I bounced around trying different DNS, watched a number of videos, (including yours!) I finally ended up with Quad9 configured on my pfSense....all is happy!
As has been asked and noted in comment, I used the free version of NextDNS and did not create an account and setup filtering. I made an updated video re-testing NextDNS with an account here ua-cam.com/video/RIu9aXWn5Xo/v-deo.html
That makes sense then. I did a similar test but with adjusting the filtering and services blocked and had very good results. I appreciate you taking the time to do everything you do!!
Thanks for pining that comment and mentioning what “version” of NextDNS you used. Tom you are indeed have always seemed to have great intentions and integrity and it shows by you acknowledging concerns folks have. Thank you! NextDNS is definitely a beast of its own! I actually logged in yesterday and they added a few new features like organizing TLDs by most likely to be abused and a new AI dynamic domain blocking “thing”. I think the “free” version is more of a trial allowing you to indeed modify -> ANY
Great video Tom. I've been using Quad9 for some time but because of their commitment to privacy. It's nice to see that they're also really effective at filtering malicious sites!
How can Q9 have a commitment to privacy when they do NOT block trackers following you around the Internet? It states they don't on their own site. They also refuse to show a list of what they block - why? You are better off with NextDNS as you can add as many lists as you like to their blocker now, so you are in control over what you can block completely. I used them over HTTPS with AdGuardHome on a RaspberryPi. DNS servers are not there to block things, they are to resolve things! That shows a misunderstanding of what people think DNS is for. If you want to block, use NextDNS - or use AGH or PiHole (not very reliable as it packs in after a week and doesn't have DoH/DoT) on your own network. NextDNS can also hold your logs if you choose to log, in Switzerland - for privacy.
Unless you add a blocklist to NextDNS, it will really not block much. So this comparison is a bit misleading. I would love to have a followup video with a blocklist enabled on NextDNS. The OISD blocklist is a popular one.
Use the hagezi multi ultimate, although super aggressive and might bring false positives, its the only blockliest most people need, it contains oisd, steven black, and more
You can add additional block lists to NextDNS to improve it. I'm guessing you just used "out of the box"? Good video though, these are always fun to watch.
Unconfigured and without blocklists NextDNS would be pretty worthless. NextDNS is more like pihole and pfblockerng (but without using another upstream provider) and would be better compared to them than “unconfigurable” dns providers compared here.
Quad9 is my favorite as well. I use it as a DNS resolver for my local DNS sinkhole, and then if the request passes that test, it sends the request through Quad9.
i like quad9 but wow adguard did better than i ever thought they would do. I thought about adding unbound to my network but of course that comes without any filtering so i'm just sticking with quad9
I found it was quite slow, maybe too popular! They are certainly a name you can trust as they have been around for many years and DO NOT build a profile if you purchase VPN services. They don't insist on a paypal or credit card to tie you to like the bigger companies who sell ALL your data and hand it over to law enforcement, just like some DNS servers could if they wanted to. Be aware that ALL data flowing to or from servers in the UK is messed with and monitored by GCHQ. If your DNS company or VPN, ISP, VoIP provider or mobile company states they do not log, the server farms are required to by Law.
dnsforge would be interesting too :) German DNS with a good filtering system. Can you try it and post it in a pinned comment when you have time and will to do? thanks Tom!
There are two parts to that question. One is "how fast are DNS replies to common questions?" but the other is "how accurate are CDNs when giving me servers associated with ECS-enabled DNS queries versus non-ECS-enabled DNS queries?" and then doing that second comparison across several DNS recursive resolver operators. The first one (raw latency) is easy to do, the second is much, much harder.
Quad9 does not stop companies that track you around the Internet, so you might want to change to a different one. NextDNS is fine as they don't hide who they block and who they don't.
as my last comment stated, I configured Quad9 on my pfSense. I followed the directions laid out by Quad9, would it be possible for you to do a quick video on the setup as they do change a few settings with the DNS Forward, and DNS Resolver within pfSense. Everything is working as should, I setup DNS over TLS, tested and works. It's possible that others may find it helpful with configuring Quad9 with pfSense.
Unfortunately none would be usable in University of Alberta campus internet, I believe some public or business network is starting to block the ability to use custom DNS. Personally I use Adguard DNS since it also block light advertisements when adblocker is not possible (eg. phone games, apps)
We'd be interested in what the results are if you try DoT or DoH. Some places block by IP address, some by protocol. If UofAlberta blocks by protocol, then the other two protocols may make it through.
