Trying to use Quad9 with new ASUS RT-AX88U Pro

[JTnola]

Since I have this option enable, alerts have been appearing in the log like this:

dnsmasq[2526]: possible DNS-rebind attack detected:

Now I don't know if it's a false alarm or simply because the option is active, referring to what you mentioned above...

…… Probably appearing only in conjunction with your running a dns leak test, such as dnscheck.tools

 

[Jonnny]

…… Probably appearing only in conjunction with your running a dns leak test, such as dnscheck.tools

Nope, normal web browsing (for example)...

 

[valkraider]

Hello, I am trying to use Quad9 and I am not sure it is working. Historically I had always used Cloudflare but I wanted to get better malware blocking, so I am trying Quad9.

I get this:

Here is my DNS check results:

I have Firefox correctly configured to not use DNS over HTTPS so I can get good tests.

My router (Using Gnuton's Merlin build) is set to Quad9:

The router DNS Director is set to "router"

And my router DHCP/WINS settings do not have DNS configured (I can't attach any more screenshots). I also flush my DNS cache on my Mac every time I make a change.

Any ideas?

 

[Treadler]

Hello, I am trying to use Quad9 and I am not sure it is working. Historically I had always used Cloudflare but I wanted to get better malware blocking, so I am trying Quad9.

I get this:
View attachment 54086

Here is my DNS check results:
View attachment 54088

I have Firefox correctly configured to not use DNS over HTTPS so I can get good tests.
View attachment 54089

My router (Using Gnuton's Merlin build) is set to Quad9:
View attachment 54090

The router DNS Director is set to "router"
View attachment 54091

And my router DHCP/WINS settings do not have DNS configured (I can't attach any more screenshots). I also flush my DNS cache on my Mac every time I make a change.

Any ideas?

FWIW, ‘woodynet’ = Quad9.
You appear to be using both Quad9 & Cloudflare.

 

[Martinski]

Hello, I am trying to use Quad9 and I am not sure it is working. Historically I had always used Cloudflare but I wanted to get better malware blocking, so I am trying Quad9.

I get this:
...

Here is my DNS check results:
...

This is the current list of Network Providers associated with Quad9:

WoodyNet (AKA PCH.net)
PCH.net
GSL Networks
i3D
EdgeUno
Equinix Metal (FKA: Packet, Packet.net, or Packethost)
Path.net (Path Network)

From Quad9 FAQs:

FAQs - Quad9 Documentation

None

docs.quad9.net

 

[valkraider]

FWIW, ‘woodynet’ = Quad9.
You appear to be using both Quad9 & Cloudflare.

yeah, I had seen that (and the lists of quad9 providers as well) - but I am not sure I understand why it’s still hitting Cloudflare. And why the Quad9 page says I am not on Q9 as well.

Thank you for the reply and info - I appreciate it!

It’s just weird and I am not sure why to use it if I can’t make sure things go through it.

I have tried both the 9.9.9.9 and the 9.9.9.11 variations with the same results. I have tried it with DNSSEC on and off, and DoT on and off, and so on and so forth,

I just switched back to Cloudflare for families 1.1.1.2 for now, but it doesn’t score as high on the malware blocking as Quad9 so I was going to give Q9 a try…

 

[Mogsy]

This is the current list of Network Providers associated with Quad9:

WoodyNet (AKA PCH.net)
PCH.net
GSL Networks
i3D
EdgeUno
Equinix Metal (FKA: Packet, Packet.net, or Packethost)
Path.net (Path Network)

From Quad9 FAQs:

FAQs - Quad9 Documentation

None

docs.quad9.net

Path Network is new. I thought my DNS was “hijacked” lol

 

[valkraider]

I FIGURED IT OUT!

It's iCloud Private Relay.

I thought iCloud Private Relay only worked in Safari, so I was testing my DNS config using Firefox with DoH turned off.

BUT, it turns out - Firefox will also use iCloud Private Relay for DNS (but not for the "vpn" type function).

Basically, iCloud Private Relay overrides the system DNS function.

From a post on Reddit:

iCloud Private Relay will override system DNS

So when looking for a DNS, it will use whichever is first available, in the order: Firefox DoH > iCloud Private Relay ODoH > DNS as set in system settings > DNS as set on network > DNS from ISP

Thus if you want to use DNS as set on network, you need to disable/unset the three before it, so that it “falls through” to the network DNS

Note that iCloud Private Relay is BOTH a DNS (ODoH) and a lightweight VPN (to hide your IP address). The former is system-wide (unless overriden by an app - both FF DoH and dig handle their own DNS lookups), the latter is only in safari (and seemingly some other apps, like curl). AFAIK you cannot turn off the DNS portion without disabling it altogether.

So when I turn off iCloud Private Relay I get the expected results. Which is good, because that means that all of my IoT devices, Consoles, non Macs, and non-iCloud logged in machines - will all get the Quad9 DNS.

Mystery solved!

 

[valkraider]

Also - FYI - if you're on a Mac and you still want to use iCloud Private Relay but force Firefox to use Quad9 (or any other DNS), you can do so in the Firefox settings: