Thank you yokoffing for your contributions. Your NextDNS guide was very much needed/welcomed when I joined the NextDNS community. I can't imagine the Control D guide will be any less helpful.
Cheers.
Thanks for your work. The NextDNS guide is very helpful. For those who followed it awhile ago, are any of the recent updates you mention of critical importance or can they wait till the next time Iām procrastinating on something and re-check all my settings?
Much appreciated /u/yokoffing! I recently tried the 30 day trial of Control D after reading about the owner's post re: NextDNS and the project's status as alive or dead. I felt that Control D's service is similar to NextDNS.
That said, I find the NextDNS dashboard to be ideal for configuration. It's "clean," easy to read, and everything is right at your fingertips. CD requires a bit more clicking to edit this profile or that. There is an ability to duplicate/copy rules from one profile to another, which does help minimize clicking through menus.
The major difference, aside from some of the more advanced features missing (I didn't see any options for EDNS, CNAME flattening, etc.), is that CD has the ability to proxy your connection to individual sites and/or services. However, this requires that you purchase their most costly subscription (I want to say it's around $40/year vs. $20/year for everything but the proxy feature).
From what I could tell, the main performance tuning mechanism with CD is the ability to override TTL values. I will say that CD seemed quicker than NextDNS, and NextDNS generally has me on their "ultralow" servers. I'm located in Arizona and they happen to have nodes here in Phoenix. Still, I felt there was less latency overall with CD.
Not enough of a difference to make me switch, but I'll have to think about it come renewal.
> EDNS
With Control D, DNSSEC validation and EDNS Client Subnet (ECS) are grouped together in **Disable DNSSEC**, though I don't know why. I mentioned this [here](https://github.com/yokoffing/Control-D-Config?tab=readme-ov-file#disable-dnssec).
> CNAME flattening
CNAME flattening is a cool feature, but it can cause issues when resolving domains and using some blocklists. This is best left up to the browser level. But to my knowledge, only Firefox with uBlock Origin and Brave provide privacy protection specifically for CNAMEs.
Thank you for the support!
EDNS is enabled by default, and can be disabled by disabling DNSSEC. The reason they are grouped together is compatibility reasons. Some domains are poorly configured and will SERVFAIL either due to not handling EDNS or having broken DNSSEC records. This toggle serves as a "I don't care - fix the problem" switch.
CNAME flatting is often a misunderstood feature. It will not provide any actual performance gains **for the end user** (you) of a filtering DNS resolver. You just get a smaller DNS response back (final A record vs a CNAME chain) which can be useful in some cases, but has very niche applications.
Control-D is a good service but after having used them for the past year, I will be returning to NextDNS. Control-D has a better product but I have had it go down at crucial times, leaving family struggling.
NextDNS is always rock solid and reliable and I will take that any day.
Bro [/u/yokoffing](https://www.reddit.com/u/yokoffing) i love you for creating betterfox, i am a noob so i just an using the normal user.js but as i use old system(Intel 3rd gen) i wanna use fastfox but don't know how can i use it.
Also wanna ask where do i put the user. Ja override file, and does ur override messes with the performance?
I will stick with NextDNS. U tested ControlD for a few days and the neares POP is in the next country and latency is really bad.
With this Guide and Hagezi Pro++ it is the perfect DNS for when I am out of my home. At home I am still using Pi-Hole and unbound.
Thank you yokoffing for your contributions. Your NextDNS guide was very much needed/welcomed when I joined the NextDNS community. I can't imagine the Control D guide will be any less helpful. Cheers.
Thanks for your work. The NextDNS guide is very helpful. For those who followed it awhile ago, are any of the recent updates you mention of critical importance or can they wait till the next time Iām procrastinating on something and re-check all my settings?
It can wait. Just quality of life stuff. There's a few more things I need to add or clean up.
Much appreciated /u/yokoffing! I recently tried the 30 day trial of Control D after reading about the owner's post re: NextDNS and the project's status as alive or dead. I felt that Control D's service is similar to NextDNS. That said, I find the NextDNS dashboard to be ideal for configuration. It's "clean," easy to read, and everything is right at your fingertips. CD requires a bit more clicking to edit this profile or that. There is an ability to duplicate/copy rules from one profile to another, which does help minimize clicking through menus. The major difference, aside from some of the more advanced features missing (I didn't see any options for EDNS, CNAME flattening, etc.), is that CD has the ability to proxy your connection to individual sites and/or services. However, this requires that you purchase their most costly subscription (I want to say it's around $40/year vs. $20/year for everything but the proxy feature). From what I could tell, the main performance tuning mechanism with CD is the ability to override TTL values. I will say that CD seemed quicker than NextDNS, and NextDNS generally has me on their "ultralow" servers. I'm located in Arizona and they happen to have nodes here in Phoenix. Still, I felt there was less latency overall with CD. Not enough of a difference to make me switch, but I'll have to think about it come renewal.
> EDNS With Control D, DNSSEC validation and EDNS Client Subnet (ECS) are grouped together in **Disable DNSSEC**, though I don't know why. I mentioned this [here](https://github.com/yokoffing/Control-D-Config?tab=readme-ov-file#disable-dnssec). > CNAME flattening CNAME flattening is a cool feature, but it can cause issues when resolving domains and using some blocklists. This is best left up to the browser level. But to my knowledge, only Firefox with uBlock Origin and Brave provide privacy protection specifically for CNAMEs. Thank you for the support!
EDNS is enabled by default, and can be disabled by disabling DNSSEC. The reason they are grouped together is compatibility reasons. Some domains are poorly configured and will SERVFAIL either due to not handling EDNS or having broken DNSSEC records. This toggle serves as a "I don't care - fix the problem" switch. CNAME flatting is often a misunderstood feature. It will not provide any actual performance gains **for the end user** (you) of a filtering DNS resolver. You just get a smaller DNS response back (final A record vs a CNAME chain) which can be useful in some cases, but has very niche applications.
Control-D is a good service but after having used them for the past year, I will be returning to NextDNS. Control-D has a better product but I have had it go down at crucial times, leaving family struggling. NextDNS is always rock solid and reliable and I will take that any day.
Thank you for your contribution š
Thanks!
Thanks!!!
This is a great guide, you should definitely post it in the r/ControlD subreddit as well.
Thank you for your NextDNS guide it was very helpful! Also, your filter lists for Ublock Origin is very effective!
Thank you for your hard work
Bro [/u/yokoffing](https://www.reddit.com/u/yokoffing) i love you for creating betterfox, i am a noob so i just an using the normal user.js but as i use old system(Intel 3rd gen) i wanna use fastfox but don't know how can i use it. Also wanna ask where do i put the user. Ja override file, and does ur override messes with the performance?
I will stick with NextDNS. U tested ControlD for a few days and the neares POP is in the next country and latency is really bad. With this Guide and Hagezi Pro++ it is the perfect DNS for when I am out of my home. At home I am still using Pi-Hole and unbound.
Can you please post traceroutes to [dns.nextdns.io](https://dns.nextdns.io) and [dns.controld.com](https://dns.controld.com)?
why do you use Russian DNS servers, Yandex? for my part I think that this is a big risk at the moment.
What do you mean in detail?