@@Zephyr8086 No, we don't do any ad blocking, as that is much more subjective and ads don't cause "harm" in the same way that malware or phishing does. Ads are merely annoying. This isn't to say that we would never do it, but it's not a current or even distant plan right now.
@@quad9dns374 I hope that Quad9 will get this capability one day, that is the only reason I that I have been using Adguard DNS instead most of the time.
I'm forwaring DNS requests from my Unbond to Quad9 (over TLS of course), as I know DNS Resolver on pfSense can cache DNS results so I can limit load on Quad9 (as they're non profit that is a good practice to help them just a little bit). And of course I'm also using pfBlocker-NG and some blacklists for extra protection on my network.
Good stuff! I want to get my home network using secured DNS with caching as well with my PFSense firewall. I need to change up from using the ISP router as I don't want to have any double NAT stuff happening. However, 5GNR standalone modems are still pretty pricey so I am sticking with a basic setup.
This is perfect, and is exactly how we suggest people set up to use Quad9 if they are at all technically capable. It speeds up your replies, allows you to do local policy and logging, and reduces load on our system by reducing actual query volumes and then also by pipelining queries into a single encrypted channel. If you want to help more, we have a "Donate" button on the website too. Not to drop too strong a hint... 🙂
@@quad9dns374 of course, you deserve donation because you're making great job. I will get some funds to my paypal account, and send it to you 😉 Edit: already send, it't not huge but I hope every donation matters
@@demanuDJ I am using T-Mobile 5G Home Internet product which includes a fully integrated gateway product. There are no options for running in bridge/ ip passthrough mode.
@LAWRENCESYSTEMS With respect, you did not specify the settings you used when testing NextDNS, NextDNS is much more complex a simple set and forget DNS server (: NextDNS offers various block list such as OSID and AI, google safe browsing and newly registered domains to name a FEW. Without beating a dead horse….. I do not think you matched the level of thoroughness that you often achieve in this video
I should have been more specific that I was just using NextDNS free. But that still does not change the fact the Qaud9 does for free what you would have to pay for with NextDNS.
@@LAWRENCESYSTEMS It's not about using the free version of NextDNS, it's about how it's configured, because the only limitation of the free version is the limit of requests that can be made in a month (I believe it's 300k), other than that you have access to all the paid features. NextDNS is an incredible service, but out-of-the-box without configuration it's useless, you have to make some (very simple but necessary) that refer to just adding a block-list. PS: I recommend "HaGeZi - Multi NORMAL" as block-list.
@@LAWRENCESYSTEMS Respectfully, while true I think saying quad9 gives you the same service you’d have to pay for with nextdns glosses over all of the the things the paid version of nextdns offers that none of the free services offer (at least that I’m aware of). Not trying to dog pile, but I do think nextdns deserves at least another more thorough look.
@@LAWRENCESYSTEMSfair point, but for the very small cost, there is a lot more than just blocking, with custom blocklists, whitelisting, DoH, redirects, optional logging, family filter etc etc Will have to do some testing of my own now, I’m inspired ! Would have actually been interesting to see Google vs Cloudflare, as they seem to be massively popularly
@@saitarunthotada Nextdns in my country is an PIA to get access to, after the free quota of queries is met the filtering stops and you have to pay them. But even though i want to pay for their services the payment methods pretty much don't work for me so that's that.
Quad9 shares DNS queries with third parties. They state that they share the information with security researchers. It's either on their website or i have an email from Quad9 that states this. I've always wondered if they share it with others too. Or who these security researchers actually are since Quad9 doesn't share that information. I've also wonder what data they exactly share.
Don't they also state they do not block any trackers, so this is a problem for anyone wanting privacy. That is the ONLY reason I will not use them, I do not want to be tracked everywhere.
Can I get an answer to a question. I want to use QUAD 9 and I configured this on my PC through IPV4 and IPV6. However, I wonder if I need to change anything on my ASUS router? Or is that it? Or do I need to change the DNS inside my router too through the advanced settings of my router?
Maybe a dated question you’ve covered before, but what is better for privacy in dns, using unbound or using the resolver with tls forwarding to someone like quad 9?
