Cloud9 DNS

[Gar]

IDK - since I disabled IPV6 on my router (IPV6 tab). All DOCSIS 3.0 and later modems support IPV6. Honestly, I do not really understand the IPV6 setup on the modem or our Asus routers. This reference sort of helps...I still kept it off. https://major.io/2014/09/11/howto-time-warner-cable-ipv6/ Thanks.

I read the article but I am still going to use it for a while and see. The tests we frequently reference on this site give me excellent results with Quad9 IPv6. EDIT: Except for CF, their test hates any config I use if it isn't theirs.

 

[Bill Woodcock]

I had the impression that Citizen93d has problems with the fact that certain parties might be founders/sponsors (with possibly special rights?).

Yes, he's trying very hard to give that impression, but if you read his post more carefully, that's not actually what he said. He has a problem with the City of London Police. (I'm not speculating about that, he wrote many many many posts about it on Reddit a few months ago.) The City of London Police are apparently among the donors of an organization called the Global Cyber Alliance. The Global Cyber Alliance is one of thousands of donors to Quad9, albeit less than half of one percent of our budget.

So, they're neither founders nor sponsors. And we're a public-benefit non-profit. Nobody has any special rights, because we only do one thing, and it's available to everyone already.

 

[Bill Woodcock]

Doesn't seem like it. I wouldn't expect it to work at all. What would the benefit be?

Correct, if your ISP isn't routing IPv6, they're broken, and you can't route IPv6 packets through them, so you wouldn't want to configure the IPv6 destination. If your ISP isn't routing IPv6 still, now, in 2019, they're very, very broken.

 

[Bill Woodcock]

This is a IPv6 address.

It's almost an IPv6 address. Two colons together indicates an elided consecutive run of 0s. So the address is 2620:fe::fe. Double-colon the second time. Or it would be equally correct (but more tedious) to write it out as 2620:00fe:0000:0000:0000:0000:0000:00fe.

 

[gattaca]

I read the article but I am still going to use it for a while and see. The tests we frequently reference on this site give me excellent results with Quad9 IPv6. EDIT: Except for CF, their test hates any config I use if it isn't theirs.

Could we start a thread in the ASUS Merlin area on how to properly setup DNS-over-TLS with an IPV6 ISP similar to how we recently hashed out the 4-5 panels that need to be changed with IPV4? I do not want to gum up this thread with those details. I think Spectrum/TWC supports IPV6 in my area but I've just never had the incentive to try it or understand the gotchas in the above article until maybe now. Thanks!

Thread started -> https://www.snbforums.com/threads/setting-up-ipv6-with-dns-over-tls.57054/

 

[RMerlin]

Could we start a thread in the ASUS Merlin area on how to properly setup DNS-over-TLS with an IPV6 ISP similar to how we recently hashed out the 4-5 panels that need to be changed with IPV4?

It's identical to how you do it for IPv4. Just choose IPv6 servers at the bottom of the presets list.

 

[gattaca]

It's identical to how you do it for IPv4. Just choose IPv6 servers at the bottom of the presets list.

Not quite what I meant... I see those listed the the DNS-over-TLS pulldowns. My thinking is that we must have IPV6 enabled on the IPV6 tab and that's where I have "Disabled" today. That one IPV6 panel is a series of fill in the blanks boxes I've never examined or considered filling in. I just automatically "Disable IPV6" outta the gate.

Gut says, that if I have IPV6 disabled on the main IPV6 tab that selecting an IPV6 entry on the DNS-over-TLS is going to get me nowhere (assuming my ISP supports IPV6) Is this not correct?

 

[Gar]

Not quite what I meant... I see those listed there but my thinking is that we must have IPV6 enabled on the IPV6 tab and that's where I have "Disabled" today. That one panel is a whole series of fill in the blanks boxes I've never, ever even looked at... I would think that if I have IPV6 disabled on the main tab that selecting IPV6 on the DNS-over-TLS is going to get me nowhere. Is this incorrect?

I chose the IPv6 tab and left it set to Native. I only plugged in the Q9 numbers in DNS 1 instead of automatically connect to DNS, and hit Apply. By using the default Native choice those other boxes are invisible. Other settings at default. Under WAN, left DNS server 1 blank and put Q9 in DNS 2. Under DoT selelected Q9 IPv6 1, then IPv4 Q9 1. Hit Apply. I did reboot but not sure it was necessary, also reset my modem in case my ISP needed to detect any change. Ran tests and it works.

