The Forum Post: forums.lawrencesystems.com/t/dns-malware-filtering-compared-quad9-vs-cloudflave-vs-dns-filter-vs-opendns-cisco-umbrella/5072 Part Two:DNS Malware Filtering Followup: Comments, Concerns, Cisco Corrections and Conversation kzread.info/dash/bejne/pXipytp8h8eZp7g.html The IP visible at the top of the OpenDNS page is not my office IP address. Also I did a test with NextDNS and posted the results in my forums

@regchan

4 жыл бұрын

kzread.info/dash/bejne/m6GgqNebidmeibw.html your ip is visible at the top of the open dns site

@macsavant

4 жыл бұрын

The OpenDNS numbers are horrible. Did you configure it to block malware for your IP address? Be certain it's configured for your IP address.

@ernestoarellano5012

4 жыл бұрын

You need to configure your IP in cisco umbrella for it to apply the policy or use the roaming client. Even if it resolves it will show the block page.

@stephanefaure489

3 жыл бұрын

Unfortunatelly you didn't test Cisco Umbrella but only OpenDNS personnal. The Umbrella dashboard, possibilities and filter are way far more different. Do you have a list of you tested domains so I can test it with a proper Umbrella DNS and SIG deployement ? I guess you should probably change the video name to remove Umbrella or make an addon. Have a nice day :)

@stephanefaure489

3 жыл бұрын

Sorry I forgot, in your first page of resolution you have a 146.112.61.108, wich is an Open DNS IP, so your request has been redirect to an OpenDNS block page, did you take it in your maths ?

Oh my gosh. Excellent Data Analysis! I'm going back to Quad9 even though the speed is slightly slower (by about 15ms) compared to Cloudflare. Thanks for sharing.

@christophersoutherlin2631

3 ай бұрын

That's miniscule. The key benchmark is to stay below 50ms as a performance metric. For my network, Cloudflare was the fastest, but it's not stable and consistent. Upload speed was the most affected.

This is great, and surprising. Thanks for the quality content, really like your videos. Switched all my gear to quad9. Interesting to see Umbrella crap the bed, they sure market the hell out of that.

Thank's man, you're making so nice and valuable content, keep going ❤️

Would love to see a followup on this! Maybe make it an annual event?

@BrianThomas

2 жыл бұрын

Agreed 👍🏾

@ohjaysimpson397

Жыл бұрын

Yes, it's been awhile. Whats the new DNS we should be using now

I'm trying out Quad9 on my pi-hole. Thanks for the great review!

This is great info! Will be doing something around it soon...

Great video Tom. Thanks for the comparison.

Would be nice to see this test ONCE every year. Thank you BTW for the effort of this video

For some constructive feedback, it would be great to see the exact config used in each subscription or in an included writeup. Great that you reviewed some but not really complete if you don't do the same for all.

Really useful great comparison

Catching this after 2 years. Wonder how much has changed in that time? And if OpenDNS is still so far behind?

Lawrence please can you redo this test. It would be hugely beneficial for everyone. Would nice to see how NextDNS ranks against newer ones such as control d. Etc.

very nice, thanks for this

Not really surprise and i started to do this test some months ago ;) Thanks for sharing

Quad9 all the way, great info ! :-) Subscribed

I became a patron today. Thanks, Tom.

@LAWRENCESYSTEMS

4 жыл бұрын

Thank you

Hello :-) is this still the same 3 years later? Be good to see an update. Love your videos.

Looks like you missed an IP @ 3:12. You blurred one but missed the other

@JDSileo

3 жыл бұрын

shhhhhhh. Loose lips sink ships

Very interesting comparison. I did notice that the portal your using for OpenDNS is the free version and not their paid tenant portal. Curious if there is a different level of protection between the 2.

@maokinus

4 жыл бұрын

There are a lot more features included in Umbrella the enterprise DNS-Layer protection such as a selective proxy. Indeed this test does use the consumer edition which is OpenDNS branded not Umbrella. If you are curious to see some tests Umbrella the enterprise package check out these tests performed by AV-TEST www.av-test.org/fileadmin/pdf/reports/AV-TEST_DNS_Layer_Protection_Test_Feb_2020.pdf

Time to do NextDNS /Cleanbrowsing in this mix and run it generally as a new update

It would be cool to see an updated test again.

@michnl1772

Жыл бұрын

+1 every year audit

Did you create an OpenDNS account and create a policy and associate your internet facing IP? By default it doesn't filter suspicious sites.

Cheers from Florida!

You should do another one of these

Good start, but I don't think that this test is representable enough. It is possible that Quad9 just happens to use that exact list for constructing block list. Or Quad9 could just concentrate on a specific part of malware domains that is represented in the list used for testing. All in all, this test only increases Quad9's chances to beat other services, but it is to early to state that it's so much better.

