Contemplating DNS Resolvers

Since I have changed my setup, for now, away from VPN, with GrapheneOS I have been contemplating a suitable DNS Resolver.
For now I am using Quad9, and “happy” so far but have dns0 .eu and as runner up.
Since the contemplating is starting to cause me to think about it more than I want to, haha I figured I would ask here to try and get more insight, other than what I am able to find online.
They all seem reputable, have good partnership with threat intelligence companies…
The main question I have, does it matter? Or is it just one of those "over thought things and no problem as long as one stays in a certain gathering of them?
Gathering meaning the list here, or other sources. After checking the privacy policy of course…

1 Like

Any of the options recommended by PG are good choices. I use Quad9 and Mullvad (for ad blocking) personally and both work well.


Thank you for your reply.
So it seems more or less to “not matter” if one stays in the recommendations?!

Given the distance is not too far as well.

I’ll just leave it with quad9 and just for fun maby try

For me Vanadium (or Brave) block the content.
I was (am) looking for added security…

I believe all the recommendations use Anycast which means it selects a server close to you :slight_smile:

Yep :slight_smile:

I also use Quad9 when I am not on VPN.

Your choice of DNS does matter, see:

Most probably use Cloudflare or Google, and probably not even know about, Quad9, etc. that can filter out some malware at DNS level. But most importantly, it’s the easiest thing you can do to improve your security, often with zero cost. So, why not?


Right but within the recommendations of PG it doesnt have too much of an issue (malware blocking may be something that @FlipSid would want to consider though).


Not worried about content blocking.
I’ll let the Browser do that. What ever Vanadium (or Brave) has set up.
It’s added security (malware blocking) that is the objective.
It probably would be possible to find a DNS Resolver that can do both. But for my self, I’m focused on a Resolver that is focused on Security
Edit thanks for the video @archerallstars got something to whatch during night shift :sweat_smile:

Then again, I have no idea what malware blocking my ISP has set up, given I haven’t had any issues with it since I have been using mobile phones.
At least none that I know of…

Anyway thanks for the input :+1:t5:

1 Like

Quad 9 or NextDNS are both great options with respect to malware blocking. NextDNS has the added benefit of being useful for ad/tracker blocking as well (or blocking anything else you want to block) and being one of the most configurable and flexible DNS services. It sounds like these other features don’t matter much to you, in which case there isn’t really much reason to prefer one over the other (jurisdiction maybe?),

I believe the video @archerallstars posted goes into more detail on the topic of DNS level malware blocking (if its the same video I am thinking of). Its worth a watch if you want more details. If not, the TL;DR is Quad9 excels at malware blocking, and a well configured NextDNS exceeds quad 9 marginally.

1 Like

More or less trying to keep it simple @xe3

Maby I’ll check NextDNS out again, just not too sure how far I will get with 300K query’s :thinking: on the free tier

My phone is basically my PC

My concern with NextDNS, other than the 300K limit, is that the service will keep your log by default, which seems to contrary to its privacy policy #3:

If not specifically requested by the user, no data is logged.

If this is not worse yet, you can’t access the dashboard on your free account after 7 days. Which means, after 7 days, you have no way to know/recheck whether you disabled the logging. The only thing you can do is to create a new profile and make sure the logging is disabled, that’s if you don’t prefer the service to keep your log.

1 Like

Or create a account…
Other than that I could give RethinkDNS a shot :thinking:
That is if I wanted to switch from Quad9


In that case I think there is no reason for you to switch away from Quad9


I am mostly using and Mullvad Base.

I don’t have concern with their privacy policies and I hope to see some benefit of having private ECS over not having it at all (Mullvad). DNS0 is also nice at family as they are quick to block malicious domains and those can be reported through many methods including webpage (which also allows false positive reporting) and a Telegram bot (although I wish they send some sort of read-receipts).

So far I have seen just two false positives, more significantly

Mullvad Base I again mostly use on mobile where there isn’t so diverse selection of content blockers available and my only issue with them is not having a server in Finland, while Sweden is close enough.

Update: this thread inspired me to look into the DNS page after a long break and I noticed that it doesn’t make distinguishion between private ECS and normal ECS, which made this an issue time

1 Like

Yes dns0 is interesting as well.
Decided to run the dns0/zero version, as Vanadium does have content blocking and I trust the dev to “do it or have it right”
Why Zero a test?
The Page reads it’s self interesting, but I don’t know for sure if Quad9 has all the NRD blocked that dns0 writes.
Probably, in the long run, I’ll just use either :slight_smile:
When I have more time again I’ll go over the TI partners

Be warned that NRD blocking may cause breakage if you use decentralised applications where the other party may control which domain gets used or you attempt to use it on a server that hosts a federated protocol server.

I was trying to use it on a phone for a while, but hit a roadblock with SimpleX when multiple people started selfhosting and changed receiving address for me and I was unable to communicate with them as they wanted to receive messages through a server that DNS0 Zero was blocking :sweat_smile:

I can imagine similar happening on server side with Matrix, XMPP, ActivityPub or anything similar. Or someone could just be forced to move a domain quickly (like happened to PrivacyGuides itself) and then get locked for you for 30 days.


I go straight to the horses mouth using Unbound with a fallback to Quad9.


Where are you getting that information? I see no mention of this limitation on NextDNS’s website, and this was not my experience as a free user a few years ago, nor is it the experience of my friend who is currently a free user.

1 Like

Sorry, it’s a temp. account (which is free also). I mixed it with a free user account.

Any reason why you stopped using a VPN?

After reading these 3 articles, and a slow down in download speed I figured to drop it for now.
Haven’t gone back since. (Well only one month so far.
Before “panic”:
Compare sources and decide what’s best for you.
Anyway enough rambling, here are the links;

Maby one day I will go back. Who knows :slight_smile:
On a side note, let’s keep this thread contemplating DNS Resolvers :slight_smile: :grinning: