Recent content by Bill Woodcock

If there are ways we can improve Quad9, we're all ears... You've looked at independent lab-tests of Quad9's malware blocking? https://www.andryou.com/2020/05/31/comparing-malware-blocking-dns-resolvers-redux/...

We've been following the issue closely... In general, we're stretched very thin, so we have to be very careful about taking on a larger scope of issues than we can see our way to successfully solving. We view our mandate as a balance of security, privacy, and performance. And we work as much...

I'm not clear on what you're looking for, exactly. Do you want us to work with the developer of the test to try to help them to improve their test until it's accurate? That doesn't scale, and doesn't provide users with any benefit, so that's really not where our effort is directed. "Scoring...

Can you give a specific example of Quad9 being slow to react (or "bad at reacting") to new things? The SAD thing isn't in fact an example of that, since it's not something we were vulnerable to. We were the first recursive resolver to implement DNSSEC. We were the first recursive resolver to...

Interesting that the TechRadar roundup says they're "not convinced that more sources is better" for malware blocking, when there are a ton of independent lab tests that give actual quantitative results... There's no need for them to guess, particularly when they guess wrong...

As always, we (Quad9) encourage you to rely on trust as little as possible, and self-host everything that makes sense for you. And, as always, I'm happy to answer any questions you may have. We have some big announcement regarding privacy coming up on the 28th, Data Privacy Day.

Yep, that's normal. If you send a cache-busting query to Quad9, Quad9 has to resolve it by sending a new query to the authoritative server for the zone you're querying. That query has to originate on a unicast peering or transit interface of a Quad9 router (as opposed to the public-facing...

Please do, and if you still see a problem, please report it to [email protected]. DoT chews up a lot of CPU, and if you were hitting a server instance that was getting overloaded with other people all using DoT, it may have needed an upgrade. Which may have happened by now. Anyway, if it's...

It's worth testing both ways and seeing how it works for you. Everybody's combination of local topology and traffic patterns are different enough that small changes in DNS configuration can yield surprising differences in performance. The down-side of sending ECS is that it gives both CDN...

Sorry, didn't mean to disappear on you guys. I just got kinda swamped with other things. There'll be some new Quad9 announcements later this summer. And the whole .ORG takeover-attempt sucked nearly all of my time for the better part of six months. Although a lot of that was about bad business...

Yep. We've been in contract negotiation with them since... (checking old email here) ...March of 2018. They didn't get in contact with us until they decided they wanted to do this default-DoH thing outside of the US, so they needed a solution that would be legal in places with privacy laws. So...

Sounds like a bunch of you are seeing the same issue there. I'll check with the ops guys and see what they say about it.

Your ISP is doing the right thing. That looks like a performance problem on our side, adding 10ms of delay going through our peering router. (Note that the router itself is being particularly slow to respond to the traceroute, which is low-priority for it... if it were lightly-loaded, it...

Can you post a traceroute and your origin AS, or send it to [email protected], so they can figure out what your ISP is doing with your queries, and try to optimize the path? Have you tried using 9.9.9.10, or used the form on the front page of the https://quad9.net web site to check whether the...

It's almost an IPv6 address. Two colons together indicates an elided consecutive run of 0s. So the address is 2620:fe::fe. Double-colon the second time. Or it would be equally correct (but more tedious) to write it out as 2620:00fe:0000:0000:0000:0000:0000:00fe.