Would be nice to see nextdns

@LAWRENCESYSTEMS

4 жыл бұрын

I did a test of NextDNS and posted the results in my forums. forums.lawrencesystems.com/t/dns-malware-filtering-compared-quad9-vs-cloudflare-vs-dns-filter-vs-opendns-cisco-umbrella/5072

@StefanoVazzoler

4 жыл бұрын

@@LAWRENCESYSTEMS thank you, I was gonna run it myself later today but you saved me a few minutes. Interesting results...

I’m wondering if more of the malware sites would have been blocked by dnsfilter if more categories were used...they might have them under other categories.

@LAWRENCESYSTEMS

4 жыл бұрын

Putting malware domains under any other category would not make any sense. I mean would they be under finance since some are ransomware?

I don't think you have to sign up to opendns to use it for home use

This need an update. Its been 3 years already. If I may I wish to sugest getting Quad9, NextDNS and Coltrol D antimalware against each other. Cloudflare, Google, OpenDNS are a waste of time, they will be bad at the end anyway.

it's time for a new video to update the results

I'm guessing quad9 comes out on top

Can you please cover NextDNS?

@tomcapote

4 жыл бұрын

David Hartley Yes, THIS!

@LAWRENCESYSTEMS

4 жыл бұрын

I did a test of NextDNS and posted the results in my forums. forums.lawrencesystems.com/t/dns-malware-filtering-compared-quad9-vs-cloudflare-vs-dns-filter-vs-opendns-cisco-umbrella/5072

Hi everytime i search for my primary and secondary DNS IP ADRESS i have 6 Malwares and i don’t know how to remove it, i have multiplie times searched for malwares on antivirus programs as Malwarebyte / F-Secure and Avast. They don’t find anything. But everytime i go to totalvirus i see my malwares. I need help to remove this please help me out.

I wish there were something like quad9 but faster. Because I get a few issue in some game because of that

I'm suspecting you didn't go thoroughly into settings for NextDNS. NextDNS has more security and privacy features, plus you select the blacklists yourself and there are many! It should just wipe out others in your test. edit: You also didn't go into advanced settings for OpenDNS? It logs you out and you didn't bother?

Open dns is still faster than all in my area

Do you have an updated link to the list or a list of lists pf the rogue domains please?

@LAWRENCESYSTEMS

10 ай бұрын

no, because all the public lists are also in Quad9 and most other popular DNS systems.

There is also MDBR & MDBR+ from CIS (Akamai)

Where’s WebTitan?

I'm confused which one to use!! Actually I need something that blocks malware, blocks antiphising, doesn't store ip address, deletes all history and does not save any users information. plz suggest me which one to use Quad9, Cloudflare or OpenWatch. Or some other dns which i don't know

@winsomenz

3 жыл бұрын

Use NextDNS or Quad9 if you need malware protection and privacy. Rest are just marketing DNS query farms.

Does someone knows secondary iPV4 adress of DNSFilter?

Pi-Hole is a nice element in DNS filtering :).

@-----------------------------

4 жыл бұрын

Can't use your pi hole outside your network unless you want to VPN into your network daily on a mobile device.

@vgamesx1

4 жыл бұрын

Well you can't really use a cloud based DNS either without the use of an app, at least on android you have to change the DNS on each individual network and for the most part you can't change settings for your 3G/4G connection at all and technically you can use pi-hole outside, it's not as if port forwarding is hard you just need a good way to automatically update your IP but of course it generally isn't recommended opening your devices up to the internet, the alternative is using an app such as Netguard which creates a local VPN that allows your device to do its own filtering via hosts file, so again extra work to manually update the lists but otherwise the best option for filtering outside your network.

@TheElderOne2003

4 жыл бұрын

@@----------------------------- I use it on my Note 8 daily without fail. Android has an option for private dns address to be input. Granted one vm instance of with pihole I use is dedicated only for off site devices.

@Szydelski

4 жыл бұрын

@@----------------------------- I'm not saying the pi-hole is ultimate solution for every issue. However I'm actually using solution you suggested.:)

Looked like you were signed into an OpenDNS account and not Cisco Umbrella. The Umbrella dashboard is totally different. Cisco has made no improvements to the original OpenDNS service. I did similar testing with OpenDNS a few years back and actually found that the malware filtering was better without creating an account. When I created an account and provided my WAN IP malware was no longer filtered.

@jackripper8791

4 жыл бұрын

It is not quite true but I worked for Umbrella and I'm not surprised with test results tbh.

@johnhanly2948

4 жыл бұрын

I would also be interested in how Cisco Umbrella does.

