What would be the benefit of using a DNS blocker instead of the browser (e.g. Brave) one, purely from a blocking standpoint? Via the guide fluxogram, my ISP does not seem to make any obnoxious redirects, so im considering not using a custom dns provider at all
You don’t want to choose one over another. They are better together. The main benefit here with both is the DNS server can take care of the tracking and ad domains and the ad blocker in your browser takes care of the rest. DNS blocking also have the benefit to be system-wide. Not just in the browser.
4 Likes
This is backwards.
2 Likes
Has anyone gone through the DNS resolvers to see which does the best job at blocking trackers and ads? Also which resolvers cause the least amount of issues blocking?
With browser based blocking (uBlock) you can just disable it for that page or pinpoint which subscribed list is causing the issue. Maybe drill down a little farther by domain or script.
With DNS resolvers, it just seems more of a hassle to access your router settings to switch DNS resolvers to see if that’s what’s causing the breakage.
@djkilla
to minimize the wrong blocking and keep it hands off I recommend just using a malware blocking DNS such as Quad9 or DNS0 across your network and then doing ad/tracker blocking in browser via eg. uBlock Origin
Lawrence Systems (youtube channel) has done a couple videos comparing between the various DNS resolvers. But those tests were focused on malicious domains and malware, not ads & trackers. NextDNS with an account, and Quad9 scored at the top of the list.
With respect ad & tracker blocking. I’d suggest reframing your question, instead of thinking in terms of “which is best” think in terms of a spectrum from less aggressive to more aggressive.
As a generalization further you get towards the more aggressive end of the spectrum, the more you will encounter false positives, and breakages. The further you get towards the less aggressive end of the spectrum, the more is left unblocked for the sake of reliability and usability, and more might slip through the cracks. Its a balance, and there isn’t really any objectively correct point on the spectrum that is best. Many people like to use more aggressive blocklists in the browser and less aggressive blocklists at the DNS level (since DNS is often used for network wide or device wide blocking and the process of unblocking a false positive is a bit slower).
Personally I really like the services like NextDNS, Adguard Private DNS, or ControlD which offer analytics and a lot of flexibility. Lately I’ve been liking the blocklists from Hagezi.
1 Like
Theres really no “the best” because everyone got different needs on what to block and what to not block. From my experience adguard got the best balance between blocking and false positive but since their blocking is lenient, some ads and tracker might still slips through.
You can use hosted adblocking dns server like nextdns or controld. Both have logs so can view what being blocked so you can just whitelist. Or you can selfhost yourself using adguardhome or technitium but thats maybe too technical, not for everyone.
Theres also semi selfhost like GitHub - sieusus/lilac-gateway-pihole: Use Cloudflare Gateway DNS/VPN to block ads, malware and tracking domains that uses github action and cloudflare zerotier to emulate nextdns/controld. Another one is GitHub - serverless-dns/serverless-dns: The RethinkDNS resolver that deploys to Cloudflare Workers, Deno Deploy, Fastly, and Fly.io
Personally I’ve been using the lilac. Works wonderfully well with my own black and whitelist, combined with the speed of cloudflare dns without the hassle of managing server myself via adguardhome or technitium.
1 Like
This is the way!
Funny you would mention this. I’m currently using Mullvad DNS with no block lists but did notice that Hagezi is used in most of their lists. I’ve seen Hagezi mentioned a few times around the internet for having great lists.
Mullvad using Hagezi in most of their lists:
1 Like
Cool, I didn’t realize Mullvad was using some Hagezi lists (looks like they use Hagezi’s Threat Intelligence Feeds Mini, as well as some of the vendor specific blocklists. This makes me like Mullvad a little more than I already did. It also looks like they are using OISD small which is a very well regarded list with respect to being fairly comprehensive while prioritizing avoiding false positives and breakages.
Hagezi and oisd is seems to be the best.
Also using a dns is good as if your browser supports Encrypted Client Hello you prevents passive observers from determining which websites are being visitied,
1 Like