-----
The only problem I had seen (With ControlD) at the time was their way of sorting the domains, about 90% of the malicious domains showed up as "Ads" on the logs giving a false sense of security. The user shoud know what's a threat and what's an Ad.
When you are on a malicious domain, that's redirecting or trying to push you to malware, you should know the risks and avoid the said domains.
That in of itself isn't the largest issue that they have. The issue comes from, not having updates fast enough in terms of their Threat Intelligence.
-----
When testing with domains that were 5-6 hours old, none of the domains were caught. So that really made me question a lot of things.
Them listing the domains as Ads was a turnoff for me but not catching new threats was shocking.
I've checked the domains today and the 4 of them are still not blocked and you're able to download the malicious files.
Malware don't have a tendency to wait until the the service gets to block them. These threats were reported yesterday evening as of posting.
So overall, with these problems I'm not happy with their results. These domains were blocked by NextDNS, Quad9 and some by Cloudflare. I see no reason why they can't block them on time.
24 replies
-
Awesome analysis done here. Appreciate the effort.
-
Although NextDns performed well... One thing about it has always bothered me. And that is the fact that I have seen instances when a number of threat intelligence feed sources being used had depreciated and NextDns team hadn't done anything about it for quite long. And after a long break and number of issues raised regarding that concern, they finally fixed/updated them.
-
How would you compare NextDns to Quad9? Which one is better in terms of protection?
-
You mentioned Cloudflare her in the test. Did you mean cloudflare security filter dns or Cloudflare gateway?
-
Hi, could you check the capabilities of CleanBrowsing dns as compared to NextDns? You can use the public security filter of CleanBrowsing. As they said, they use public lists, private lists and their own research using their own crawler engine. They even use AI and Machine learning. Seems they are really good.
They also claim that their blacklist database is considered one of the bests in the industry.
Content aside
-
1
Likes
- 2 yrs agoLast active
- 24Replies
- 3338Views
-
3
Following