HTTPS DNS - Cloudflare vs NextDNS?

Some of these copyright sites give a random SSL too long error, what's going on there and is it fixable with Firefox?
That's the block method of choice for UK ISPs subject to High Court injunctions (i.e. site blocking). A VPN or proxy is your friend. Before Mozilla **** the bed and disabled ESNI (before ECH was even close to ready), you could just enable encrypted DNS and encrypt the SNI in Firefox and the blocks would be bypassed with no need for a VPN. Now, no such luck. The sooner ECH is sorted the better, as until then you can encrypt your DNS all you like, but SNI will give you away anyway (unless you have a VPN).
 
Cloudflare do a malware checking DNS just for those that didn't know. So instead of 1.1.1.1 it is 1.1.1.2.

I use cloudflare's malware filtered dns server via dns over https.

Never tried nextdns.

FYI it might have got better but the blocking on Cloudflare wasn't very good compared to other solutions including Quad9


 
I thought I'd give Quad9 a go. :)

I realised that my ZenWiFi XT 12 has the options in the Router for Quad9 for WAN DNS. So I've chosen that. I've also set opportunistic DoT and set that to use Quad9. My DHCP DNS is left to default which means it uses the ZenWiFi XT 12 for processing the requests. Yet when I go to the Quad9 test page it says I'm not using Quad9. Is this just a mistake because I haven't set it on the PC level, but instead set it at the Router level?

XT12-DNS.jpg


XT12-DNS-WAN.jpg


EDIT: After doing a dns leak test it looks like this is working fine. The servers reported back are WoodyNet, Inc. which are used by Quad9. So it is just the test page from Quad9 which is reporting incorrectly.
 
Any free ones that do advert blocking?

AdGuard DNS:

94.140.14.14
94.140.15.15
2a10:50c0::ad1:ff
2a10:50c0::ad2:ff

DoH: https://dns.adguard-dns.com/dns-query
DoT: dns.adguard-dns.com
DoQ: quic://dns.adguard-dns.com
DNSCrypt: sdns://AQMAAAAAAAAAETk0LjE0MC4xNC4xNDo1NDQzINErR_JS3PLCu_iZEIbq95zkSV2LFsigxDIuUso_OQhzIjIuZG5zY3J5cHQuZGVmYXVsdC5uczEuYWRndWFyZC5jb20
 
I had lots of buffering issues (nowtv, bt sport etc) with cloud flare via virgin media. A guy on cable forums did some good diagnosis and I believe at the time it was due to cloud flare not supporting ecs. Wonder if that has changed.

Are you still using AdGuard rainmaker?
 
I had lots of buffering issues (nowtv, bt sport etc) with cloud flare via virgin media. A guy on cable forums did some good diagnosis and I believe at the time it was due to cloud flare not supporting ecs. Wonder if that has changed.

Are you still using AdGuard rainmaker?

Cloudflare won't support ECS as it's a privacy concern, Google and Quad9 using their specific ECS service 9.9.9.11 are the ones I know of that currently support it off top of my head.
 
I thought I'd give Quad9 a go. :)

I realised that my ZenWiFi XT 12 has the options in the Router for Quad9 for WAN DNS. So I've chosen that. I've also set opportunistic DoT and set that to use Quad9. My DHCP DNS is left to default which means it uses the ZenWiFi XT 12 for processing the requests. Yet when I go to the Quad9 test page it says I'm not using Quad9. Is this just a mistake because I haven't set it on the PC level, but instead set it at the Router level?

XT12-DNS.jpg


XT12-DNS-WAN.jpg


EDIT: After doing a dns leak test it looks like this is working fine. The servers reported back are WoodyNet, Inc. which are used by Quad9. So it is just the test page from Quad9 which is reporting incorrectly.

While old post... I've been using Quad9 for a while now as well. I also see WoodyNet being reported under Sky.
 
I had lots of buffering issues (nowtv, bt sport etc) with cloud flare via virgin media. A guy on cable forums did some good diagnosis and I believe at the time it was due to cloud flare not supporting ecs. Wonder if that has changed.

Are you still using AdGuard rainmaker?
I run my own DNS servers, but I also have subscriptions to NextDNS and AdGuard Private DNS. You can get EDNS Client Subnet (ECS) support with a privacy overlay from either NextDNS or AdGuard Private DNS (i.e. their paid service), but the former is slightly more reliable at the moment in my experience. If you run an AdGuard Home instance, you can also enable ECS in that.

That said, I've never in donkey's years had any issue using other DNS (Cloudflare, Quad9, AdGuard, my own) with VM or anyone else. Netflix shouldn't be affected at all - you might not get the feed direct from VM but it shouldn't struggle. That's sounding much more like a VM issue than a DNS one.
 
I think…(will link to thread) the issue was using cloud flare my vm traffic when using cloud flare was routed to a saturated Akamai node.
 
Back
Top Bottom