Questions concerning Guideline for NextDNS - Speed?

[pictosun]

Hi,

first of all thx for the guideline and efforts in that category.

I do have some questions concerning the guideline:

• AI-Driven Threat Detection: As it's still Beta, why enable (cannot find any explanation for this part)?
• Google Safe Browsing: nearly every browser does have it enabled (why not disable it within NextDNS?)
• Cryptojacking Protection: isn't it already integrated within blocklists?
• IDN Homograph Attacks Protection: I would be careful with german "Umlaute" websites
• Block Dynamic DNS Hostnames: What if you use own DDNS services?

I'm thinking about having as less as possible activated, so that NextDNS doesn't get slow... Or does it not matter concerning speed of NextDNS?

[ghost]

Google Safe Browsing: nearly every browser does have it enabled (why not disable it within NextDNS?)

[yokoffing]

I'm thinking about having as less as possible activated, so that NextDNS doesn't get slow... Or does it not matter concerning speed of NextDNS?

This is a common misunderstanding. The amount of settings your enable/disable does not affect your DNS latency.

AI-Driven Threat Detection: As it's still Beta, why enable (cannot find any explanation for this part)?

• "No blog post or anything official on how it works yet, just the Twitter release announcement."
• It's a tradeoff between a (potentially) great increase in security and minor site breakage. Why not enable?
  • Personally, I've never seen it flag a request in my logs, which is a good thing I suppose.

Google Safe Browsing: nearly every browser does have it enabled (why not disable it within NextDNS?)

• See the first footnote of Google Safe Browsing in the guide or marcoclg19's screenshot above.
• Are you familiar with layered security?
  • It is redundancy if NextDNS only covers your web browser, but Safe Browsing via NextDNS can cover all requests where you're using DoH (e.g., apps on your phone).

Cryptojacking Protection: isn't it already integrated within blocklists?

• Have you read on defense in depth?
• Did you see what happened with the Energized repo this week?

IDN Homograph Attacks Protection: I would be careful with german "Umlaute" websites

???

Block Dynamic DNS Hostnames: What if you use own DDNS services?

[rywz]

AI-Driven Threat Detection: As it's still Beta, why enable (cannot find any explanation for this part)?

It blocks, not only, forum sites (which you can guess what type of these forum sites are).

I use doxbin(dot)com often, so disabled this.

[yokoffing]

You could also add individual sites to your allowlist, but whatever works for you.

[yokoffing]

AI Threat Detection broke a site my partner was trying to visit. I'll reconsider suggesting it.

[ghost]

it blocked o0.pages.dev :(
https://help.nextdns.io/t/h7hs0dn/o0-pages-dev-blocked-by-ai-driven-threat-detection