"It depends." I know, terrible answer, but it's true. If you use Quad9 with encryption, you're tunneling all your DNS requests to Quad9's servers where they're mixed with thousands of other users, making it very difficult for any observer to see what sites you're browsing to... except you have to trust Quad9 isn't making a portfolio on your IP address. (Spoiler alert: it's a criminal penalty in Switzerland if we do this in opposition to our stated policy, so you can believe our privacy policy.) If you use unbound, you don't have to trust anyone else except for everyone who has any visibility on the network between your home and the thousands of nameservers unbound will be contacting. Your queries come out of your home IP address, unencrypted, so anyone observing your traffic can deduce what sites you're visiting. So this doesn't turn out to be such a big privacy win, unless your unbound instance is somehow tunneling through a VPN, and then you have to trust your VPN provider... somewhere, somehow, you have to trust someone. Not ideal, but that's the current situation. Our biased suggestion is to use Quad9, where we have exceptionally strong privacy guarantees and your traffic also gets the benefit of being mixed in with lots of other users.
Quad9 appealed the decision and won subsequent court battles. In December 2023, the Higher Regional Court of Dresden, Germany, upheld Quad9’s appeal, rejecting Sony’s request to block pirate sites through Quad9’s public DNS resolvers. Additionally, Quad9 was exempted from a fine of 250,000 euros for non-compliance with the original blocking order. In summary, Quad9 initially lost against Sony but ultimately won subsequent appeals, successfully defending its stance against blocking certain domain names related to copyright infringement.
I really don't understand what you did here, NextDNS is not only a DNS filter, for example did you configure NextDNS to use the OISD and AdGuard DNS filters? or you just use the default NextDNS filters ? You can not compare Quad9 that only dose DNS with NextDNS because NextDNS has a lot more features that don't exist in any service that only do DNS.
@@firatguven6592 he didn't had a clue what NextDNS was, he was thinking that was just a DNS service like Quad9, I like the guy, but he can not make a video like this without fully understand what he is talking about, and I was so right, that he immediately made a second video correcting himself and this one. And I m sorry, is not being rude, a lot of people can wrongly leave a service because of a video like this.
As an aside; does it matter (much?) if only the windows internet tool is programmed for the Quad9 or is it more important to get into the Router software and program the DNS there? Thanks.
I have a question (for Tom or any other knowledge commenter!) I recently set up Pi Hole for blocking and unbound recursive for an all-in-one and local-first system. However, you cant set Quad9 as the final step for this kind of setup. What advantage would i get from pointing at Quad9 instead of unbound? Can i get the best of both by finding a Quad9 blocklist to add to the pihole?
If you let unbound do the resolving, it probably does it in the clear, so anyone in the middle can snoop on your DNS queries from your PiHole, so you wouldn't have the same privacy as forwarding to a 3rd party to do all the DNS resolution. Assuming you set up DNS-over-TLS or DNS-over-HTTPS, these are encrypted between you and the 3rd party, so all your trust would then be on the 3rd party, but it would cut down on snooping by your ISP or anyone in the middle. It's kind of a hard decision honestly. If you let unbound (on PiHole) do all the resolution locally, you only have to trust yourself (assuming sites use DNSSEC signing), but you lose privacy that way.
you can set up DNS over TLS with pihole and unbound (I got lazy and decided to give nextDNS a chance and happen to love there service) there's some new UA-cam video's on how to do it! I might give it a go just for fun in the future...
I am of the opinion that we should not make use of port 53 for DNS requests. Rather get a solution in place that will push your DNS over port 443 etc. over HTTPS or TLS as well.
Most DNS providers have DoH and DoT options. Modern browsers also support DoH but not many OS vendors support it for DNS queries outside of web browsing.
I have Adguard on a Pi that takes all the queries from the network via 53 and forwards those to Quad9 via DoH. Port 53 exiting the WAN is firewalled and only allows my Adguard out to Quad9 to resolve the DoH hostname. DoT exiting the WAN is also firewalled off.
As a home lab enthusiast, I expected to see Unbound and BIND as recursive/authoritative, Pihole and AdGuard as filters. Why would I consider a commercial DNS product?
Me personally, Im using Pi-hole with Quad9 as the upstream server. Pi-hole is fully default and provides me mostly a monitoring functionality. From the last 6 months experience, Pi-Hole did have a couple false positives. Other than that, it worked well. Something I still need to spend some more time and configure is Upstream DNS over TLS, which for some reason Pi-hole doesn't support natively.
