Search results
-
Cloud9 DNS
Thanks. I work more on routing security and economics, and not so much in the nuts and bolts of the nameservers, so you're providing more detail here than I knew.- Bill Woodcock
- Post #105
- Forum: General Network Security
-
Cloud9 DNS
Every anycast node is a whole stack of VMware ESXi hosts, so all of this is for routing diversity more than server redundancy. You're not going to get any significant diversity between the two IPv4 addresses, but IPv6 often gives significantly better performance (and more direct paths) than...- Bill Woodcock
- Post #104
- Forum: General Network Security
-
Cloud9 DNS
...and the reason why this shows WoodyNet instead of Level3 and NTT is that we've got a direct interconnect with Cogent in Miami where we handed it off. So I'm guessing you're either somewhere reasonably close to Miami, or somewhere in the Caribbean or Latin America, getting transit from...- Bill Woodcock
- Post #95
- Forum: General Network Security
-
Cloud9 DNS
What you're seeing is that our recursive server which handled your queries is using Level3 (actually CenturyLink, post-acquisition) and NTT for transit. Since it's NTT Singapore, it's very likely that your query is being handled by our Singapore node, which means that your transit provider is...- Bill Woodcock
- Post #94
- Forum: General Network Security
-
Cloud9 DNS
As I said before, the web site is a cobbler's child, and that privacy policy was written by lawyers, who are used to butt-covering, rather than engineers, who tend more toward the minimal correct solution, so it's sorely in need of a paring-down edit. The main thing I'd point out about it is...- Bill Woodcock
- Post #93
- Forum: General Network Security
-
Cloud9 DNS
It doesn't. It's a public-benefit not-for-profit foundation, which exists for the sole purpose of doing what it's doing, which is providing a recursive resolver that's GDPR compliant by dint of not collecting any personal information. Like most non-profits, it's supported by donations. The...- Bill Woodcock
- Post #92
- Forum: General Network Security
-
Cloud9 DNS
...and it also wants them to be more than fifteen seconds apart. Which makes sense, I guess. DNS-over-TLS (DoT) is the first of two IETF-standardized flavor of link encryption. DNScrypt is a non-standardized method that was implemented by OpenDNS quite a while ago, and still has a fair...- Bill Woodcock
- Post #91
- Forum: General Network Security
-
Cloud9 DNS
I have no idea, with respect to the specific router you're looking at. But it sounds like that configuration option is to have it run its own caching resolver, and use it, rather than sending every query out to an external recursive resolver. So, yes, I'd turn that feature on. If it starts...- Bill Woodcock
- Post #90
- Forum: General Network Security
-
Cloud9 DNS
Well, from a marketing point of view, sure, if they're trying to sell a service, it stands to reason that their salespeople would be tracking leads. Of longer-term interest would be what excess data the app collects about you. And Cloudflare have an app, so you can sandbox it and see what it's...- Bill Woodcock
- Post #68
- Forum: General Network Security
-
Cloud9 DNS
Yep, no worries. I don't claim to be omniscient, or even consistent. I do try to find and stay on the right side of issues. I'm also not trying to convince anyone to use, or not use, any particular recursive resolver. I am trying to convince people that if they care about their privacy...- Bill Woodcock
- Post #67
- Forum: General Network Security
-
Cloud9 DNS
If you can post a traceroute and your origin AS, or send them to support@quad9.net, we can try to get them to route to a nearer server. Likewise, if you want to use Google or Cloudflare or Umbrella, and you're not getting a path you like, that's the same information they'd need to get their...- Bill Woodcock
- Post #66
- Forum: General Network Security
-
Cloud9 DNS
No, actually, I want you to roll your own, because you can protect your privacy better that way, and that's the point. More users piling on to Quad9 doesn't help me in any way.- Bill Woodcock
- Post #65
- Forum: General Network Security
-
Cloud9 DNS
Ok, so, to be clear, I'm super jet-lagged, and I don't claim to make a lot of sense or be entirely consistent over time. That said, I think I'm trying to convey something more nuanced than you're reading. I think you're trying to figure out whether I believe that Cloudflare is adhering to...- Bill Woodcock
- Post #64
- Forum: General Network Security
-
Cloud9 DNS
I'd already cited and linked to that same page in my earlier reply. I think it's a detailed privacy policy, which provides good detail about what data they're collecting, but understandably skirts the issues of why the data is being collected and what APNIC does with it. Which is completely...- Bill Woodcock
- Post #63
- Forum: General Network Security
-
Cloud9 DNS
Can you post a traceroute, and say what origin AS you're in? Or send them to Quad9 support? It sounds like your ISP probably isn't peering with us in Melbourne. There are seven Quad9 locations in Australia, albeit three of them are in and around Sydney.- Bill Woodcock
- Post #62
- Forum: General Network Security
-
Cloud9 DNS
Nobody asked about the merits of Quad9. I'm happy to talk about both its merits and its deficiencies. I was just answering the question that was posed. Also, I don't really care one way or other about Cloudflare as a service, what I care about is privacy practices. There will always be more...- Bill Woodcock
- Post #38
- Forum: General Network Security
-
Cloud9 DNS
To be clear, I don't have any magic insight into what happens inside Cloudflare. They're a private company, and pretty opaque. I was speaking about their business model generally. So, first off, their business model, in their founder's words: There were quite a lot of data-collection...- Bill Woodcock
- Post #37
- Forum: General Network Security
-
Cloud9 DNS
https://en.wiktionary.org/wiki/kiboze Other things to do, yes, but Quad9 is a high priority for us, and heck, I'm just sitting around an airport lounge waiting for my next plane, so I might as well be useful, right? Sure. Relative to those two, the answer is the same: privacy and security...- Bill Woodcock
- Post #17
- Forum: General Network Security
-
Cloud9 DNS
Quoting from: https://medium.com/@useradd_deploy/dns-to-the-nines-a185e18459b9 "DNS leak test: The easiest way to check is to run an online DNS leak test. When you do so, you should see that the responding ISP is WoodyNet." I'm Bill Woodcock. I'm the chairman of Quad9's board of directors...- Bill Woodcock
- Post #14
- Forum: General Network Security
-
DNS Trivia
Ouch. Yeah, they're sending you to Palo Alto ("pao") instead of Dallas. Sorry. I'll have our interconnection folks try to get them to fix it, but they'll always be more responsive to a customer than to another network operator... So if you want to open a ticket with them, point them at...- Bill Woodcock
- Post #12
- Forum: Asuswrt-Merlin
