NextDNS and DNSFilter are both next-gen DNS security solutions. DNSFilter has spent nearly 6 years building a solution that is both easy to implement and a comprehensive threat protection tool. Still an early-stage startup, NextDNS has focused on usability over other features, while DNSFilter has a blended focus on both customer usability and bulletproof threat protection.
NextDNS’ security options appear to be comprehensive at first glance, but a large portion of their lists (including ad blockers) are either publicly sourced or updated infrequently. Because NextDNS makes their lists public, we can see that a large portion of their security lists go several months without updating. When you solely rely on public lists to source and block threat domains, there’s a large margin of error. First, the people providing these lists might not be cybersecurity experts, thus their data could be inaccurate. But also, deceptive domains don’t remain deceptive forever. When you go long periods without updating deceptive domain lists, you inevitably run into false positives—meaning trying to access a domain that is no longer deceptive will result in that domain being blocked.
At DNSFilter, we source both public and private feeds for all of our categories (including our advertising category), but we do not wholly ingest those feeds the way NextDNS appears to. We check these lists ourselves to look for false positives or miscategorized domains. If a list doesn’t meet our standards, we don’t ingest it. And sometimes we will only ingest a partial list of domains.
While NextDNS relies on these public feeds for their ad blocking capabilities, at DNSFilter we take the use of public feeds a step further. We employ one of the maintainers of those public feeds, giving us an internal expert on ads and trackers who is actively working on our ad block categories.
With DNSFilter, you’re able to dive into what domain categories are accessed most often on your network. Whereas with NextDNS, you only have the ability to see “Blocked Reasons,” which may only provide the name of a list such as “blocklist:steven-black.” This doesn’t give you true insight into why a particular site was blocked.
Another problem with these limited categories is you’re not able to see possibly malicious sites that were allowed by your filtering in NextDNS. As a DNSFilter user, you are able to toggle to “Allowed” threats. So even if you’ve decided to not include certain threat categories in your filtering policies, you still have the ability to monitor those threats.