https://www.quad9.net/
CloudFlare also has DNS options to block malware and adult content https://blog.cloudflare.com/introducing-1-1-1-1-for-families/
Before the boos and downvotes come in, we have extremely good pricing on Cisco Umbrella (Open DNS) so we use that.
But if we didn't have extremely good pricing on umbrella, I'd probably use DNS Filter.
No boos here. Umbrella is fantastic and malleable to any environment.
That being said, there is a bit of a learning curve if you are going to use it in a mixed environment with many departments that will have access to different parts of the internet. it can be a bit confusing but after the setup and deployment is over it's easy to maintain.
Been using umbrella forever but continue to run into mobile vpn issues. Remove and reinstall umbrella agent and seems to resolve the dns issues. Any issues on your end? We actually have a call setup with Dnsfilter this week because we are tied of the issues and also looking for better reporting.
OpenDNS as it has better protections built in then Google's DNS.
I also sync it up with [opendns.org](https://opendns.org) paid account for things like DNS filtering etc... if client doesn't have that built into their firewall.
I used to use 4.2.2.2 as it was the only one easy to remember at the time before Google's 8.8.8.8 was known.
Now I check the performance of the ISPs DNS against others to see if they perform the best.
https://www.grc.com/dns/benchmark.htm
What’s the problem with the providers DNS servers the client connects to?
If you are a big MSP and do IP Transit/Internet services for clients you wouldn’t have that information, but if a client connects to internet through an ISP you get (at least in the Netherlands) the addresses of their DNS servers. Is that not the case elsewhere, or what am I not seeing?
I’ve seen a lot of people use 8.8.8.8 (even my colleagues) and our clients ran into problems where everything was Natted on 1 public IP, Google only allows 1500QPS from a single public IP.
We use a premium Nextdns account for all our clients, block basic ads, as well as insecure and newly registered domains. Works great and never had an issue
If you're not also managing all their browser's DNS settings then don't worry about it yet since the default DNS over HTTPS (DoH) settings would bypass your other DNS settings.
Another thing to be aware of is that some public resolvers won't send EDNS Client Subnet Headers causing possible geolocation issues with some CDNs that rely on ECS too much. Also, when comparing performance between providers then ECS support has to be considered since it reduces caching's effectiveness.
https://www.quad9.net/ CloudFlare also has DNS options to block malware and adult content https://blog.cloudflare.com/introducing-1-1-1-1-for-families/
For you lazy bums, it’s 1.1.1.3 and 1.0.0.3 for the family versions.
We use 1.1.1.2 to block malware but not porn. People complain when we block porn unless the owner asks. (Usually it is the owner complaining.)
Quad9 is slow AF
DNSFilter
[1.1.1.1](https://1.1.1.1) and always pornhub as homepage for all browsers.
We prefer beeg.com over here
Set pornhub as homepage on all browsers
Dude. That’s default on my RMM deployment
good to see humor isn't extinct.
Change error message ding to the drum intro.
DNS Filter for endpoints. Google/Quad 9 for edge devices.
Quad9
Before the boos and downvotes come in, we have extremely good pricing on Cisco Umbrella (Open DNS) so we use that. But if we didn't have extremely good pricing on umbrella, I'd probably use DNS Filter.
No boos here. Umbrella is fantastic and malleable to any environment. That being said, there is a bit of a learning curve if you are going to use it in a mixed environment with many departments that will have access to different parts of the internet. it can be a bit confusing but after the setup and deployment is over it's easy to maintain.
Been using umbrella forever but continue to run into mobile vpn issues. Remove and reinstall umbrella agent and seems to resolve the dns issues. Any issues on your end? We actually have a call setup with Dnsfilter this week because we are tied of the issues and also looking for better reporting.
Here's a good comparison of them, with quad9 leading the pack by far: https://www.youtube.com/watch?v=imlFubYv8YY
Gotta watch out for that “male wear”
I've been using NextDNS for 2 years and I would highly recommend it for any setup
[cleanbrowsing.org](https://cleanbrowsing.org)
They are advertising it can block Reddit. How dare they?
OpenDNS as it has better protections built in then Google's DNS. I also sync it up with [opendns.org](https://opendns.org) paid account for things like DNS filtering etc... if client doesn't have that built into their firewall.
I used to use 4.2.2.2 as it was the only one easy to remember at the time before Google's 8.8.8.8 was known. Now I check the performance of the ISPs DNS against others to see if they perform the best. https://www.grc.com/dns/benchmark.htm
What’s the problem with the providers DNS servers the client connects to? If you are a big MSP and do IP Transit/Internet services for clients you wouldn’t have that information, but if a client connects to internet through an ISP you get (at least in the Netherlands) the addresses of their DNS servers. Is that not the case elsewhere, or what am I not seeing? I’ve seen a lot of people use 8.8.8.8 (even my colleagues) and our clients ran into problems where everything was Natted on 1 public IP, Google only allows 1500QPS from a single public IP.
DNSFilter if there is a good budget, NextDNS if there is a small budget, Quad9 if there is no budget.
Use our own recursive bind servers
We use a premium Nextdns account for all our clients, block basic ads, as well as insecure and newly registered domains. Works great and never had an issue
Do you mean Pro or Business account?
Umbrella/OpenDNS with Quad9 for failover.
Back in the day I used to setup my upstream clients with OpenDNS.
Both
I've been using 1.1.1.1 and 8.8.8.8.
what is your goals? Rock solid dns or something else
CloudFlare Zero Trust/Gateway
If you're not also managing all their browser's DNS settings then don't worry about it yet since the default DNS over HTTPS (DoH) settings would bypass your other DNS settings. Another thing to be aware of is that some public resolvers won't send EDNS Client Subnet Headers causing possible geolocation issues with some CDNs that rely on ECS too much. Also, when comparing performance between providers then ECS support has to be considered since it reduces caching's effectiveness.