What DNS service are you using?

Discussion in 'privacy technology' started by Frankfree, May 12, 2019.

  1. pasmal

    pasmal Registered Member

    Joined:
    Jan 25, 2015
    Posts:
    55
    Hopefully, NextDNS is included in the next study as I'd like to see how it compares to Quad9, but for now I'll use Quad9 on my Android phone.
     
  2. Page42

    Page42 Registered Member

    Joined:
    Jun 18, 2007
    Posts:
    6,941
    Location:
    USA
    AdGuard DNS for now. Been using OpenDNs for quite some time. May soon switch to Quad9.
     
  3. fblais

    fblais Registered Member

    Joined:
    Jul 31, 2008
    Posts:
    1,340
    Location:
    Québec, Canada
    +1
     
  4. Sampei Nihira

    Sampei Nihira Registered Member

    Joined:
    Apr 7, 2013
    Posts:
    3,343
    Location:
    Italy
    Adguard DNS blocks the EICAR test:

    https://www.wicar.org/test-malware.html

    200.JPG

    Quad9 fails.
    Clean Browsing Security filter fails.


    In my browser, Quad9 and Clean Browsing Security filter fail to resolve some phishing content websites.
    So it is impossible to perform a reliable test:


    https://www.phishtank.com/phish_search.php?valid=y&active=y&Search=Search
     
  5. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    10,210
    Location:
    Among the gum trees
    That is how both are meant to work. That don't show a block page like AdGuard and OpenDNS.
     
    Last edited: Jun 6, 2020
  6. Sampei Nihira

    Sampei Nihira Registered Member

    Joined:
    Apr 7, 2013
    Posts:
    3,343
    Location:
    Italy
    So it is possible that a legitimate web page is not resolved for a false positive.:confused:
    The website below is offline had phishing content when online.

    http://signinemail.weebly.com/

    Adguard DNS solves the website as offline:

    300.JPG

    Quad9 DNS resolves the website as unreliable:

    300a.JPG

    The first visualization seems more correct to me.
     
  7. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    10,210
    Location:
    Among the gum trees
    You'll have to take it up with both Quad9 and CleanBrowsing.

    Quad9 says:
    https://www.quad9.net/faq/

    I couldn't find an equivalent for CleanBrowsing but I'm sure it works the same way.
     
  8. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    10,210
    Location:
    Among the gum trees
  9. StealthyTrojan

    StealthyTrojan Registered Member

    Joined:
    May 18, 2020
    Posts:
    24
    Location:
    Portugal
    I'm using Quad9 on my router, because after research I found it's the best for malware protection.
     
  10. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    14,881
    Location:
    Slovenia, EU
    There was nothing done by Adguard in your case. That 404 message is from Weebly, so their server responded to your request and Adguard did not filter it. From protection site, second respond (blocking DNS resolving) is much safer. Who knows if Adguard actually filtered it while the page was online?

    Even KIS blocks that page, although it's not online (which is IMO better):

    upload_2020-6-7_9-13-18.png
     
    Last edited: Jun 7, 2020
  11. Sampei Nihira

    Sampei Nihira Registered Member

    Joined:
    Apr 7, 2013
    Posts:
    3,343
    Location:
    Italy
    That phishing website is offline, so blocking would not be necessary, which is instead active in Google Safe Browsing.:)
     
  12. Sampei Nihira

    Sampei Nihira Registered Member

    Joined:
    Apr 7, 2013
    Posts:
    3,343
    Location:
    Italy
  13. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    14,881
    Location:
    Slovenia, EU
    Yes I know it's not necessary but it doesn't hurt also. :) Maybe security providers "clean up" their lists when they become large, but I doubt that old entries would create much FPs.
    Google Safe Browsing is OK for filtering requests in your browser, DNS filtering OTOH will also filter it for other applications.
     
  14. Sampei Nihira

    Sampei Nihira Registered Member

    Joined:
    Apr 7, 2013
    Posts:
    3,343
    Location:
    Italy
    Not all browsers have Google Safe Browsing available.
    Pale Moon does not have it.
     
  15. Sampei Nihira

    Sampei Nihira Registered Member

    Joined:
    Apr 7, 2013
    Posts:
    3,343
    Location:
    Italy
    This info is incorrect:

    The Phishing website with Pale Moon + Quad9 DNS is displayed as in the image below:

    500.JPG

    This is the visualization with Edge Chromium:

    100.jpg

    With Chrome the user is properly informed:

    200.jpg



    The conclusion is that in the absence of a blocking pop-up not all browsers with Quad9 DNS allow to correctly inform the user of a malicious web page.;):)

    P.S. With my browser, New Moon 28 I prefer Adguard DNS, and integrate UBO Legacy with customized phishing and malware lists
     
    Last edited: Jun 7, 2020
  16. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    10,210
    Location:
    Among the gum trees
    That is exactly what I would expect from both Quad9 and CleanBrowsing when trying to access a known malicious or phishing website..
     