Most of the time the difference is negligible. You will not notice a difference between 36ms and 176ms when browsing. It's just smoke and mirrors. Go with the best security DNS service, not the fastest.
Great test! I actually switched from Cloudflare to Quad9 based on your feedback and further research. They also just happen to be the fastest resolver most of the time after my ISP 😉
I lately tried Adguard and it is a total nightmare. It caused problems with regular browsing, playing games (banning login/SSO queries - e.g. EA games), and had the weirdest timeouts. I was running it on bare metal (Nuc celeron with low load), no net issues (2.x symmetric 100/100 Fiber). I troubleshooted the hell out of it as I suspected the dual wan failover to cause this, but nop. Once a DNSMASQ or outside DNS is used, all the issues went away. I tried pretty much everything, turning on/off upstream and enabling/disabling features, it just simply worked BAD. Just my 2c.
You tested NextDNS without blocklists? What kind of garbage is this????? You would think an in-depth review would actually review the products. You did not earn a sub today.
I bounced around trying different DNS, watched a number of videos, (including yours!) I finally ended up with Quad9 configured on my pfSense....all is happy!
i presumably think you built your own router ... in that case which one did you buy / use ?
As has been asked and noted in comment, I used the free version of NextDNS and did not create an account and setup filtering. I made an updated video re-testing NextDNS with an account here ua-cam.com/video/RIu9aXWn5Xo/v-deo.html
Cloudflare also lets you filter out malicious domains if you have a free account btw
That makes sense then. I did a similar test but with adjusting the filtering and services blocked and had very good results. I appreciate you taking the time to do everything you do!!
Thanks for pining that comment and mentioning what “version” of NextDNS you used. Tom you are indeed have always seemed to have great intentions and integrity and it shows by you acknowledging concerns folks have. Thank you! NextDNS is definitely a beast of its own! I actually logged in yesterday and they added a few new features like organizing TLDs by most likely to be abused and a new AI dynamic domain blocking “thing”.
I think the “free” version is more of a trial allowing you to indeed modify -> ANY
Great video. I set up Cloud9 to use on my pfSense box because of your videos on it, and I'm glad I did
This is the Video I was waiting since 2020..... Literally...... Sooo long waiting for this testing... Thanks for VIdeo @Lawrence Systems
Great video Tom. I've been using Quad9 for some time but because of their commitment to privacy. It's nice to see that they're also really effective at filtering malicious sites!
We are from the government and we are here to help.
@@TheCoolLama LOL
How can Q9 have a commitment to privacy when they do NOT block trackers following you around the Internet? It states they don't on their own site. They also refuse to show a list of what they block - why?
You are better off with NextDNS as you can add as many lists as you like to their blocker now, so you are in control over what you can block completely. I used them over HTTPS with AdGuardHome on a RaspberryPi.
DNS servers are not there to block things, they are to resolve things! That shows a misunderstanding of what people think DNS is for. If you want to block, use NextDNS - or use AGH or PiHole (not very reliable as it packs in after a week and doesn't have DoH/DoT) on your own network. NextDNS can also hold your logs if you choose to log, in Switzerland - for privacy.
They don't block adverts or trackers, how does that assist with privacy?
@@OH2023-cj9if that's where ublock origin and other decent adblockers come into play
This video is very interesting. I would never expect these results, honestly. Thank you
Unless you add a blocklist to NextDNS, it will really not block much. So this comparison is a bit misleading. I would love to have a followup video with a blocklist enabled on NextDNS. The OISD blocklist is a popular one.
Correct and will do
@@LAWRENCESYSTEMS Thank you for it. After some tweaks on NextDNS, I think it will have better coverage against malicious domains.
Can you share the dataset url ?
I have my nextDNS tailored to my liking, it's just flat out AWESOME!, I liked quad9 but LOVE nextDNS!
Use the hagezi multi ultimate, although super aggressive and might bring false positives, its the only blockliest most people need, it contains oisd, steven black, and more
I have my nextDNS tailored to my liking, it's just flat out AWESOME!, I liked quad9 but LOVE nextDNS!
You can add additional block lists to NextDNS to improve it. I'm guessing you just used "out of the box"? Good video though, these are always fun to watch.
Unconfigured and without blocklists NextDNS would be pretty worthless. NextDNS is more like pihole and pfblockerng (but without using another upstream provider) and would be better compared to them than “unconfigurable” dns providers compared here.
Exactly. Not to mention that it has the most extensive blocking lists (including even Windows and Apple OS tracking)!
