Cloud9 DNS

[Citizen93d]

First, I'll point out that you're describing several degrees of remove. I'm probably equally closely associated with Elvis Presley and Jimmy Hoffa, for instance.

But ultimately, one doesn't choose who likes one or finds utility in one's work.

It is a fact that most of the earliest and most enthusiastic adopters of Quad9 tended to be local and regional governments, globally, and that includes their law enforcement offices just as much as their schools and parks and libraries. Quad9 emphasizes privacy and security, and those are, by and large, the goals of law enforcement, as well as sysadmins everywhere.

I recognize that there are some people who say "if X likes Y, I cannot also like Y, because I dislike X." And that's fine, but it's an essentially dogmatic stance, not a pragmatic or utilitarian one. You have a bone to pick with the City of London Police, and they use Quad9 to protect themselves, so you choose not to. Which is fine.

The utilitarian counterpoint would be "If it's good enough for them, it's good enough for me."

I might be wrong, but I had the impression that Citizen93d has problems with the fact that certain parties might be founders/sponsors (with possibly special rights?), not that they are users of Quad9.

PS: thank you for contributing here!

Yes, he's trying very hard to give that impression, but if you read his post more carefully, that's not actually what he said. He has a problem with the City of London Police. (I'm not speculating about that, he wrote many many many posts about it on Reddit a few months ago.) The City of London Police are apparently among the donors of an organization called the Global Cyber Alliance. The Global Cyber Alliance is one of thousands of donors to Quad9, albeit less than half of one percent of our budget.

So, they're neither founders nor sponsors. And we're a public-benefit non-profit. Nobody has any special rights, because we only do one thing, and it's available to everyone already.

Hey Bill,

Yes, I do have a bone to pick with the City of London Police. It's not that I'm anti-police forces or anything like that, but sometimes they act like they own the internet (eg: "taking down" domains registered by entities outside their jurisdiction without any court order, and so on). I don't like bullies, sometimes they act like one and that's why I don't like or trust them that much.

Also, it's not that they use Quad9 themselves, to tell you the truth I didn't know that. It's that their objectives don't seem to be aligned with mine. They exist in part to protect the interests of the corporations based in the City of London while I'm just a guy that thinks that due process is important.

Having police and governments associated in some way with a DNS service can be both good and bad from a user point of view. On one hand it's their job to protect people (I guess that's why they support Quad9), but on the other encryption and privacy tools and laws also stops them from doing their jobs.

If I remember right, half of those "many many many" posts about it on reddit were replies to your posts on a thread about Quad9. This was... 1 year ago or so? Around that time many started to notice that the "firewall" that went live for most people in the UK in order to "protect the children" was blocking more than harmful content for children (from sexual education content to piracy) and my comments had that in mind: Entities that aren't that internet friendly and have some influence over the partners providing threat intelligence data supporting a new DNS service? Errr...

I've seen other people bringing up the same or similar points since them, so as crazy my position can seem, I think that everyone operating a service like this should be aware that being associated with police enforcement looks like a good thing for enterprise and public (schools, councils, etc) users but may rise some eyebrows to everyone else. It's not a personal thing against the service.

With this said, if users are aware and are fine with it, then I have no problem with their decision to use Quad9 or any other alternative. I only left a comment here because I use Asuswrt-Merlin (and there's an official section for it on this forum) and its author tweeted about this thread.

 

[FLA_NL]

As this thread is kinda dead now. Does anyone have Quad9 working (DoT) without the timeouts? And which config is used to achieve that? I read some stuff to lower the timeout on the router but it would be nice to know to which value specifically for Merlin's asus firmware. Or maybe a small manual?

 

[XIII]

I contacted them, but after one additional query from their side I never got a reply.

 

[XIII]

Sounds like a bunch of you are seeing the same issue there. I'll check with the ops guys and see what they say about it.

Any update on this?

 

[dave14305]

I contacted them, but after one additional query from their side I never got a reply.