Edit: I should have put this in your new thread...

 

[RMerlin]

Not quite what I meant... I see those listed the the DNS-over-TLS pulldowns. My thinking is that we must have IPV6 enabled on the IPV6 tab and that's where I have "Disabled" today. That one IPV6 panel is a series of fill in the blanks boxes I've never examined or considered filling in. I just automatically "Disable IPV6" outta the gate.

Gut says, that if I have IPV6 disabled on the main IPV6 tab that selecting an IPV6 entry on the DNS-over-TLS is going to get me nowhere (assuming my ISP supports IPV6) Is this not correct?

The IPv6 configuration is ISP-specific.

Sent from my P027 using Tapatalk

 

[XIII]

Just switched back from Cloudflare to Quad9, but performance seems to be noticeably worse; I had to wait several seconds for six tabs to open in Firefox (I also disabled DNS over HTTPS in Firefox).

I previously switched to Cloudflare because of performance issues.

How's Quad9 performing for others?

EDIT: Ouch, the old behavior is still present: several sites don't seem to resolve at all; I have to refresh the failed request in Firefox to correctly open them...

 

[QuikSilver]

Just switched back from Cloudflare to Quad9, but performance seems to be noticeably worse; I had to wait several seconds for six tabs to open in Firefox (I also disabled DNS over HTTPS in Firefox).

I previously switched to Cloudflare because of performance issues.

How's Quad9 performing for others?

Haven’t really put it through its paces but so far it seems pretty good for me. I mostly used google dns which seemed to be the best for where I am located.


Sent from my iPhone using Tapatalk

 

[dave14305]

Just switched back from Cloudflare to Quad9, but performance seems to be noticeably worse; I had to wait several seconds for six tabs to open in Firefox (I also disabled DNS over HTTPS in Firefox).

I previously switched to Cloudflare because of performance issues.

How's Quad9 performing for others?

EDIT: Ouch, the old behavior is still present: several sites don't seem to resolve at all; I have to refresh the failed request in Firefox to correctly open them...

I found it slow and had timeouts in my browser trying to go to certain sites that would not be blocked as malware (i.e. this site). Quad9 has a faster idle timeout than cloudflare, so the Merlin default idle_timeout of 9000 ms is too long for Quad9 and results in conn_shuts, which isn't as graceful as Stubby closing the connection on the router end. I gave up and went back to old DNS with OpenDNS for family filtering.

 

[L&LD]

Just switched back from Cloudflare to Quad9, but performance seems to be noticeably worse; I had to wait several seconds for six tabs to open in Firefox (I also disabled DNS over HTTPS in Firefox).

I previously switched to Cloudflare because of performance issues.

How's Quad9 performing for others?

EDIT: Ouch, the old behavior is still present: several sites don't seem to resolve at all; I have to refresh the failed request in Firefox to correctly open them...

I do not notice any difference between the two. I am sticking to Quad9 for now.

I am using the Edge browser based off of Chromium, btw.

 

[Billy Chaney]

Just switched back from Cloudflare to Quad9, but performance seems to be noticeably worse; I had to wait several seconds for six tabs to open in Firefox (I also disabled DNS over HTTPS in Firefox).

I previously switched to Cloudflare because of performance issues.

How's Quad9 performing for others?

EDIT: Ouch, the old behavior is still present: several sites don't seem to resolve at all; I have to refresh the failed request in Firefox to correctly open them...

I have to hit the reset button too. I have to do this quite often.

 

[Gar]

Just switched back from Cloudflare to Quad9, but performance seems to be noticeably worse; I had to wait several seconds for six tabs to open in Firefox (I also disabled DNS over HTTPS in Firefox).

I previously switched to Cloudflare because of performance issues.

How's Quad9 performing for others?

EDIT: Ouch, the old behavior is still present: several sites don't seem to resolve at all; I have to refresh the failed request in Firefox to correctly open them...

Not as fast as CF but not a problem either and we like the filtering. Using IPv6 has improved speed some too.

I have thought about going back to a non-DoT solution for a while, now that I have been on DoT...just to compare.

Edit: using Firefox exclusively.

 

[L&LD]

I have thought about going back to a non-DoT solution for a while, now that I have been on DoT...just to compare.