Quad9 is my favorite as well. I use it as a DNS resolver for my local DNS sinkhole, and then if the request passes that test, it sends the request through Quad9.
Me the same but is with Adguard Home
i like quad9 but wow adguard did better than i ever thought they would do. I thought about adding unbound to my network but of course that comes without any filtering so i'm just sticking with quad9
Id like to see Mullvad get tested as they have a couple of DNS servers that filter base on wich one you pick. Completely free as well
I found it was quite slow, maybe too popular! They are certainly a name you can trust as they have been around for many years and DO NOT build a profile if you purchase VPN services. They don't insist on a paypal or credit card to tie you to like the bigger companies who sell ALL your data and hand it over to law enforcement, just like some DNS servers could if they wanted to.
Be aware that ALL data flowing to or from servers in the UK is messed with and monitored by GCHQ. If your DNS company or VPN, ISP, VoIP provider or mobile company states they do not log, the server farms are required to by Law.
I use a set of Pi-Holes + gravity-sync + unbound
I have exactly the same setup, by the sounds of it, so might be interesting for Tom to try this setup himself and compare.
nice one
dnsforge would be interesting too :) German DNS with a good filtering system. Can you try it and post it in a pinned comment when you have time and will to do? thanks Tom!
correct answer: Quad9 on device, NextDNS on router, LibreDNS in browser - DNS over HTTPS enabled.
How about testing DNS performance/latency? ECS? Quad9 offers ECS, and NextDNS offers ultra low latency DNS servers.
There are two parts to that question. One is "how fast are DNS replies to common questions?" but the other is "how accurate are CDNs when giving me servers associated with ECS-enabled DNS queries versus non-ECS-enabled DNS queries?" and then doing that second comparison across several DNS recursive resolver operators. The first one (raw latency) is easy to do, the second is much, much harder.
I have been using Quad9 DNS for the past 1 1/2 years as primary on my firewalls with Cloudflare as secondary and the service has been great.
does quad9 block porn and if so how do i get around it?
@@GodAtum Quad9 does not block porn. It only filters out malware domains. It does not filter out websites for content like alcohol, gambling or porn.
Quad9 does not stop companies that track you around the Internet, so you might want to change to a different one. NextDNS is fine as they don't hide who they block and who they don't.
What do you mean service has been great? I could day my DNS is great too...
as my last comment stated, I configured Quad9 on my pfSense. I followed the directions laid out by Quad9, would it be possible for you to do a quick video on the setup as they do change a few settings with the DNS Forward, and DNS Resolver within pfSense. Everything is working as should, I setup DNS over TLS, tested and works. It's possible that others may find it helpful with configuring Quad9 with pfSense.
Unfortunately none would be usable in University of Alberta campus internet, I believe some public or business network is starting to block the ability to use custom DNS. Personally I use Adguard DNS since it also block light advertisements when adblocker is not possible (eg. phone games, apps)
What about DNS over HTTPS DoH)? Quad9 supports it and I believe it’s difficult to block that
We'd be interested in what the results are if you try DoT or DoH. Some places block by IP address, some by protocol. If UofAlberta blocks by protocol, then the other two protocols may make it through.
You can also use DNScrypt if your campus blocks custom DNS.
Quad9, but only since August of 2023. I also run Quad9 on my Android phone. Both versions are fast and being a "novice" no issues that I know of. :)
Are there any forms of quad 9 that blocks ads?
@@Zephyr8086 No, we don't do any ad blocking, as that is much more subjective and ads don't cause "harm" in the same way that malware or phishing does. Ads are merely annoying. This isn't to say that we would never do it, but it's not a current or even distant plan right now.
@@quad9dns374 I hope that Quad9 will get this capability one day, that is the only reason I that I have been using Adguard DNS instead most of the time.
Q9 allows trackers and doesn't help with privacy. So it is not what people want.
I'm forwaring DNS requests from my Unbond to Quad9 (over TLS of course), as I know DNS Resolver on pfSense can cache DNS results so I can limit load on Quad9 (as they're non profit that is a good practice to help them just a little bit). And of course I'm also using pfBlocker-NG and some blacklists for extra protection on my network.
Good stuff! I want to get my home network using secured DNS with caching as well with my PFSense firewall. I need to change up from using the ISP router as I don't want to have any double NAT stuff happening. However, 5GNR standalone modems are still pretty pricey so I am sticking with a basic setup.
