What's new

Changing DNS Server to Quad9

Cranium

Occasional Visitor
I am contemplating changing my DNS server to Quad9 for malware filtering.

I have two questions.

1) I know I can enter the IPs in the LAN menu. Are their any other options I need to change? I am running a plain vanilla AI mesh with AX58U router and AC3100 node. I am using 384.19.

2) What opinions do you have on these types of changes and in particular, Quad9?

Thanks in advance.
 

Yo_2T

Occasional Visitor
1. Ideally you should enter it in the WAN settings. Per Merlin's answer:

http://www.snbforums.com/threads/only-one-dns-server-in-dhcp.9353/post-57247

Also go to the LAN setting, under DNS Filter turn it on and set it to Router. That will force devices with hardcoded DNS values to use the servers you specify on the router.

2. I used Google DNS, then Quad9 for a while before using Unbound. They work fine really. ISP DNS tend to be unreliable (when I was on Fios and now RCN) so I'd rather use anything but theirs.
 

OzarkEdge

Part of the Furniture
I am contemplating changing my DNS server to Quad9 for malware filtering.

I have two questions.

1) I know I can enter the IPs in the LAN menu. Are their any other options I need to change? I am running a plain vanilla AI mesh with AX58U router and AC3100 node. I am using 384.19.

2) What opinions do you have on these types of changes and in particular, Quad9?

Thanks in advance.
Quad9 recommends itself. I haven't found any reason not to use it.

OE
 

Cranium

Occasional Visitor
Quad9 recommends itself. I haven't found any reason not to use it.

OE
I've started to think the same way after I watched a video yesterday that was posted somewhere on SNB where the Quad9 CEO was being interviewed. He made a good case for it and the interviewer had tested Quad9 and seemed to really like where the company was going.
 

OzarkEdge

Part of the Furniture
I've started to think the same way after I watched a video yesterday that was posted somewhere on SNB where the Quad9 CEO was being interviewed. He made a good case for it and the interviewer had tested Quad9 and seemed to really like where the company was going.
Quad9 is a non-profit organization with many partners.



OE
 

adrenalize

Occasional Visitor
I've used them for a while as I kind of like their philosophy.

I use DoT and had been working brilliantly until a few weeks back DNS requests would fail, then work a few seconds later the fail again. Switching to Cloudflare or turning off DoT solved it. A few other users had the same issue. I never found out the reason why it stopped working as it should - had been working fine for months and no settings were changed! Need to try it again!
 

CaptnDanLKW

Regular Contributor
I had the opposite - DoT with CloudFlare - cause me issues with Outlook client authentication last week. Many months ago I had been running with DoT on but turned it off for some reason. Reenabled last week and had that issue. Just gonna leave it off from here on out and use my ISP's DNS. Not worth the weirdness and headaches when they crop up. YMMV
 

bbunge

Very Senior Member
I use Quad 9 set up in the router WAN/DNS Server 1 (9.9.9.9) and DNS Server 2 (149.112.112.112) then DoT to the same Anycast IP addresses. I modify the stubby.yml to allow Stubby in the router to do DNSSEC. I also have a Pi-Hole on the lan with its IP Address in LAN/DHCP Server/DNS Server 1. LAN/DNS Filter set to router with an exception for the Pi-Hole. The Pi-Hole also runs Stubby DoT/DNSSEC. I have this set up this way so the Pi-Hole is the primary DNS relay and if something happens to it the DNS query will fall back to the router. I discovered today that the router DNS Filter is sending querries to the Pi-Hole as the Roku, Dish box and Soundtouch speakers seem to have hard coded DNS settings.
 

Bill Woodcock

Occasional Visitor
I've used them for a while as I kind of like their philosophy.

I use DoT and had been working brilliantly until a few weeks back... I never found out the reason why it stopped working as it should - had been working fine for months and no settings were changed! Need to try it again!
Please do, and if you still see a problem, please report it to [email protected]. DoT chews up a lot of CPU, and if you were hitting a server instance that was getting overloaded with other people all using DoT, it may have needed an upgrade. Which may have happened by now. Anyway, if it's that, we probably already know, from monitoring CPU loading, but if it's not that, we definitely need to know so we can track it down. And, as always, please let us know if there's anything you'd like to see working differently, or ISPs we need to chase down because they're routing traffic to a distant location (that's our most common problem).

Thanks!
 

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top