Kudos Tom for taking onboard the feedback & re-testing NextDNS. Your assessment is totally fair, there are trade-offs here, but the blocking results do speak to the benefit of their service, over free options at least.
This is why I trust you!!!! you care about everyone being in the know! That is some awesome results. Quad 9 is still the best easy, go to of mine as well. NextDNS is for specific use cases or locking down my home net because the kids LOL.
If you are concerned about NextDNS Privacy, they do provide an option on the settings page to completely disable any logging, or have them stored in Europe under strict privacy ruling.
Europe does NOT have strict logging laws. Those only apply for select private companies. In marxist Sweden ISPs are even taken to court by the oppressive vile EU if the ISP does not map everything the user does and save the data for years.
wondering out loud here... with different states having different laws (I'm in California thank goodness, with strict privacy laws...) nextDNS doesn't ask for my email address or have different privacy rules for this state which tells me they don't store anything or sell anything to 3rd parties... and they clearly state that on there webpage...
@@murtadha96 Being in Switzerland doesn't help you! If Law Enforcement want the details they will be given them. GCHQ and NSA help themselves without asking anyway,
Your argument is sound but I wanted to point out that in nextdns you can configure how long logs are retained in the settings tab. Not sure how much someone could mine if I set mine retention to only 1 hour.
another point to note for average home/SMB users is that, the free tier of NextDNS is limited to 300,000 queue per month. After that queues are not filtered. Take myself as an example, I would used up the quota within 2 weeks.
Yea the non-profit of quad9 is what makes me choose it. Also NextDNS is based in the USA with NSA and all the issues that come from that country with terrible privacy laws.
@@rickross4337 I have 11 devices running and so far this month I have 18,864 queries to NextDNS, so i never exceed the amount. AdGuardHome has a cache too.
NextDNS is still a for profit company, although I don't know if they sell the aggregated data, they can/do hold it. I prefer Quad9, nonprofit, they don't hold data.
If in the end, the concerns are protection AND privacy, why not just go with a local Unbound dns server in recursive mode and/or a Pi-hole with whatever blocklists you would need?
One point worth noting, if you’re required to register the IP you will be querying from, that’s going to immediately make it a non starter for a lot of the homelab folks and such as they likely won’t have a fixed IP address.
IP address registration only needed for clients using classic DNS over UDP (port 53) over IPv4. For IPv6 your customer identifier is part of the last bits of the DNS server address. NextDNS also provides endpoints for DNS-over-TLS/QUIC (DoT) and DNS-over-HTTPS (DoH) where the identifier is part of the URL.
after watching the video i got curious and checked in my own network's DNS settings. Found that firefox uses DoH now and no obvious way to switch it (and i didnt care enough to really dig into that) so makes me wonder how effective changing the DNS on the router is anymore
DoH on Firefox uses your DNS of choice. If you choose Cloudlfare on your router, then FF will try to conect to Cloudflare's DoH DNS servers, If you choose quad9 same. If he can't connect via DoH he will use your plain default port 53 DNS.
You can switch it, its under the privacy and security. Turning it off it will use your PC/Router DNS settings. They offer NextDNS in their DNSoverHTTPS service, but not quad9, so i turn it off.
NextDNS does have where you can minimize the logs down to 1 hour which I find useful in case I need to check for something that was blocked and need to allow.
With NextDNS, you can select to delete queriers/logs after 7 days and store your data in a territory with higher regulations when it comes to data privacy.
I used to use Mullvad’s “base” encrypted DNS but found that it was blocking sites I had a legitimate need for. I’ve since switched between Quad9 and AdGuard, though I haven’t definitively settled on one or the other.
Yes. Especially if you want the solution to pass the Family test i.e. "Google Shopping got blocked and now my wife is angry because she can't open the link to the ad she saw and actually wanted to buy" and other things like that.
Damn nextdns is truly next level would still prefer quad9 personally because free and its good enough and way more than any standard user would do with a server in Toronto i get better ping than with a Google dns anyway
when someone try to convince me to use their services, then i choose the one who dont give a fck if you use it or not, because is open source and they know for sure is better...