This is perfect, and is exactly how we suggest people set up to use Quad9 if they are at all technically capable. It speeds up your replies, allows you to do local policy and logging, and reduces load on our system by reducing actual query volumes and then also by pipelining queries into a single encrypted channel. If you want to help more, we have a "Donate" button on the website too. Not to drop too strong a hint... 🙂
@@quad9dns374 of course, you deserve donation because you're making great job. I will get some funds to my paypal account, and send it to you 😉
Edit: already send, it't not huge but I hope every donation matters
@@ShaneTheGeek Dosn't your ISP router have modem only mode?
@@demanuDJ I am using T-Mobile 5G Home Internet product which includes a fully integrated gateway product. There are no options for running in bridge/ ip passthrough mode.
I host my own authoritative dns which uses Quad9 as backup
@LAWRENCESYSTEMS With respect, you did not specify the settings you used when testing NextDNS, NextDNS is much more complex a simple set and forget DNS server (: NextDNS offers various block list such as OSID and AI, google safe browsing and newly registered domains to name a FEW.
Without beating a dead horse….. I do not think you matched the level of thoroughness that you often achieve in this video
%100
I should have been more specific that I was just using NextDNS free. But that still does not change the fact the Qaud9 does for free what you would have to pay for with NextDNS.
@@LAWRENCESYSTEMS It's not about using the free version of NextDNS, it's about how it's configured, because the only limitation of the free version is the limit of requests that can be made in a month (I believe it's 300k), other than that you have access to all the paid features. NextDNS is an incredible service, but out-of-the-box without configuration it's useless, you have to make some (very simple but necessary) that refer to just adding a block-list. PS: I recommend "HaGeZi - Multi NORMAL" as block-list.
@@LAWRENCESYSTEMS Respectfully, while true I think saying quad9 gives you the same service you’d have to pay for with nextdns glosses over all of the the things the paid version of nextdns offers that none of the free services offer (at least that I’m aware of). Not trying to dog pile, but I do think nextdns deserves at least another more thorough look.
@@LAWRENCESYSTEMSfair point, but for the very small cost, there is a lot more than just blocking, with custom blocklists, whitelisting, DoH, redirects, optional logging, family filter etc etc
Will have to do some testing of my own now, I’m inspired !
Would have actually been interesting to see Google vs Cloudflare, as they seem to be massively popularly
so 33% is better than 0.79% or 0.79% is better then 33 % ??
I love to see you testing the yogadns because nextdns they recommended it.
I've been using Quad9 since I setup a pihole and it seems great.
can you make a dns filtering video for controld?
I have used OpenDNS for years, but have not heard anything good or bad of it lately. Are they still relevant now in days?
If you are unsure then you must check NextDNS and add suitable blocking filters according to your needs
@@saitarunthotada Nextdns in my country is an PIA to get access to, after the free quota of queries is met the filtering stops and you have to pay them. But even though i want to pay for their services the payment methods pretty much don't work for me so that's that.
Quad9 shares DNS queries with third parties. They state that they share the information with security researchers.
It's either on their website or i have an email from Quad9 that states this.
I've always wondered if they share it with others too. Or who these security researchers actually are since Quad9 doesn't share that information. I've also wonder what data they exactly share.
Don't they also state they do not block any trackers, so this is a problem for anyone wanting privacy. That is the ONLY reason I will not use them, I do not want to be tracked everywhere.
Quad9 is the best. They are the only nonprofit one that I know of.
They allow all tracking sites and adverts, so do nothing for privacy.
@@OH2023-cj9if Whike they don’t block ads, but they do block malware. For ads, you can just use a browser plug-in.
Appreciate it! And your insights!
Would love to see Control D tested in this list. They have some free resolvers but maybe a test with the "Some Control" trial or plan would be great.
Very helpful content, thanks a lot. 👍🏻
Nice work Tom. Wondering if you had the "AdGuard DNS filter" enabled in your NextDNS testing
ua-cam.com/video/RIu9aXWn5Xo/v-deo.htmlsi=noLULVEvaMDN708v
Great vid. Very useful indeed. 🙏
I'd love to see the comparison run against some default ISP DNS severs
Can I get an answer to a question. I want to use QUAD 9 and I configured this on my PC through IPV4 and IPV6. However, I wonder if I need to change anything on my ASUS router? Or is that it? Or do I need to change the DNS inside my router too through the advanced settings of my router?
