Menu
What's new
By:
Filters Better Search

Search results

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

  1. Bill Woodcock

    Cisco RV340 & RV345 – are the licensed “advanced security features” worth it?

    If there are ways we can improve Quad9, we're all ears... You've looked at independent lab-tests of Quad9's malware blocking? https://www.andryou.com/2020/05/31/comparing-malware-blocking-dns-resolvers-redux/...
  2. Bill Woodcock

    QUAD9 moves to Switzerland

    We've been following the issue closely... In general, we're stretched very thin, so we have to be very careful about taking on a larger scope of issues than we can see our way to successfully solving. We view our mandate as a balance of security, privacy, and performance. And we work as much...
  3. Bill Woodcock

    QUAD9 moves to Switzerland

    I'm not clear on what you're looking for, exactly. Do you want us to work with the developer of the test to try to help them to improve their test until it's accurate? That doesn't scale, and doesn't provide users with any benefit, so that's really not where our effort is directed. "Scoring...
  4. Bill Woodcock

    QUAD9 moves to Switzerland

    Can you give a specific example of Quad9 being slow to react (or "bad at reacting") to new things? The SAD thing isn't in fact an example of that, since it's not something we were vulnerable to. We were the first recursive resolver to implement DNSSEC. We were the first recursive resolver to...
  5. Bill Woodcock

    More sources not better for malware blocking

    Interesting that the TechRadar roundup says they're "not convinced that more sources is better" for malware blocking, when there are a ton of independent lab tests that give actual quantitative results... There's no need for them to guess, particularly when they guess wrong...
  6. Bill Woodcock

    Remote Router Reader?

    As always, we (Quad9) encourage you to rely on trust as little as possible, and self-host everything that makes sense for you. And, as always, I'm happy to answer any questions you may have. We have some big announcement regarding privacy coming up on the 28th, Data Privacy Day.
  7. Bill Woodcock

    How to setup Quad9 on my router

    Yep, that's normal. If you send a cache-busting query to Quad9, Quad9 has to resolve it by sending a new query to the authoritative server for the zone you're querying. That query has to originate on a unicast peering or transit interface of a Quad9 router (as opposed to the public-facing...
  8. Bill Woodcock

    Changing DNS Server to Quad9

    Please do, and if you still see a problem, please report it to support@quad9.net. DoT chews up a lot of CPU, and if you were hitting a server instance that was getting overloaded with other people all using DoT, it may have needed an upgrade. Which may have happened by now. Anyway, if it's...
  9. Bill Woodcock

    Root Canary Test Results - All ServFail [Red Crosses]

    It's worth testing both ways and seeing how it works for you. Everybody's combination of local topology and traffic patterns are different enough that small changes in DNS configuration can yield surprising differences in performance. The down-side of sending ECS is that it gives both CDN...
  10. Bill Woodcock

    Cloud9 DNS

    Sorry, didn't mean to disappear on you guys. I just got kinda swamped with other things. There'll be some new Quad9 announcements later this summer. And the whole .ORG takeover-attempt sucked nearly all of my time for the better part of six months. Although a lot of that was about bad business...
  11. Bill Woodcock

    Cloud9 DNS

    Yep. We've been in contract negotiation with them since... (checking old email here) ...March of 2018. They didn't get in contact with us until they decided they wanted to do this default-DoH thing outside of the US, so they needed a solution that would be legal in places with privacy laws. So...
  12. Bill Woodcock

    Cloud9 DNS

    Sounds like a bunch of you are seeing the same issue there. I'll check with the ops guys and see what they say about it.
  13. Bill Woodcock

    Cloud9 DNS

    Your ISP is doing the right thing. That looks like a performance problem on our side, adding 10ms of delay going through our peering router. (Note that the router itself is being particularly slow to respond to the traceroute, which is low-priority for it... if it were lightly-loaded, it...
  14. Bill Woodcock

    Cloud9 DNS

    Can you post a traceroute and your origin AS, or send it to support@quad9.net, so they can figure out what your ISP is doing with your queries, and try to optimize the path? Have you tried using 9.9.9.10, or used the form on the front page of the https://quad9.net web site to check whether the...
  15. Bill Woodcock

    Cloud9 DNS

    It's almost an IPv6 address. Two colons together indicates an elided consecutive run of 0s. So the address is 2620:fe::fe. Double-colon the second time. Or it would be equally correct (but more tedious) to write it out as 2620:00fe:0000:0000:0000:0000:0000:00fe.
  16. Bill Woodcock

    Cloud9 DNS

    Correct, if your ISP isn't routing IPv6, they're broken, and you can't route IPv6 packets through them, so you wouldn't want to configure the IPv6 destination. If your ISP isn't routing IPv6 still, now, in 2019, they're very, very broken.
  17. Bill Woodcock

    Cloud9 DNS

    Yes, he's trying very hard to give that impression, but if you read his post more carefully, that's not actually what he said. He has a problem with the City of London Police. (I'm not speculating about that, he wrote many many many posts about it on Reddit a few months ago.) The City of...
  18. Bill Woodcock

    Cloud9 DNS

    2620:fe::fe is the primary IPv6 address, and 9.9.9.9 is the primary IPv4 address. Yes, our recommendation is that you use those two, in that order. If you want redundancy in the form of a recursive nameserver operated by a different organization, TWNIC operates one on 2001:de4::101 and...
  19. Bill Woodcock

    Cloud9 DNS

    Yeah, that basically sums it up. Essentially, every location is its own stand-alone entity, and traffic is load-balanced across all of them using eBGP anycast. I first anycast nameservers when I was running an ISP in 1989, and have been building anycast DNS networks like Quad9 ever since. For...
  20. Bill Woodcock

    Cloud9 DNS

    First, I'll point out that you're describing several degrees of remove. I'm probably equally closely associated with Elvis Presley and Jimmy Hoffa, for instance. But ultimately, one doesn't choose who likes one or finds utility in one's work. It is a fact that most of the earliest and most...
Top