DNSFilters problematic test tool that misrepresents every DNS Service including NextDNS.
I've been a NextDNS user for years now but I keep my eye on other services just to see what/how they are doing to compare it to NextDNS as I honestly believe that it's the benchmark DNS.
So I was looking at DNSFilters website and they had a video comparing it to OpenDNS with their Lifesaver Program. Their DNSFilter Security Audit.
So I told myself why not test my current config on NextDNS I did the test and 0% on all categories Botnet/Malware/Phishing & Deception.
I said okay, why not add all the filters that are updated, 0%, now I was annoyed and honestly shocked, so ended up enabling all the parental control options since it had some domains that were not blocked that lead to those sites, 0%.
I had enough and by constantly flushing the DNS (I did this on every run of the test) then looking at the TDLs on analytics, I blocked every single TDL that DNSFilter was hitting and only allowed nextdns.io and dnsfilter.com since the app would hit their site and didn't want to hinder the apps connection.
So now I should see 100% the only domain that wasn't blocked was their own dnsfilter.com at worse if they also test IPs where NextDNS doesn't block them since issues with multiple sites having the same IP and that causing false positives etc from what I know. It should still get something decent not 0% that makes no sense.
Time to say okay, you know maybe I messed up on my testing, so going on to their own video, when testing against Quad9 (in my testing NextDNS was either on par or better with my lean OISD only test where I wasn't held back from using anything.)
They gave Quad9 0% for Botnet, 30% for Malware and a 0% for Phishing & Deception.
I don't know what they are doing wrong, but man, with every single domain blocked but their own giving that a 0% rating, that's crazy. I just wanted let everyone know so they can avoid testing with this tool as honestly it doesn't represent any sort of actual protection.
I've added two screenshots of separate tests done with a DNS Flush on Windows using a different config that only this laptop uses through NextDNSs app.
I know that DNSFIlter is a completely different product but since the tool is meant for testing other products against their service (DNSFilters). Seeing such weirdness where I don't even have any words.
I wanted to share it with the public. Going on my own testing journey and seeing others test DNS Services where NextDNS is either at the top or extremely close to the top and where I had on par or better results compared to Quad9 with NextDNS being setup in an extremely lean manner with OISD/Security and Privacy options turned on.
I was simply shocked to how they misrepresent other services and their abilities to block malicious content online, I just had to make this thread.
hey first thank you for downloading our new Security Audit tool. I've done some testing based on your feedback and want to share the results.
I have two screenshots. The first is using NextDNS's DNS IPs and the second is the Agent. Both utilize the same policy which blocks everything available from NextDNS.
NextDNS DNS IPs
You can see the results from the DNS IPs are quite good on threat efficacy, better than most solutions we've tested. NextDNS's agent uses VPN technology and must obscure the DNS response from our Security Audit tool. I'll conduct more tests on other providers to see if agent vs DNS IPs has similar results and we will make a best effort to update the tool or provide a disclaimer.
We at DNSFilter very much respect NextDNS's position in the market and the easy to use service. I would go so far as saying the respect is mutual, hi Romain and Olivier
It's also true that DNSFilter has unique threat intelligence that supports our claims of better threat efficacy.
Again, thank you for reviewing the landscape and keeping us honest.