Hopefully, NextDNS is included in the next study as I'd like to see how it compares to Quad9, but for now I'll use Quad9 on my Android phone.
Adguard DNS blocks the EICAR test: https://www.wicar.org/test-malware.html Quad9 fails. Clean Browsing Security filter fails. In my browser, Quad9 and Clean Browsing Security filter fail to resolve some phishing content websites. So it is impossible to perform a reliable test: https://www.phishtank.com/phish_search.php?valid=y&active=y&Search=Search
So it is possible that a legitimate web page is not resolved for a false positive. The website below is offline had phishing content when online. http://signinemail.weebly.com/ Adguard DNS solves the website as offline: Quad9 DNS resolves the website as unreliable: The first visualization seems more correct to me.
You'll have to take it up with both Quad9 and CleanBrowsing. Quad9 says: https://www.quad9.net/faq/ I couldn't find an equivalent for CleanBrowsing but I'm sure it works the same way.
There was nothing done by Adguard in your case. That 404 message is from Weebly, so their server responded to your request and Adguard did not filter it. From protection site, second respond (blocking DNS resolving) is much safer. Who knows if Adguard actually filtered it while the page was online? Even KIS blocks that page, although it's not online (which is IMO better):
That phishing website is offline, so blocking would not be necessary, which is instead active in Google Safe Browsing.
This online Phishing website is blocked by Quad9 DNS. http://kisalinkim.com/piabet Now I do other tests.
Yes I know it's not necessary but it doesn't hurt also. Maybe security providers "clean up" their lists when they become large, but I doubt that old entries would create much FPs. Google Safe Browsing is OK for filtering requests in your browser, DNS filtering OTOH will also filter it for other applications.
This info is incorrect: The Phishing website with Pale Moon + Quad9 DNS is displayed as in the image below: This is the visualization with Edge Chromium: With Chrome the user is properly informed: The conclusion is that in the absence of a blocking pop-up not all browsers with Quad9 DNS allow to correctly inform the user of a malicious web page. P.S. With my browser, New Moon 28 I prefer Adguard DNS, and integrate UBO Legacy with customized phishing and malware lists
That is exactly what I would expect from both Quad9 and CleanBrowsing when trying to access a known malicious or phishing website..
Yes, it's expected behaviour for me also. Otherwise they would have to redirect such requests to some other site (displaying additinal info) which can be considered as less private. Just drop the request (for whatever reason) and be done with it. Users that want to know why page did not load can go and investigate for themselves.
It is correct. NXDOMAIN is just status in dns response. Code: kdig kisalinkim.com @9.9.9.9 ;; ->>HEADER<<- opcode: QUERY; status: NXDOMAIN; id: 40894 ;; Flags: qr rd; QUERY: 1; ANSWER: 0; AUTHORITY: 0; ADDITIONAL: 0 So contact browser vendors and report them that. This has nothing to do with Quad9. Keep in mind DNS is used not only by Web (browsers), but also by all other kind of Internet services such as e-mail, NTP etc
Quad9 DNS appears to have latency periods in blocking malicious websites: I would advise you to carry out thorough stress tests.
Of course. Maybe the problem is caused by my habit of using other DNS as secondary. If QuadDNS were not functioning at that particular moment, and secondary DNS came into operation, they may not have had the ability to block the malicious website. Unrepeatable test conditions to be replicated, with a single PC, because they depend on numerous variables. My feeling is that at least in my OS and PC Quad9 DNS is less reliable than CleanBrowsing DNS and Adguard DNS. My preference is therefore still for Adguard DNS, which in the test* ranks second for blocking websites with malware content (67%). Phishing is easier to manage. test* https://www.wilderssecurity.com/threads/what-dns-service-are-you-using.416572/page-2#post-2920516
At this moment Quad9 DNS does not block the offline website that was blocked yesterday. Can any user replicate? TH. P.S. I can replicate the problem by clearing the dns cache (without obviously changing Quad9). ipconfig /flushdns One of the 2 websites may not be blocked, but both. Secondary DNS are AdguardDNS P.S.1 Other test: 9.9.9.9 149.112.112.112 176.103.130.130 185.228.168.9 Don't consider ESNI, Windows XP doesn't have that functionality.
It seems that somebody removed their page from Weebly or Weebly terminated the account. Still blocked by Quad9. Code: $ kdig signinemail.weebly.com @9.9.9.9 ;; ->>HEADER<<- opcode: QUERY; status: NXDOMAIN; id: 29180 ;; Flags: qr rd; QUERY: 1; ANSWER: 0; AUTHORITY: 0; ADDITIONAL: 0 It is not blocked by AdGuard: Code: $ kdig signinemail.weebly.com @176.103.130.130 ;; ->>HEADER<<- opcode: QUERY; status: NOERROR; id: 50668 ;; Flags: qr rd ra; QUERY: 1; ANSWER: 3; AUTHORITY: 0; ADDITIONAL: 0 ;; QUESTION SECTION: ;; signinemail.weebly.com. IN A ;; ANSWER SECTION: signinemail.weebly.com. 86400 IN CNAME pages-wildcard.weebly.com. pages-wildcard.weebly.com. 900 IN A 199.34.228.53 pages-wildcard.weebly.com. 900 IN A 199.34.228.54