This is the same for every router including ASUS, doing this will ensure every device runs Quad9 unless you set the device to do otherwise.
Maybe a dated question you’ve covered before, but what is better for privacy in dns, using unbound or using the resolver with tls forwarding to someone like quad 9?
"It depends." I know, terrible answer, but it's true. If you use Quad9 with encryption, you're tunneling all your DNS requests to Quad9's servers where they're mixed with thousands of other users, making it very difficult for any observer to see what sites you're browsing to... except you have to trust Quad9 isn't making a portfolio on your IP address. (Spoiler alert: it's a criminal penalty in Switzerland if we do this in opposition to our stated policy, so you can believe our privacy policy.) If you use unbound, you don't have to trust anyone else except for everyone who has any visibility on the network between your home and the thousands of nameservers unbound will be contacting. Your queries come out of your home IP address, unencrypted, so anyone observing your traffic can deduce what sites you're visiting. So this doesn't turn out to be such a big privacy win, unless your unbound instance is somehow tunneling through a VPN, and then you have to trust your VPN provider... somewhere, somehow, you have to trust someone. Not ideal, but that's the current situation. Our biased suggestion is to use Quad9, where we have exceptionally strong privacy guarantees and your traffic also gets the benefit of being mixed in with lots of other users.
Quad9 appealed the decision and won subsequent court battles. In December 2023, the Higher Regional Court of Dresden, Germany, upheld Quad9’s appeal, rejecting Sony’s request to block pirate sites through Quad9’s public DNS resolvers. Additionally, Quad9 was exempted from a fine of 250,000 euros for non-compliance with the original blocking order.
In summary, Quad9 initially lost against Sony but ultimately won subsequent appeals, successfully defending its stance against blocking certain domain names related to copyright infringement.
They lost in Italy though. I really hate Sony.
kind of incredible results
I agree, NextDNS failed miserably.
I really don't understand what you did here, NextDNS is not only a DNS filter, for example did you configure NextDNS to use the OISD and AdGuard DNS filters? or you just use the default NextDNS filters ? You can not compare Quad9 that only dose DNS with NextDNS because NextDNS has a lot more features that don't exist in any service that only do DNS.
I used the free version of NextDNS
@@LAWRENCESYSTEMS but even the free version can have OISD and AdGuard configured, ok now I understand, you don’t have a single clue what is NextDNS.
@@firatguven6592 he didn't had a clue what NextDNS was, he was thinking that was just a DNS service like Quad9, I like the guy, but he can not make a video like this without fully understand what he is talking about, and I was so right, that he immediately made a second video correcting himself and this one. And I m sorry, is not being rude, a lot of people can wrongly leave a service because of a video like this.
What do you all think about using unbound on pie hole compared to these?
The efficacyof Pie Hole is completely dependent on what feeds you give it.
Been using quad9 on my Fedora system over TLS for a few years now, its been excellent.
Technitium DNS server running locally, with an adware blocklist and recursive forward to the best avail secure DNS service FTW
As an aside; does it matter (much?) if only the windows internet tool is programmed for the Quad9 or is it more important to get into the Router software and program the DNS there? Thanks.
Best to do both.
Next dns is superb super smooth than other rough 😁
I wonder what percentage of these compromised domains are customers of Google or UA-cam ads.....
What is the best dns server for iptv
Is google DNS not a thing any more? Nobody mentions it.
Yes, it works fine
Yeah but it’s Google so bad privacy
Use Quad9 or Cloudflare or something
What's wrong about Adguard?
Should be a trusted company, right?
is google dns considered not good?
They are good, but lack filtering.
@@LAWRENCESYSTEMS that's great to know. thanks for the heads up.
I have a question (for Tom or any other knowledge commenter!)
I recently set up Pi Hole for blocking and unbound recursive for an all-in-one and local-first system. However, you cant set Quad9 as the final step for this kind of setup.
What advantage would i get from pointing at Quad9 instead of unbound? Can i get the best of both by finding a Quad9 blocklist to add to the pihole?