  17. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    14,881
    Location:
    Slovenia, EU
    Yes, it's expected behaviour for me also. Otherwise they would have to redirect such requests to some other site (displaying additinal info) which can be considered as less private.
    Just drop the request (for whatever reason) and be done with it. Users that want to know why page did not load can go and investigate for themselves.
     
  18. reasonablePrivacy

    reasonablePrivacy Registered Member

    Joined:
    Oct 7, 2017
    Posts:
    2,002
    Location:
    Member state of European Union
    It is correct. NXDOMAIN is just status in dns response.
    Code:
    kdig kisalinkim.com @9.9.9.9
    ;; ->>HEADER<<- opcode: QUERY; status: NXDOMAIN; id: 40894
    ;; Flags: qr rd; QUERY: 1; ANSWER: 0; AUTHORITY: 0; ADDITIONAL: 0
    So contact browser vendors and report them that. This has nothing to do with Quad9. Keep in mind DNS is used not only by Web (browsers), but also by all other kind of Internet services such as e-mail, NTP etc
     
  19. xxJackxx

    xxJackxx Registered Member

    Joined:
    Oct 23, 2008
    Posts:
    8,625
    Location:
    USA
    Agreed. This is how this should work.
     
  20. Sampei Nihira

    Sampei Nihira Registered Member

    Joined:
    Apr 7, 2013
    Posts:
    3,343
    Location:
    Italy
    Quad9 DNS appears to have latency periods in blocking malicious websites:

    600.JPG

    I would advise you to carry out thorough stress tests.
     
  21. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    10,210
    Location:
    Among the gum trees
    Are you clearing your DNS cache after testing each DNS provider?
     
  22. Sampei Nihira

    Sampei Nihira Registered Member

    Joined:
    Apr 7, 2013
    Posts:
    3,343
    Location:
    Italy
    Of course.
    Maybe the problem is caused by my habit of using other DNS as secondary.
    If QuadDNS were not functioning at that particular moment, and secondary DNS came into operation, they may not have had the ability to block the malicious website.
    Unrepeatable test conditions to be replicated, with a single PC, because they depend on numerous variables.
    My feeling is that at least in my OS and PC Quad9 DNS is less reliable than CleanBrowsing DNS and Adguard DNS.

    My preference is therefore still for Adguard DNS, which in the test* ranks second for blocking websites with malware content (67%).

    Phishing is easier to manage.
    ;)

    test* https://www.wilderssecurity.com/threads/what-dns-service-are-you-using.416572/page-2#post-2920516
     
    Last edited: Jun 8, 2020
  23. Sampei Nihira

    Sampei Nihira Registered Member

    Joined:
    Apr 7, 2013
    Posts:
    3,343
    Location:
    Italy
    At this moment Quad9 DNS does not block the offline website that was blocked yesterday.
    Can any user replicate?
    TH.

    P.S.
    I can replicate the problem by clearing the dns cache (without obviously changing Quad9).

    ipconfig /flushdns

    One of the 2 websites may not be blocked, but both.
    Secondary DNS are AdguardDNS

    P.S.1

    Other test:

    9.9.9.9
    149.112.112.112

    700.JPG

    176.103.130.130
    185.228.168.9

    700a.JPG


    Don't consider ESNI, Windows XP doesn't have that functionality.


     
    Last edited: Jun 8, 2020
  24. imdb

    imdb Registered Member

    Joined:
    Nov 2, 2011
    Posts:
    4,208
    :cautious:
     
  25. reasonablePrivacy

    reasonablePrivacy Registered Member

    Joined:
    Oct 7, 2017
    Posts:
    2,002
    Location:
    Member state of European Union
    It seems that somebody removed their page from Weebly or Weebly terminated the account.
    Still blocked by Quad9.
    Code:
    $ kdig  signinemail.weebly.com @9.9.9.9
    ;; ->>HEADER<<- opcode: QUERY; status: NXDOMAIN; id: 29180
    ;; Flags: qr rd; QUERY: 1; ANSWER: 0; AUTHORITY: 0; ADDITIONAL: 0
    It is not blocked by AdGuard:
    Code:
    $ kdig  signinemail.weebly.com @176.103.130.130
    ;; ->>HEADER<<- opcode: QUERY; status: NOERROR; id: 50668
    ;; Flags: qr rd ra; QUERY: 1; ANSWER: 3; AUTHORITY: 0; ADDITIONAL: 0
    
    ;; QUESTION SECTION:
    ;; signinemail.weebly.com.        IN    A
    
    ;; ANSWER SECTION:
    signinemail.weebly.com.    86400    IN    CNAME    pages-wildcard.weebly.com.
    pages-wildcard.weebly.com.    900    IN    A    199.34.228.53
    pages-wildcard.weebly.com.    900    IN    A    199.34.228.54
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.