Which Is The Best DNS for Secure Browsing: CloudFlare, Quad9, NextDNS, and AdGuard DNS

Lawrence Systems

11 Oct 202312:08

Summary

TLDRIn this 2023 update, Laar Systems tests eight popular DNS services to filter out malicious websites, building on previous research from 2020. The DNS services tested include Cloudflare, Quad9, Next DNS, and AdGuard DNS. Through a detailed process involving over 8,000 domains, the video shares insights into how each service handled malicious sites. The results show Quad9 as the top performer, while highlighting challenges with the accuracy of malicious domain lists and the issue of sites being mistakenly flagged as malicious. The video encourages viewers to try these tests themselves and engage in the ongoing conversation about internet security.

Takeaways

😀 In 2020, testing was done to find the best DNS service for filtering malicious sites, and the video updates the results in 2023 with a larger dataset of over 8,000 domains.
😀 The focus was on DNS services like Cloudflare, Quad9, Next DNS, and AdGuard, with a special emphasis on free solutions for home labs.
😀 Zoros, a commercial DNS service for businesses, is not included in this video, as the target audience is home users rather than business solutions.
😀 The DNS services tested include Cloudflare (with family filtering), Quad9, Next DNS, and AdGuard, with Cloudflare offering both standard and family-filtering options.
😀 Quad9 proved to be the most effective DNS service, blocking 99.79% of malicious domains, far outperforming the others.
😀 Cloudflare resolved 33% of the malicious domains (2750 out of 8,333), while Cloudflare for Families resolved 25% (2,005).
😀 Next DNS resolved slightly more domains than Cloudflare, but it did not filter out as many malicious domains.
😀 AdGuard resolved only 0.5% of domains (41 out of 8,333), showing limited effectiveness compared to other services.
😀 The validity of the source list of malicious domains was a concern, with many domains still flagged despite being cleaned up, such as personal websites or travel blogs.
😀 DNS services like Quad9 and AdGuard often blocked domains that were temporarily down for maintenance or had been cleaned, making it harder to evaluate the long-term effectiveness of their filtering.
😀 The video emphasizes the importance of regular updates and the challenges of maintaining an accurate malicious domain list, given that many domains are flagged due to temporary issues rather than being malicious.

Q & A

What was the goal of the testing mentioned in the video?
-The goal of the testing was to figure out the best DNS service for filtering out malicious sites by testing over 8,000 domains against various DNS services like Cloudflare, Quad 9, Next DNS, and AdGuard DNS.
Why were DNS Filter and Cisco Umbrella not tested in this video?
-DNS Filter and Cisco Umbrella were not tested because they are not the solutions used for the creator's clients. Instead, the video focuses on services more suitable for home labs and free DNS services.
What is Zoros and how does it differ from the services tested in the video?
-Zoros is a commercial product designed for businesses, specifically for web filtering. It differs from the services tested in the video, as those are free DNS services intended for personal or home use.
Why was Cloudflare tested in two versions (1111 and 1112)?
-Cloudflare was tested in both versions because the 1111 version does not perform filtering, while the 1112 version is Cloudflare's 'family' version, which includes filtering for malicious sites.
What issues were encountered with the malicious domain lists?
-One issue encountered was that the domain list used for testing was not perfect. The list included domains with country codes like .ru and .to, which were removed as they were likely spam or not relevant to the testing. Additionally, typo-squatted domains were prevalent.
How did the testing method handle errors in domain resolution?
-The testing method included a process of filtering out domains that did not resolve properly or showed errors. If a domain failed to resolve across multiple DNS services, it was excluded from the results.
What was the main finding from the results regarding Cloudflare?
-The main finding was that Cloudflare resolved 33% of the malicious domains, but Cloudflare for Families (1112) resolved fewer, only about 25% of the domains, indicating a lower level of filtering in this version.
How did Next DNS compare to Cloudflare in terms of filtering malicious domains?
-Next DNS resolved a slightly higher percentage of malicious domains compared to Cloudflare, but it still did not filter out many malicious sites as effectively as expected.
What were the results for Quad 9 and AdGuard DNS?
-Quad 9 and AdGuard DNS performed the best in filtering malicious sites, with Quad 9 resolving only 0.79% of the domains (66 sites) and AdGuard resolving 0.49% (41 sites), suggesting a more effective filtering approach.
Why did some domains that were flagged as malicious appear to be non-malicious upon closer inspection?
-Some domains flagged as malicious had either been suspended, were parked domains, or had been temporarily down for maintenance. Additionally, some sites had been cleaned and delisted from malicious databases, which made them appear less harmful during the review.