Malicious site filters on DNS in 2020
In spring 2019 I published the article about how good public DNS services are in blocking malware & phishing links.
Now, one year later, one more DNS provider has released a “Malware blocking” DNS service. Cloudflare released on the 1st of April 2020 “Cloudflare families“.
Their service is divided into two different filtering options. One for blocking malware, and one for blocking malware and adult content.
I’m looking at the malware blocking DNS only, to compare it against other public DNS providers, included in my review from last year.
The Review
All tests are done on the 2nd of May 2020. Phishing and malware links / domains, were collected from different lists / services. The most of the links are just 1-3 days old. Just a few of them were older.
Domains connected to the following categories has been selected:
- 12 phishing links
- 12 malware links
The DNS providers included in the test are:
- Quad9 – 9.9.9.9
- Cloudflare family – 1.1.1.2
- OpenDNS – 208.67.222.222
- CleanBrowsing – 185.228.168.9
- Adguard DNS – 176.103.130.130
In comparison I did a check on Cloudflare’s default DNS 1.1.1.1 and Googles DNS 8.8.8.8 as well, also when it is known that those are not blocking any content.
The blocking is been done in two different ways depending on the DNS provider.
- not resolving the domain with NIXDOMAIN (Quad9 + CleanBrowsing) or by answering with IP 0.0.0.0 (Cloudflare).
- Answering with an IP of the DNS provider blockpage. (Adguard DNS + OpenDNS)
The Result
Total percentage of blocked domains:
- Quad9 = 96 % (23/24)
- CleanBrowsing = 75 % (18/24)
- AdGuard DNS = 54 % (13/24)
- OpenDNS = 46 % (11/24)
- Cloudflare families 13 % (3/24)
Blocked Phishing domains:
- Quad9 = 100%
- CleanBrowsing = 100 %
- OpenDNS = 92 %
- Adguard DNS = 42 %
Non other DNS services blocked any phishing domain tested.
Blocked Malware domains:
- Quad9 = 92 %
- Adguard DNS = 67 %
- CleanBrowsing = 50 %
- Cloudlare family = 25 %
Non other DNS services blocked any malware domain tested.
Vedicts
Starting with the newcomer Cloudflare families, I’m not impressed by it’s results. Non of the domains connected to phishing links where blocked. When it comes to malware links, here at least 25% of the domains where blocked.
Quad9, CleanBrowsing and OpenDNS are very good in blocking phishing links (100 – 92%).
On the malware blocking test, CleanBrowsing did still block 50% of the tested doamins.
Sadly, OpenDNS did not block any malware domain tested, having a high score on blocking Phishing they also need to improve their filtering of malware domains.
AdGuard DNS on the other hand has rather equal results in blocking Phishing and Malware domains (42 % / 67 %). Using Adguard would also give you the advantage of blocked advertisement in your browsing traffic.
The total winner of this test is Quad9. Blocking 96% of everything I tested in this review. All 12 phishing domains where block and only one malware domain did it let go through. Very impressive results!
I was first thinking about giving Cloudflare families a try to be my main DNS service. But I was expecting much better results from Cloudflare, a company having a huge Content Delivery Network around the world as they have. But after my review it’s clear for me, to continue using Quad9 as my DNS service on all devices as I have done for about two years now.