As a follow-up to my first test, I’ve used a larger and more real-world blocklist to test Quad9, Canadian Shield, Cloudflare, and CleanBrowsing.
Testing Approach:
- Important Notes:
- The blocklist used in this test is relatively small compared to the huge blocklists these DNS services have, so please take these results with a grain of salt
- I don’t expect any DNS service to reach a 100% block rate due to the nature of the blocklist having a diverse mix of domains (ads, analytics/trackers, malware, ransomware, phishing, malvertising, mobile ads/tracking, fake news, the Luminati/Hola network, cryptominers, scam retailers, fake COVID-19 sites, and Windows telemetry)
- Only free DNS services are included in this test
- As per Cisco Umbrella’s request, I have removed them from this and future tests as: “Cisco does not claim that [OpenDNS] blocks threats but only filters content.” – shown in the benefit matrix on this page
- The blocklist used was one of my own I generate nightly for my router (visit the link for a source breakdown, the list is Chibi (strict) – compressed domains; the actual blocklist used for this test is downloadable at the end of this post)
- Compressed = “top level domain compression” which is similar to wildcard blocking. For example, if abcd.com and subdomain.abcd.com are in the blocklist, they are “compressed” so it is only “abcd.com”
- Total list of domains: 31,792
- All domains were tested to see if they returned an IP address using Google DNS (which has no filtering)
- Total resolved (“live”) domains: 28,259
- These “live” domains were then tested against Quad9 (9.9.9.9), Cloudflare (1.1.1.2), Canadian Shield – Protected Layer (149.112.121.20), and CleanBrowsing (185.228.168.9)
- The script accounts for Block Page IP Addresses for Canadian Shield and removes them
- These “live” domains were then tested against Quad9 (9.9.9.9), Cloudflare (1.1.1.2), Canadian Shield – Protected Layer (149.112.121.20), and CleanBrowsing (185.228.168.9)
- Script started: 2020-06-03 @ 16:56
- Script completed: 2020-06-03 @ 23:27
- A simple spreadsheet formula was then used to count the number of non-empty cells and tabulate totals
Results in order from highest to lowest block %:
- Canadian Shield (42.94%)
- Quad9 (39.32%)
- CleanBrowsing (12.85%)
- Cloudflare (11.58%)
(I have previously tested the speeds of Cloudflare, Quad9 and CIRA’s Canadian Shield and also the blocking rates against DShield.org Suspicious Domain List.)
Important note: do not visit any of the domains in the spreadsheet.