dns security

Use secure DNS to filter malicious domains

At present, some free services on the market can provide users with functions such as blocking malware, and only need simple configuration to protect the device from infringement. Use the domain names involved in real malware attacks in recent years to test them, check the product’s blocking of malicious domain names, compare it with the commonly used Google DNS server (8.8.8.8), and give the recommended ones with better security , Free DNS service for reference, simple and convenient to protect daily Internet security.

OPENDNS

One of the world’s leading service providers, providing free DNS resolution, currently affiliated with Cisco. Supported devices: laptops, smart phones, tablets, DVRs, game consoles, TVs, etc. 

Function: Provide fast and reliable service. The free version can block adult websites, etc. The paid version has built-in detection for phishing and malicious network domains, can set Internet access to a specific whitelist, customize content filtering, and can retain Internet access for the past year.

Involved servers: 208.67.222.222 (experimental selection, free version), 208.67.220.220, 208.67.222.220, 208.67.220.222.

Website: https://www.opendns.com/home-internet-security/

Yandex.

It is a free recursive service. The servers are located in Russia and Western Europe. User requests are processed by the nearest data center. It has three modes. In the “Basic” mode, there is no traffic filtering; in the “Safe” mode, users can be protected from infected and fraudulent websites; the “Family” mode can protect users from dangerous websites and block sites that contain adult content. 

The “Famliy” mode has the most complete functions, including protecting users from infected websites (checking tens of millions of web pages every day for viruses, and finding suspicious activities marked as dangerous and adding them to the virus database), and blocking fraudulent websites (blocking method: users try to visit Return to the warning page when it is time), prevent bots (block IP queries of known C&C servers), block adult websites (detect pornographic content on the page), block adult advertisements (forbid the host from receiving the correct IP).

Involved server: 77.88.8.7 (experimental selection, “Famliy” version), 77.88.8.88, 77.88.8.8

Website: https://dns.yandex.com/advanced/

IBM Quad 9

Quad9 provides public DNS resolution services and can block access to websites infected by malware. It contains a combination pool of malicious URLs from more than 18 leading providers. As a non-profit, it will not capture personal information for profit and other behaviors. There are servers all over the world, providing low-latency resolution. 

Non-blocking technology is used to actively prevent users from accessing known malicious domains, including phishing, ransomware and other malicious activities using DNS. If the site is blocked, the user will receive an “NXDOMAIN” response, making it feel that the domain does not exist.

Involved server: 9.9.9.9

Website: https://www.quad9.net/

Neustar UltraDNS

Neustar UltraDNS is a cloud-based enterprise-level authoritative DNS service. Function: Built-in security functions such as DDoS protection, DNSSEC management nameserver segmentation; use advanced traffic management services to optimize DNS performance; management strategies can be developed through the Web portal. Neustar UltraDNS firewall function: realize DNS resolution; eliminate bad traffic before malicious software reaches the end user; prevent internal users from accessing harmful or unwanted content; Internet access control.

Involved server: 156.154.71.2 (experimental selection), 156.154.70.2

Website: https://www.home.neustar/dns-services

SafeDNS

SafeDNS is a company founded in 2010 and located in Virginia, USA. It provides cloud-based web filtering and network security solutions for different types of markets and customers. 

For example, the SafeDNS solution prevents botnets, ransomware, phishing and other cyber security threats. The DNS query can be redirected from the company/home network to the SafeDNS filtering server, and the filtering rules can be set. Function: protect the internal network, Wifi hotspots, avoid phishing and data theft (based on DNS filtering, more than 90% of malicious software needs to use DNS); based on category filtering, you can set the type of content to be allowed and blocked; you can customize the white List and blacklist.

Involved server: 195.46.39.39 (experimental selection), 195.46.39.40

Website: https://www.safedns.com/web-filtering-for-corporate-users/

SafeSurfer

Help build a safe Internet and protect families from harmful content. Function: You can manage the device, filter content by category; block pornography and other inappropriate content, such as advertisements, gambling, or websites compromised by malware; you can block popular social media platforms such as Facebook.

Involved server: 104.155.237.225 (experimental selection), 104.197.28.121

Website: https://www.safesurfer.co.nz/