This summary of the video was created by an AI. It might contain some inaccuracies.
00:00:00 – 00:12:08
The video by Laar Systems provides an updated 2023 evaluation of DNS services for filtering malicious sites, revisiting a previous test from 2020. The presenter compares popular services such as Cloudflare (both standard and family filtering), Quad9, NextDNS, and AdGuard DNS. The testing involved over 8,000 malicious domains, and significant focus was placed on the testing methodology, domain list preparation, and the differences in results among the services. The list creation aimed to avoid extraneous data and incorporated cleaning steps to ensure relevance.
Cloudflare and NextDNS resolved a higher number of domains, frequently identifying gambling and adult content sites listed on VirusTotal for malicious activity. However, Quad9 and AdGuard showed minimal overlap in the domains they resolved, attributed to their use of different threat intelligence lists. Furthermore, Quad9 and AdGuard sometimes flagged sites incorrectly, often due to temporary compromises or maintenance issues.
Throughout the video, the speaker maintains a preference for Quad9, citing its non-profit status and transparent practices despite occasional inaccuracies. The presenter also shares insights into the challenges of maintaining and updating lists of malicious sites and provides viewers with resources to replicate their tests. The video emphasizes the complexities of DNS filtering and encourages feedback and suggestions for future improvements.
00:00:00
In this part of the video, the presenter from Laar Systems discusses their 2023 testing of DNS services for filtering malicious sites, updating a previous test from 2020. The 2023 test included over 8,000 malicious domains and compared Cloudflare, Quad9, NextDNS, and AdGuard DNS. The presenter explains the testing methods, highlights that DNS filter and Cisco Umbrella were excluded, and mentions Zoros for business DNS filtering. NextDNS and AdGuard DNS were included due to popular demand, while Cloudflare’s standard and family filtering were both tested. The presenter still prefers Quad9, praising it as a nonprofit dedicated to privacy. The presenter also notes the difficulty in maintaining an up-to-date list of bad sites, explaining that the 2020 testing used a list from Sans Internet Storm Center, which had limitations, and the 2023 testing used a list from Zone Files but required cleaning up to remove redundant or less relevant domains.
00:03:00
In this part of the video, the speaker discusses the methodology behind creating a list of domains to test, focusing primarily on those ending in `.com` to avoid extraneous data. The list was processed to filter out typo-squatting domains and cleaned using a bash script and spreadsheet to handle non-resolving or inconsistent results. Although the speaker avoids showing the actual list due to potential YouTube restrictions, they provide a way to download it. The speaker then reviews the results of their testing: out of 8,333 domains, Cloudflare and NextDNS resolved a significant portion, with Cloudflare resolving 2,750 domains and NextDNS resolving slightly more. The video highlights patterns in the resolved domains, such as the presence of gambling or adult content sites, and their common listing on VirusTotal for malicious activity.
00:06:00
In this part of the video, the speaker discusses the discrepancies between how different DNS resolvers, specifically Quad9 and AdGuard, handle a list of potentially malicious websites. Of 8,333 sites, Quad9 resolved 66, and AdGuard resolved 41, but the overlaps between the resolved domains were minimal. The discrepancies likely stem from the different threat intelligence lists each service uses. Some domains had been redirected or suspended, such as basic WordPress sites flagged for potential issues, likely due to poorly maintained plugins. These sites sometimes just had maintenance pages up, indicating they may not be actively malicious. Additionally, several domains resolved by Quad9 were discovered to be parked or for sale, often appearing similar to legitimate sites through typo-squatting techniques. These parked domains, often indicated by GoDaddy, were flagged as malicious at some point in their history.
00:09:00
In this part of the video, the speaker discusses the challenges of dealing with websites marked as malicious, particularly websites that might have been temporarily compromised but later fixed. They highlight how services like AdGuard and Quad9 sometimes flag sites erroneously and the difficulty in removing these flags. Despite these challenges, the speaker prefers using Quad9 due to its non-profit status and transparent practices. They mention engaging in conversations with the DNS filter team and point out the complexities in testing DNS services, sharing a script for others to replicate their tests. Additionally, the speaker references an encounter where Sony sued Quad9, inviting viewers to watch a linked video for more details. The segment wraps up with a call for feedback and suggestions for further testing.