What's new

DNS Choice?

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

RBJ32

Occasional Visitor
I realize this may be a loaded question depending on the ISP thereof. But generally speaking does a free public DNS like Google (8.8.8.8) or Quad 9 (9.9.9.9) offer better protection than most large ISP DNS?
 
Better protection against what?
 
Better protection against what?
Exactly.

DNS in and of itself doesn't provide "protection" against anything. It's not meant to be a security system, it merely resolves names to IP addresses. That said, there are some DNS servers that won't return addresses for known malware/porn/whatever sites.
 
Better protection against what?

Oh sorry for the ambiguity. From what I read some (like Quad 9) offer more malicious domain threat intelligence and block access if your system attempts to contact them. Of course it appears some security apps running on a pc can do the same. I surmise all DNS (ISP and Public) sell some of your traffic data.
 
Oh sorry for the ambiguity. From what I read some (like Quad 9) offer more malicious domain threat intelligence and block access if your system attempts to contact them. Of course it appears some security apps running on a pc can do the same. I surmise all DNS (ISP and Public) sell some of your traffic data.
Only come across one test
https://medium.com/@nykolas.z/phishing-protection-comparing-dns-security-filters-9d5a09849b91

CleanBrowsing did better than Quad9.

I do not think that Cloudflare or Google return NXDOMAIN for malware DNS lookups.
 
Google's DNS does no filtering at all. Don't think Cloudflare does, but my memory may be wrong.

OpenDNS, Quad9 and the lesser-known CleanBrowsing are probably the best solutions right now if you are looking for DNS-based filtering. Yandex apparently does a fairly good job as well if you are in Russia.
 
I like Quad9 but it is a little slow compared to my ISP's DNS. I have it setup on my guest VLAN. I am back and forth on using it with the main LAN. Quad9 for me is California and I am in Texas.
 
I like Quad9 but it is a little slow compared to my ISP's DNS. I have it setup on my guest VLAN. I am back and forth on using it with the main LAN. Quad9 for me is California and I am in Texas.

Thanks, while you're here I have a newbee question on your Vlan. Is all your LAN wired (?) or if not do you run a wifi AP wired back to a Vlan Smart Switch and/or a Vlan gateway wired router?

I have a cheap Dlink Vlan Smart Switch I wanted to play around with Vlan tags but I only have my main Wifi router going to the ISP modem. And for the most part I run all my Laptops off wifi, unless I hand carry one into the router room. So I figured I'd have to put the Vlan Smart Switch in between a wifi AP and the Gateway router (with the gateway wifi turned off).

I.e. it appears to me the physical logistics of Vlan requires wired cables. Otherwise I surmise one would just use a wifi router that had separated guest accounts so you'd kinda get similar separation via SSIDs instead of PVIDs.

But I'm just learning so feel free to correct where I've missed the concept.
 
Benchmark the DNS servers too. My ISP's DNS was faster than OpenDNS or Google. And they're probably using the data they get for marketing purposes.


Sent using Tapatalk
 
Two of my VLANs extend across my wireless with SSIDs. One SSID for each VLAN. I have 4 or 5 VLANs so some are wired only. I also have 3 wireless APs in my home running off wire. All 3 wireless APs carry the same SSIDs so I can roam around my house.
 
Two of my VLANs extend across my wireless with SSIDs. One SSID for each VLAN. I have 4 or 5 VLANs so some are wired only. I also have 3 wireless APs in my home running off wire. All 3 wireless APs carry the same SSIDs so I can roam around my house.

That's quite a setup. With all 3 APs having same SSID makes it convienient but yet still being sent thru any pertinent Vlan switch down the wire. On a setup like that does the wifi AP have to be Vlan capable (?) otherwise I'm kinda wondering how the PVID tag works when connecting via an SSID. Possibly is it the MAC of the connecting device that's actually tagged on the PVID so if that's the case it matters not whether it connects by wifi or wire so long as it gets to the Vlan switch on the way (?).

(edit add -> Also do you have any problem with the 3 APs trampling over each other's signals?)

Any input you can give me would be appreciated.
 
The AP are VLAN aware. They are Cisco WAP371 APs. I don't have problems with APs trampling over each other as I turned off 2.4GHz. I think 2.4 GHz is the center of most problems. Plus 5GHz is faster. The main rooms where we reside you get as high as 880 connection on the wireless. There are a few places where you only get as low as 330 connection speed. With 5GHz it seems to vary based on distance and walls. My wife likes to sit out on out picnic table in the back yard and facetime with her friends. Sometimes she walks to the front of out house where the kitchen is and mixes a drink and then out back to the picnic table. There is no problem with the call dropping. Her iPad just roams from back to front and back again.
 
Last edited:
Benchmark the DNS servers too.

DNS benchmarks for resolution time are useless. If a DNS server takes 20 ms less to resolve an IP it won't be visible to the end user. But if it makes you use a Youtube server at the other end of the country instead of a local one, your video streaming may suffer, and that will be far more visible.
 
If a DNS server takes 20 ms less to resolve an IP it won't be visible to the end user.

I've seen a significant number of hits per day when I used OpenDNS. One would think they would be cached somewhere after the first resolution...

Sent using Tapatalk
 
One would think they would be cached somewhere after the first resolution...

Correct. If using a router with dnsmasq, it will get cached by the router. Many clients also have their own cache at the OS level. And some applications (like web browsers) ALSO have their own cache.

Yeah, a bit overkill... But there's definitely some caching in there.
 
I realize this may be a loaded question depending on the ISP thereof. But generally speaking does a free public DNS like Google (8.8.8.8) or Quad 9 (9.9.9.9) offer better protection than most large ISP DNS?

ADgurd DNS blocks ads in browser and on all devices. Love it.


Sent from my iPhone using Tapatalk
 
The Internet needs to increase its adoption of DNSSEC, as it's one key element in limiting the amount of domain hijackings.
 
The Internet needs to increase its adoption of DNSSEC, as it's one key element in limiting the amount of domain hijackings.

If the DNS record is changed encryption is not going to help.

I sticking with QUAD9 for now.
 

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top