He tested only unencrypted DNS with IP pinning and ignored the ability to not create any logs or on choosen logging location. This review was pretty much superficial, even NextDNS nailed it by blocking everything.
So basically before, you use NextDNS for a test with out a single clue of what was NextDNS, ok, if this is the methodology that you use to test stuff we are in good hands, well, at least you are honest in recognising your mistakes. Thanks for the video.
I would partiallu blame NextDNS for that tbh. They state on their homepage try if now (no signup required) then give you the dns IP's. If you overlooked the link IP part then yeah its not going to work as expected. Although we have no idea if Tom linked the IP or not or didnt even click that page and just entered the DNS ips on his test machine.
@@_Miner when he made the initial video, I immediately knew that he didn't had a clue what he was talking about, but he was so eager to praise Quad9 that he went for it anyway, and by the way I really like Quad9, I think he is correct, one of the best DNS services out there.
Every single DNS out there logs data, even no-log like Quad9 or Cloudflare, because of DDoS protection and they mention it in their Privacy Policy. The only difference is, how fast they remove logs, some after 2 hours, some after days. It is like arguing whether you should have Google/MS account, if you do not, they will log your data, if you do, you can remove it at your discretion.
Wireguard, pihole, + quad 9. I think next dns is ok for on device vanilla style ad blocking if you don’t have a vpn or pihole, but it comes at the price of KYC unless you have an alt ID
Absolutely horrific to register to a DNS provider 😮😢 No matter how well it works… if you have to sell your soul, it’s never worth it. There is absolutely no way they don’t track the request.
Also they are a US company so they are less beholden to GDPR and as a non-US citizen the NSA has full reign to spy on your traffic if they request it from NextDNS
Nah..it will be paid..thanks to AI.. at time passes Ai will be smart enough to figure out dangerous threats...and it is exclusive to NextDNS.. NOT other dns providers uses AI..
Kudos Tom for taking onboard the feedback & re-testing NextDNS.
Your assessment is totally fair, there are trade-offs here, but the blocking results do speak to the benefit of their service, over free options at least.
The speed and attentiveness of thoughtfully following up so quickly is amazing 👍
now that was more of the outcome i was expecting from nextdns. :)
thanks for the transparency.
This is why I trust you!!!! you care about everyone being in the know! That is some awesome results. Quad 9 is still the best easy, go to of mine as well. NextDNS is for specific use cases or locking down my home net because the kids LOL.
Thank you for taking the time to re-test!
If you are concerned about NextDNS Privacy, they do provide an option on the settings page to completely disable any logging, or have them stored in Europe under strict privacy ruling.
In Switzerland too.
Europe does NOT have strict logging laws. Those only apply for select private companies. In marxist Sweden ISPs are even taken to court by the oppressive vile EU if the ISP does not map everything the user does and save the data for years.
wondering out loud here... with different states having different laws (I'm in California thank goodness, with strict privacy laws...) nextDNS doesn't ask for my email address or have different privacy rules for this state which tells me they don't store anything or sell anything to 3rd parties... and they clearly state that on there webpage...
@@murtadha96 Being in Switzerland doesn't help you! If Law Enforcement want the details they will be given them. GCHQ and NSA help themselves without asking anyway,
5 eyes buddy. Western countries are on entity as far as the internet is concerned.
Thanks for re-running this test!
Your argument is sound but I wanted to point out that in nextdns you can configure how long logs are retained in the settings tab. Not sure how much someone could mine if I set mine retention to only 1 hour.
another point to note for average home/SMB users is that, the free tier of NextDNS is limited to 300,000 queue per month. After that queues are not filtered. Take myself as an example, I would used up the quota within 2 weeks.
Liar. There are not that many porn sites and results stay cached in your local DNS. Unless you are not caching anything (which is dumb).