If you let unbound do the resolving, it probably does it in the clear, so anyone in the middle can snoop on your DNS queries from your PiHole, so you wouldn't have the same privacy as forwarding to a 3rd party to do all the DNS resolution. Assuming you set up DNS-over-TLS or DNS-over-HTTPS, these are encrypted between you and the 3rd party, so all your trust would then be on the 3rd party, but it would cut down on snooping by your ISP or anyone in the middle. It's kind of a hard decision honestly. If you let unbound (on PiHole) do all the resolution locally, you only have to trust yourself (assuming sites use DNSSEC signing), but you lose privacy that way.
you can set up DNS over TLS with pihole and unbound (I got lazy and decided to give nextDNS a chance and happen to love there service) there's some new UA-cam video's on how to do it! I might give it a go just for fun in the future...
I am of the opinion that we should not make use of port 53 for DNS requests. Rather get a solution in place that will push your DNS over port 443 etc. over HTTPS or TLS as well.
Most DNS providers have DoH and DoT options. Modern browsers also support DoH but not many OS vendors support it for DNS queries outside of web browsing.
I have Adguard on a Pi that takes all the queries from the network via 53 and forwards those to Quad9 via DoH.
Port 53 exiting the WAN is firewalled and only allows my Adguard out to Quad9 to resolve the DoH hostname. DoT exiting the WAN is also firewalled off.
Would've been nice to have included OpenDns.
mullvad encrypted DNS? what you think about that one?
I use Quad 9 so I don't think much about it.
As a home lab enthusiast, I expected to see Unbound and BIND as recursive/authoritative, Pihole and AdGuard as filters.
Why would I consider a commercial DNS product?
Why not add ControlD as well since it is also very popular
Never heard of them, but that is why I posted how to run the test yourself so more people can test.
How would these services compare to something like Pi-Hole?
Pihole depends on the feed list and if the feed lists are the same as the DNS filtering services.
Me personally, Im using Pi-hole with Quad9 as the upstream server.
Pi-hole is fully default and provides me mostly a monitoring functionality.
From the last 6 months experience, Pi-Hole did have a couple false positives.
Other than that, it worked well.
Something I still need to spend some more time and configure is Upstream DNS over TLS, which for some reason Pi-hole doesn't support natively.
ControlD best free threat filtering dns convince me otherwise.
I'm using the specific Cloudflare anti malware DNS server. Can't say I don't like it.
so like the more resolved the better? or the other way around?
You want less bad sites to get resolved
@@LAWRENCESYSTEMS so like quad9 is better since they have fewer resolved sites than cloudflare?
@@rjackdaw Yes
Nice video!
I would have liked to also see a speed compare, so you know that if you choose quad9 you dont give in around speed?
Most of the time the difference is negligible. You will not notice a difference between 36ms and 176ms when browsing. It's just smoke and mirrors. Go with the best security DNS service, not the fastest.
cual es el dns ganador?? yo creo que el mejor dns del mundo entero del planeta tierra es ADGUARD O ME EQUIVOCO
Great test! I actually switched from Cloudflare to Quad9 based on your feedback and further research. They also just happen to be the fastest resolver most of the time after my ISP 😉
Thanks
Adult sites are a category Malicious because of spyware that you didn't agree to and easily access to children
your own dns is best
I lately tried Adguard and it is a total nightmare. It caused problems with regular browsing, playing games (banning login/SSO queries - e.g. EA games), and had the weirdest timeouts.
I was running it on bare metal (Nuc celeron with low load), no net issues (2.x symmetric 100/100 Fiber). I troubleshooted the hell out of it as I suspected the dual wan failover to cause this, but nop. Once a DNSMASQ or outside DNS is used, all the issues went away.
I tried pretty much everything, turning on/off upstream and enabling/disabling features, it just simply worked BAD.
Just my 2c.
i wonder how this compares to google dns and avg ISP's
Try Quad101
Which blocklists did you use in NextDNS? Did you use OISD? If you just used the default blocklist, this test is pointless.
Adguard is really good but OpenDNS is fast and protect you for free.
Can you make a dns for PUBG mobile game it’s downloaded more then 400 million and most people play it
Controld review
☺✌
Adguard is a russian company
You may consider dnsforge for security in Germany :)
Hasn't been Russian since 2014. Based in Cyprus now
@@stephendetomasi1701 They all now pretend not to be russians. They hire people in russia.
Q9 doesn't stop trackers and doesn't protect privacy, I don't use it for that reason. NextDNS is far superior.
How do you know NextDNS is not collected and selling your data?
not a bot here! lol
You tested NextDNS without blocklists? What kind of garbage is this????? You would think an in-depth review would actually review the products. You did not earn a sub today.
If you can do better, bring it on and show us, if you can't shut the hell up