I. Just. Can't. Do. It.

 

[Treadler]

Can you post a traceroute, and say what origin AS you're in? Or send them to Quad9 support? It sounds like your ISP probably isn't peering with us in Melbourne.

View attachment 18104
There are seven Quad9 locations in Australia, albeit three of them are in and around Sydney.

Melbourne? Great news, I’m sure last time I tested Quad9, I was shunted off to Sydney - very slow.
I’m certainly being directed to Melbourne now, much improved. Cloudflare also in Melbourne.
Quad9 still slower, but acceptable. Melbourne Cloudflare crazy fast.


Traceroute to 9.9.9.9 (9.9.9.9), 64 hops max.

1 router.asus.com (192.168.50.1) time=8 ms

2 lo1.bng01-a1-adl.home.superloop.com (xxxxxxx) time=7 ms

3 tengige0-0-0-6.100.bdr01-ipt-274hindl-adl.au.superloop.com (203.153.17.25) time=9 ms

4 fortygige0-0-1-2.110.bdr01-ipt-826lorim-mel.au.superloop.com (103.200.13.116) time=15 ms

5 as42.melbourne.megaport.com (103.26.71.48) time=53 ms

6 dns.quad9.net (9.9.9.9) time=25 ms



*** Traceroute at destination ***

Traceroute to 1.1.1.1 (1.1.1.1), 64 hops max.

1 router.asus.com (192.168.50.1) time=8 ms

2 lo1.bng01-a1-adl.home.superloop.com (xxxxxxx) time=7 ms

3 tengige0-0-0-6.100.bdr01-ipt-274hindl-adl.au.superloop.com (203.153.17.25) time=6 ms

4 fortygige0-0-1-2.110.bdr01-ipt-826lorim-mel.au.superloop.com (103.200.13.116) time=15 ms

5 as13335.melbourne.megaport.com (103.26.71.38) time=15 ms

6 one.one.one.one (1.1.1.1) time=15 ms

*** Traceroute at destination ***



Anything you could do to help my ISP give the same love to Quad9 as they do to Cloudflare would be amazing.....

 

[Treadler]

Correct, if your ISP isn't routing IPv6, they're broken, and you can't route IPv6 packets through them, so you wouldn't want to configure the IPv6 destination. If your ISP isn't routing IPv6 still, now, in 2019, they're very, very broken.

IPv6 a rare beast where I live, go figure.....
It’s only been a thing for how many years now?

 

[Bill Woodcock]

Just switched back from Cloudflare to Quad9, but performance seems to be noticeably worse.

Can you post a traceroute and your origin AS, or send it to support@quad9.net, so they can figure out what your ISP is doing with your queries, and try to optimize the path?

Several sites don't seem to resolve at all.

Have you tried using 9.9.9.10, or used the form on the front page of the https://quad9.net web site to check whether the sites are being blocked by threat intel providers? If that's not what's happening, support@quad9.net would, of course, like to know about that as well. It only gets better when people report the problems that they see.

 

[Bill Woodcock]

Melbourne? Great news, I’m sure last time I tested Quad9, I was shunted off to Sydney.
I’m certainly being directed to Melbourne now.

Traceroute to 9.9.9.9 (9.9.9.9), 64 hops max.
4 fortygige0-0-1-2.110.bdr01-ipt-826lorim-mel.au.superloop.com (103.200.13.116) time=15 ms
5 as42.melbourne.megaport.com (103.26.71.48) time=53 ms
6 dns.quad9.net (9.9.9.9) time=25 ms

Traceroute to 1.1.1.1 (1.1.1.1), 64 hops max.
4 fortygige0-0-1-2.110.bdr01-ipt-826lorim-mel.au.superloop.com (103.200.13.116) time=15 ms
5 as13335.melbourne.megaport.com (103.26.71.38) time=15 ms
6 one.one.one.one (1.1.1.1) time=15 ms

Anything you could do to help my ISP give the same love to Quad9 as they do to Cloudflare would be amazing.....

Your ISP is doing the right thing. That looks like a performance problem on our side, adding 10ms of delay going through our peering router. (Note that the router itself is being particularly slow to respond to the traceroute, which is low-priority for it... if it were lightly-loaded, it would be responding quickly.) It's possible that this is something transitory, like a DDoS, or it's possible that the location is just very heavily loaded. I'll check into it. But your ISP is fine, they're handing off both Quad9 and Cloudflare on the same optimum path. This is our issue to resolve. I'll hand it off to ops now.