Same here.

 

[FLA_NL]

I don't think it is good PR for Quad9 to let it end like this. Started to wonder if some funders did complain of things being said here.

 

[Paliv]

I don't think it is good PR for Quad9 to let it end like this. Started to wonder if some funders did complain of things being said here.

He’s been pretty vocal on different forums for some time, including Reddit (lost of visibility). My guess is more that he got busy working.

 

[coxhaus]

or on vacation. It is the time of year.

 

[FLA_NL]

Yeah maybe I'm just impatient

 

[Centrifuge]

Does anyone have Quad9 working (DoT) without the timeouts?

I've got it working, the only thing I noticed since switching from Cloudflare is that once in a while a site won't load, goes to can't contact server, but if I click once or twice on reload it will load fine. This happens typically when first firing up the browser. Otherwise not much different. All vanilla setting on DoT, Firefox, Safari.

 

[Gar]

I've got it working, the only thing I noticed since switching from Cloudflare is that once in a while a site won't load, goes to can't contact server, but if I click once or twice on reload it will load fine. This happens typically when first firing up the browser. Otherwise not much different. All vanilla setting on DoT, Firefox, Safari.

Same here. Very acceptable for me, but not perfect. Still like the filtering too.

 

[FLA_NL]

I've got it working, the only thing I noticed since switching from Cloudflare is that once in a while a site won't load, goes to can't contact server, but if I click once or twice on reload it will load fine. This happens typically when first firing up the browser. Otherwise not much different. All vanilla setting on DoT, Firefox, Safari.

For me it was like that also until it happened when I was redirected to my bank for doing a payment. I don't like it in those situations. Now I'm using Cloudflare because I prefer stability over filtering. Before the DoT implementation I was always using Quad9.

 

[QuikSilver]

For me it was like that also until it happened when I was redirected to my bank for doing a payment. I don't like it in those situations. Now I'm using Cloudflare because I prefer stability over filtering. Before the DoT implementation I was always using Quad9.

Been using a combination of Quad9 and Cloudflare myself with random sites not loading. Refreshing works but annoying to have to do. Much less explaining it to the other internet users that they need to hit refresh and that the internet isn't down.

 

[FLA_NL]

Been using a combination of Quad9 and Cloudflare myself with random sites not loading. Refreshing works but annoying to have to do. Much less explaining it to the other internet users that they need to hit refresh and that the internet isn't down.

Why still use Quad9? With Cloudflare alone I don't have those issues and filtering isn't working good anyway if you use a combination of those 2.

 

[Treadler]

Why still use Quad9? With Cloudflare alone I don't have those issues and filtering isn't working good anyway if you use a combination of those 2.

Quad9 + DNSSEC + DoT working great with Merlin 384.13 Alpha.
Nice work!

 

[FLA_NL]

Quad9 + DNSSEC + DoT working great with Merlin 384.13 Alpha.
Nice work!

I'm running 384.13 alpha2 for a day now, it is much better then it was but I still get occasionnal DNS errors in the browser, only now the error disappears after a short time and the browser can still resolve the page by itself. First I had to do a manual refresh of the page and that is not needed anymore. I switched back to Cloudflare again and see how that goes.

 

[XIII]

Still poor Quad9 performance with 384.13 Beta 1.

I really hope they can improve, but never heard back from them...

 

[coxhaus]

I have been using Quad9 for a while now and I like it. Cisco now has their umbrella system which protects you also but it costs money.

 

[ColinTaylor]

Perhaps after nearly 4 months and 178 posts the OP can correct the thread title? There's no such thing as Cloud9 DNS. Or maybe I'm missing the point and it's a deliberate subtle joke (Cloudflare + Quad9).

 

[Smokey613]

Quad9 + DNSSEC + DoT working great with Merlin 384.13 Alpha.
Nice work!

Same setup on Merlin 384.13 and Quad9 works very fast for me without any issues.