What's new
By:

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

DNS Providers - Who to trust?

B

bbunge

Part of the Furniture
I know that network security is a moving target and it is important to feel comfortable with the services offered by providers. But, when I read the article about Cloudflare and the mis-issued certificates, I began to question the faith I had put in their DNS service. There are a couple of DNS providers I will not use because of their country associations or their questionable business practice. I also feel it is a good idea to use a DNS provider that filters malware sites and etc.
But what provider to use? Is it better to do my own filtering with a self hosted DNS sink hole? Is it better to use my own recursive DNS server?
The questions keep coming and it gets no easier!
 
It seems the only answer is to trust none of them and run a local Pi-Hole or AdguardHome instance forwarding to Unbound as a recursive resolver. Then you’re only trusting the curators of the blocking lists used.

EDIT: That said, I gave up on fancy DNS ideas a few years ago. I use a minimal blocking list (Hagezi Multi-light) and forward plain DNS to my ISP DNS servers (Comcast/Xfinity).
 
Last edited:
bbunge said:
I know that network security is a moving target and it is important to feel comfortable with the services offered by providers. But, when I read the article about Cloudflare and the mis-issued certificates, I began to question the faith I had put in their DNS service. There are a couple of DNS providers I will not use because of their country associations or their questionable business practice. I also feel it is a good idea to use a DNS provider that filters malware sites and etc.
But what provider to use? Is it better to do my own filtering with a self hosted DNS sink hole? Is it better to use my own recursive DNS server?
The questions keep coming and it gets no easier!
Click to expand...

Me, too.

I want a free, reputable/regulated, public DNS/DoT solution (no account required) that filter ads and malware... I'm not worried about adult content unless it becomes an issue with young guests, so I also want the option to filter adult content.

I want plug and play... like you say, network security is a moving target so I don't want the overhead of maintaining a local solution... plus I want a non-technical solution that can be easily implemented on related home networks that have the typical network admin skill set (not capable and/or not interested/too busy).

bbunge said:
There are a couple of DNS providers I will not use because of their country associations or their questionable business practice.
Click to expand...

Which ones? :)

AdGuard has the Russia background... I notice ASUSWRT offers AdGuard as a DNS option, but it doesn't mention malware filtering, just ads. The AdGuard docs are a bit similarly unclear but do imply that their DNS filters malicious sites. So, I remain unsure if AdGuard Public DNS is also filtering malware, and if so, how does it compare.

Given the US is poor about regulating the Internet, particularly big data (now fast becoming big AI), and the EU is at least trying to protect users, I'm not opposed to using non-US providers/software, especially when it is subject to EU oversight. Because of this point, I tend to trust Quad9 DNS the most but I'm not currently using it since it does not block ads. Given that ads are out of control, imo, I tend to view them as also being a malware threat.

I currently use AdGuard Public DNS (94.140.14.14, 94.140.15.15, dns.adguard-dns.com) and ASUSWRT AiProtection. AiProtection has not had any hits here for quite awhile... maybe because of ad blocking!

Perhaps paying for a reputable DNS provider (account required) that does it all will be our ultimate destination.

OE
 
Last edited:
OzarkEdge said:
Which ones? :)
Click to expand...
I am currently using Quad9 and a Pi-Hole with the Steven Black block listfor the DHCP clients. Client with static IP addresses use the router which uses Quad9. That block list may change later in the day depending upon my mood and continually being told to disable the block list.

I have use Cloudflare Security for quite a while. Tested ControlD. Will not use AdGuard, Comodo, Google, Comcast or Level3.
 
You must log in or register to reply here.

Similar threads

aex.perez
USB died and new USB dying again! Moving to SSD/Flash!
2 3
Replies
53
Views
3K
sfx2000
sfx2000
D
How to get BQ16's to have a reliable connection
Replies
6
Views
561
DougBMA
D
P
Threat protection / DNS filtering / Router security (on home network)
Replies
1
Views
2K
Tech9
Tech9
S
XT8 and some extenders to replace Adtran 834-v6 (and Adtran extenders)
Replies
0
Views
304
scoob198
S
H
Solved SMB access to a NAS on a different subnet?
Replies
13
Views
2K
heddy
H
Similar threads
Thread starter Title Forum Replies Date
A Solved [solved] dnscrypt/merlin - sometimes slow dns for cdn domains? General Network Security 0
P DNS config with VPN General Network Security 14
S Is there good VPN tunnel plain DNS filtering software for Windows? General Network Security 2

Similar threads

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 803 (members: 22, guests: 781)
Back
Top