@maokinus

4 жыл бұрын

@@johnhanly2948 Public results here for Cisco Umbrella www.av-test.org/fileadmin/pdf/reports/AV-TEST_DNS_Layer_Protection_Test_Feb_2020.pdf There is also a OpenDNS Prosumer package that provides the Umbrella dashboard to consumers with a limited feature set.

Does anyone know how pi hole compares to these?

@bren.r

3 жыл бұрын

Pihole just sits in between your computer and a big name DNS resolver. If we want to talk about performance, clearly a local DNS server is superior. I personally use it to have network wide DOH resolutions.

Wow so shocked that Cisco, the #1 networking security company in the world has lousy protection......LOL

Nextdns is underrated

@LAWRENCESYSTEMS

4 жыл бұрын

I did a test of NextDNS and posted the results in my forums. forums.lawrencesystems.com/t/dns-malware-filtering-compared-quad9-vs-cloudflare-vs-dns-filter-vs-opendns-cisco-umbrella/5072

Can someone please summarise? I'm confused, that's a lot info to process spoken really fast... so quad9 is safest?

@LAWRENCESYSTEMS

3 жыл бұрын

Just use Quad9

Does Quad9 block ads as well or just malware?

@DibyaK

4 жыл бұрын

If you want to block ads, and you are comfortable running your own services at home, then an excellent tool would be something like pi-hole, which you can setup to forward to Quad9.

@homemark22

4 жыл бұрын

why not use adguard dns?

@bren.r

3 жыл бұрын

@@homemark22 privacy

@homemark22

3 жыл бұрын

@@bren.r Cares about your privacy Protecting your personal data is our top priority. With AdGuard, you and your sensitive data will be safe from any online tracker and analytics system that may attempt to steal your data while surfing the web. - that was from their website

@chuckhalo

2 жыл бұрын

@@homemark22 yeah that doesn’t help

Can you please make a video about RethinkDNS?

@LAWRENCESYSTEMS

Жыл бұрын

I don't use it or plan to. We use pfblocker and ublock.

@mrf_71

Жыл бұрын

@@LAWRENCESYSTEMS do you have a video on pfblocker?

@mrf_71

Жыл бұрын

@@LAWRENCESYSTEMS so if you don't use a product you won't make a video?

@LAWRENCESYSTEMS

Жыл бұрын

@@mrf_71 I don't have time to test every tool on the market so I pick ones that are interesting or complementing.

Cloudflave?

@LAWRENCESYSTEMS

4 жыл бұрын

Hahha, thanks and fixed

Ciao. MAke sense since I am using Surfshark VPN to use also Surfshark DNS? or it is no need? thanks

@LAWRENCESYSTEMS

Жыл бұрын

I still prefer Quad9, even when I am using a privacy VPN.

@Mangold108

Жыл бұрын

@@LAWRENCESYSTEMS huh! better then cloudflare?

@LAWRENCESYSTEMS

Жыл бұрын

I think so.

You're telling me that Cloudflare let ALL of the malware through? Yeesh...

be nice if you checked the adult content filtering too... malware is one but family safety is another.

Need 2022 comparison please

@LAWRENCESYSTEMS

2 жыл бұрын

Still using Quad9

@Allltha8matters

2 жыл бұрын

@@LAWRENCESYSTEMS quad9 is too slow here in India/Asia, and cloudflare zero trust DNS filtering seems to be improved a lot. so a new 2022 comparison video would be awesome

@swiftypopty1102

Жыл бұрын

@@Allltha8matters It's work just fine for me in SEA

this video need a 2024 update

@LAWRENCESYSTEMS

5 ай бұрын

There is a new version here kzread.info/dash/bejne/gImIlq1spM6fftY.html

Only 1 issue with your videos: you talk too fast and a lot of words are not understandable by me or by the auto subtitle. Please, slow down just 5% and try to pronounce every at least technical word correctly. Love ya

Your methodology might give a lot of wrong results. Using "dig" will not always give the right IP. Many malware sites have a low TTL on their A records and change the IP multiple times. Also sometimes they use Cloudflare first > and send the user to another site/IP afterwards. And as we know Cloudflare is awesome if you want to host malware sites, since Cloudflare rarely blocks sites or take them down.

@clausdk6299

4 жыл бұрын

I wonder how many of those IP's belongs to Cloudflare....

@maokinus

4 жыл бұрын

@@clausdk6299 Good point @8:15 the results show around line 16 or 17 IP address 146.112.61.108. The entire address block of 146.112.0.0 is registered to Cisco Umbrella. talosintelligence.com/reputation_center/lookup?search=146.112.61.108

talk less show more performance... don't talk walk the talk