00:00 - Which DNS Service is Best for Filtering Malicious Sites
00:30 - Services Tested Quad9, Cloudflare Families, NextDNS, AdGuard DNS
01:41 - The Malicious Domains List
05:09 - The DNS Results
07:07 - A Closer Look At The Malicious Sites
# Bulk DNS Lookup
# Generates a CSV of DNS lookups from a list of domains.
# File name/path of domain list:
domain_list='domains.txt' # One FQDN per line in file.
# IP address of the nameserver used for lookups:
ns1_ip='184.108.40.206' # Cloudflare
ns2_ip='220.127.116.11' # Quad9
ns3_ip='18.104.22.168' # Cloudflare Malware
ns4_ip='22.214.171.124' # NextDNS Free
ns5_ip='126.96.36.199' # Adguard Free
# Seconds to wait between lookups:
loop_wait='1' # Is set to 1 second.
echo "Domain name, $ns1_ip,$ns2_ip,$ns3_ip,$ns4_ip,$ns5_ip "; # Start CSV
for domain in `cat $domain_list` # Start looping through domains
ip1=`dig @$ns1_ip +short $domain |tail -n1`; # IP address lookup DNS Server1
ip2=`dig @$ns2_ip +short $domain |tail -n1`; # IP address lookup DNS server2
ip3=`dig @$ns3_ip +short $domain |tail -n1`; # IP address lookup DNS server3
ip4=`dig @$ns4_ip +short $domain |tail -n1`; # IP address lookup DNS server4
ip5=`dig @$ns5_ip +short $domain |tail -n1`; # IP address lookup DNS server5
echo -en "$domain,$ip1,$ip2,$ip3,$ip4,$ip5\n";
# sleep $loop_wait # Pause before the next lookup to avoid flooding NS
I’m wondering if NextDNS had actually been setup with any blocklist options? The test results suggest to me that it was running without any filtering setup, given that the number of FQDNs resolved was about the same as were resolved by the unfiltered 188.8.131.52
I’ll leave this here as this video inspired me a bit.
I wanted to test against the CIRA DNS as I am canadian and also wanted to get the results more easily than parse the outputs and filter them because of the way some DNS answer the blocked queries. So I built a little tool to do so and also included support for DoH and DoT as my network or ISP kept dropping some requests when in clear text.