@@Katchi_ you understand that everyone has different use case and settings, right? Just others have different case from you doesn’t make them liars
Yea the non-profit of quad9 is what makes me choose it. Also NextDNS is based in the USA with NSA and all the issues that come from that country with terrible privacy laws.
I used it up in 2-3 weeks with just my phone connected.
@@rickross4337 I have 11 devices running and so far this month I have 18,864 queries to NextDNS, so i never exceed the amount. AdGuardHome has a cache too.
Nice work
Really good and fair video. Thanks for this!
NextDNS is still a for profit company, although I don't know if they sell the aggregated data, they can/do hold it. I prefer Quad9, nonprofit, they don't hold data.
If in the end, the concerns are protection AND privacy, why not just go with a local Unbound dns server in recursive mode and/or a Pi-hole with whatever blocklists you would need?
One point worth noting, if you’re required to register the IP you will be querying from, that’s going to immediately make it a non starter for a lot of the homelab folks and such as they likely won’t have a fixed IP address.
Most people (such as myself) have DDNS configured in my homelab so this was super easy to address
IP address registration only needed for clients using classic DNS over UDP (port 53) over IPv4. For IPv6 your customer identifier is part of the last bits of the DNS server address. NextDNS also provides endpoints for DNS-over-TLS/QUIC (DoT) and DNS-over-HTTPS (DoH) where the identifier is part of the URL.
after watching the video i got curious and checked in my own network's DNS settings. Found that firefox uses DoH now and no obvious way to switch it (and i didnt care enough to really dig into that) so makes me wonder how effective changing the DNS on the router is anymore
DoH on Firefox uses your DNS of choice. If you choose Cloudlfare on your router, then FF will try to conect to Cloudflare's DoH DNS servers, If you choose quad9 same. If he can't connect via DoH he will use your plain default port 53 DNS.
You can switch it, its under the privacy and security. Turning it off it will use your PC/Router DNS settings.
They offer NextDNS in their DNSoverHTTPS service, but not quad9, so i turn it off.
@@pedromain Sadly quad9 isn't slectable in my country for firefox
Can you test Control D DNS and Mullvad DNS
NextDNS does have where you can minimize the logs down to 1 hour which I find useful in case I need to check for something that was blocked and need to allow.
I'm currently using controld
With NextDNS, you can select to delete queriers/logs after 7 days and store your data in a territory with higher regulations when it comes to data privacy.
I would wonder how mulvad falls into this bunch? From a privacy and security scope
I used to use Mullvad’s “base” encrypted DNS but found that it was blocking sites I had a legitimate need for. I’ve since switched between Quad9 and AdGuard, though I haven’t definitively settled on one or the other.
Could you share the final (or live) list that you are blocking please?
false positive is as important as true positive.
Yes. Especially if you want the solution to pass the Family test i.e. "Google Shopping got blocked and now my wife is angry because she can't open the link to the ad she saw and actually wanted to buy" and other things like that.
This, you can have a 100% detection rate, but that doesn't mean anything if the FP rate is 100%.
Thank you
What about "Cloudflare gateway" with firewall rules to block more stuff?
You'd likely get a similar result to nextdns, about 100% block rate.
@jacksoncremean1664 it is pain when each time you need to reconfigure and link yourself
Here you pop up again, Hello 🤙
Is there same pricing of Cloudfare with Nextdns pro?
What is better for Firefox dns mullvad vs quad9
I use QUAD9
@LAWRENCESYSTEMS but is that safer then mullvad dns and for PRIVACY?
not testing ControlD??
The script is in my forums, feel free to test all the DNS services you are interested in.
Damn nextdns is truly next level would still prefer quad9 personally because free and its good enough and way more than any standard user would do with a server in Toronto i get better ping than with a Google dns anyway
Of course everything is blocked in your test as NextDNS queries that blocklist every 5 minutes by their threat intelligence feeds...
Quad9 looks like the choice for me.
Fully agree, by registering yourself you are now personally identifiable, ergo you are now eligible to have your data sold.... and they WILL sell it.
I will stick with quad9.
And not block any trackers, affiliate links or advertising - excellent choice. Q9 doesn't block them...read the T&Cs.
@@Bond2025and which is your choice?
NextDNS allows you to turn logs off though. This would pretty much fix your issues with them wouldn't it?
As long as you trust them to actually turn off the logging.
@@LAWRENCESYSTEMS True enough!
Samo goes for quad9 or any other provider, you dont really know what logs they keep
@@ampeg187 Except that Quad9 does not have any info on you except for what IP address you came from.
For the small difference, I'll stick with quad 9. We give up enough of our data these days.
when someone try to convince me to use their services, then i choose the one who dont give a fck if you use it or not, because is open source and they know for sure is better...
It would be interesting to get an ip onto these malicious lists, and try and remove it...
He tested only unencrypted DNS with IP pinning and ignored the ability to not create any logs or on choosen logging location.
This review was pretty much superficial, even NextDNS nailed it by blocking everything.
If you care about privacy, having to provide email and ip-address kinda goes against the entire thing though.
@@wile123456I just want automatic linking system ,not manually link that each time...
didn't know that .top domains are used for malicious purposes
Now do Control D
It is costly!
@@wildyato37 It costs the same.
So basically before, you use NextDNS for a test with out a single clue of what was NextDNS, ok, if this is the methodology that you use to test stuff we are in good hands, well, at least you are honest in recognising your mistakes. Thanks for the video.
I would partiallu blame NextDNS for that tbh. They state on their homepage try if now (no signup required) then give you the dns IP's. If you overlooked the link IP part then yeah its not going to work as expected. Although we have no idea if Tom linked the IP or not or didnt even click that page and just entered the DNS ips on his test machine.
@@_Miner when he made the initial video, I immediately knew that he didn't had a clue what he was talking about, but he was so eager to praise Quad9 that he went for it anyway, and by the way I really like Quad9, I think he is correct, one of the best DNS services out there.
An alternative to NextDNS would be to run your own PiHole somewhere in the cloud, then you are the only one in charge of the logs!
There aren't many good threat feeds that are freely available, so you have to use another DNS service with threat feeds for good detection.
If it is hosted by a company, they are forced to hand over the data.
Every single DNS out there logs data, even no-log like Quad9 or Cloudflare, because of DDoS protection and they mention it in their Privacy Policy. The only difference is, how fast they remove logs, some after 2 hours, some after days. It is like arguing whether you should have Google/MS account, if you do not, they will log your data, if you do, you can remove it at your discretion.
Wireguard, pihole, + quad 9. I think next dns is ok for on device vanilla style ad blocking if you don’t have a vpn or pihole, but it comes at the price of KYC unless you have an alt ID
What you say account data retention, you can customize it including NO LOGGING. You failed to mention this.
Absolutely horrific to register to a DNS provider 😮😢
No matter how well it works… if you have to sell your soul, it’s never worth it.
There is absolutely no way they don’t track the request.
Also they are a US company so they are less beholden to GDPR and as a non-US citizen the NSA has full reign to spy on your traffic if they request it from NextDNS
nextdns definately Freemium but it's Open Source, so no problem there
Nah..it will be paid..thanks to AI..
at time passes Ai will be smart enough to figure out dangerous threats...and it is exclusive to NextDNS..
NOT other dns providers uses AI..
NextDNS is selling user data
Source?
Who in their right mind would register their ip and email address with a company that can see every DNS query you're making? No thanks :)
Any DNS server is going to see which IP you have as its part of the headers for the request you make every time you access a website.
IP address registration is only needed in for IPv4 clients using classic DNS over UDP (port 53). E-mail can also be some anonymous throw-away address
you muppet, they all see your IP when you make a request!
TRADING FREEDOM for SECURITY, In this CASE TRADING PRIVACY for SECURITY, and in the END YOU'LL HAVE NEITHER.
Pretty much everyone using any security product like AV, they run with system rights and gather and share all info.