Cloud9 DNS

Davidncali001

Regular Contributor
I was using Cloudflare's as my DNS but recently read about how Quad9 blocks malicious sites so I decided to change to it.

I did a DNS leak test and got results that doesn't say anything about it being Cloud9's DNS. Instead it says WoodyNet. I tried searching and can't find an answer to why this might be.

cloud9.jpg
 

OMNI619

Regular Contributor
Are you using quad9 on your router or modem?

Sent from my SAMSUNG-SM-G920AZ using Tapatalk
 

Davidncali001

Regular Contributor
Are you using quad9 on your router or modem?

Sent from my SAMSUNG-SM-G920AZ using Tapatalk
Router. I cannot set any DNS on my modem.
 

Davidncali001

Regular Contributor
You do have a dns leaks

Sent from my SAMSUNG-SM-G920AZ using Tapatalk
That DNS it's listing isn't my ISP's DNS. I have Xfinity (Comcast). I have no idea what the DNS WoodyNet is.
 

OMNI619

Regular Contributor
Its your own modem that's are using or you renting from xfinity? If you own your modem you can use the quad9 dns on modem

Sent from my SAMSUNG-SM-G920AZ using Tapatalk
 

Davidncali001

Regular Contributor
Its your own modem that's are using or you renting from xfinity? If you own your modem you can use the quad9 dns on modem

Sent from my SAMSUNG-SM-G920AZ using Tapatalk
Own the modem. There are no options to change the modem DNS when I log into it. All you are allowed to do it look at the log and other data, no options to change DNS. Doesn't DNS get worked out by the router anyway?
 

OMNI619

Regular Contributor
I have spectrum and I can change my dns or set up static IP address I don't know why you can't

Sent from my SAMSUNG-SM-G920AZ using Tapatalk
 

jhonzah

New Around Here
I'm having some random ERR_NAME_RESOLUTION_FAILED issues when I try to use Quad9 DNS servers and DNS over TLS.
Doesn't matter if I have DNSSEC enabled or not or if I set Strict or Opportunistic profile.
I have RT-AC68U router running ASUSWRT-Merlin 384.12_alpha2.

Anybody having similar issues?

Now I use Cloudflare DNS without any issues. But Quad9 servers are a bit faster.
 

QuikSilver

Very Senior Member
WoodyNet is Quad9. The Quad9.net homepage says it’s in collaboration with Packet Clearinghouse (pch.net).
Little more info on this....

DNS leak test

The easiest way to check is to run an online DNS leak test. When you do so, you should see that the responding ISP is WoodyNet.

If you’re wondering why you’re seeing WoodyNet, it’s because Quad9 is what’s called an anycast DNS, which automatically routes queries to the nearest server. While Quad9 has servers at more than 100 locations around the globe, it doesn’t own its own servers. Instead, Quad9 relies on Packet Clearing House (which is present at 160+ internet exchange points) to host DNS servers for it. PCH’s Executive Director is Bill Woodcock a/k/a Woody. Hence, WoodyNet.

Taken from https://medium.com/@useradd_deploy/dns-to-the-nines-a185e18459b9
 

Bill Woodcock

Occasional Visitor
I was using Cloudflare's as my DNS but recently read about how Quad9 blocks malicious sites so I decided to change to it.
I did a DNS leak test and got results that doesn't say anything about it being Quad9's DNS. Instead it says WoodyNet. I tried searching and can't find an answer to why this might be.
View attachment 18011
Quoting from:

https://medium.com/@useradd_deploy/dns-to-the-nines-a185e18459b9

"DNS leak test: The easiest way to check is to run an online DNS leak test. When you do so, you should see that the responding ISP is WoodyNet."

I'm Bill Woodcock. I'm the chairman of Quad9's board of directors. The explanation in the Medium article is correct.

Thanks for using Quad9.
 

QuikSilver

Very Senior Member
Quoting from:

https://medium.com/@useradd_deploy/dns-to-the-nines-a185e18459b9

"DNS leak test: The easiest way to check is to run an online DNS leak test. When you do so, you should see that the responding ISP is WoodyNet."

I'm Bill Woodcock. I'm the chairman of Quad9's board of directors. The explanation in the Medium article is correct.

Thanks for using Quad9.
Is it me or am I the only one in somewhat shock right now......As much as I want to believe its really you and that you stumbled onto our forums, I have to believe you have other things to do. ;)

On a side not....Maybe we could do an Ask me Anything type post? My first question would be why choose Quad9 over Cloudflare, GoogleDns, etc....

Of course only if you have time, sir! :)
 

Bill Woodcock

Occasional Visitor
As much as I want to believe its really you and that you stumbled onto our forums, I have to believe you have other things to do.
https://en.wiktionary.org/wiki/kiboze

Other things to do, yes, but Quad9 is a high priority for us, and heck, I'm just sitting around an airport lounge waiting for my next plane, so I might as well be useful, right?

Maybe we could do an Ask me Anything type post?
Sure.

My first question would be why choose Quad9 over Cloudflare (1.1.1.1), GoogleDns (8.8.8.8), etc....
Relative to those two, the answer is the same: privacy and security.

A lot of people look at recursive DNS and think that performance is the thing that matters, because it's the thing that they can measure. Performance is easy to see, because anybody can run dnsperftest to see which gives the quickest average response time from their location. But of the four large ones (OpenDNS/Umbrella being the fourth) all are likely to give you very good performance if you're in North America or Western Europe. Because the other three are commercial, they focus their effort in the places where people have the most money to spend, so you're less likely to get good performance from them if you're in Africa or South America or the Caribbean or South Asia, for instance. But if you're in the US, or Canada, or France, or Germany, any of the four will give you perfectly sufficient performance, and no amount of tinkering or switching is likely to yield any user-noticeable improvement. But performance isn't the point. Google was already there when we set up Quad9, and we're not going to blow our donors' money solely to one-up somebody's commercial offering on the basis of performance.

The point was privacy and security.

Content networks like Google and Cloudflare make money in a lot of ways, some of which depend upon the monetization of Personally Identifiable Information (PII). Whatever you may think about the morality of that, it's flat-out illegal in Europe, and Quad9 was started because European privacy regulators asked us (meaning PCH, in this case) to stand up a GDPR-compliant recursive resolver, as an existence-proof that it was possible to run this critical infrastructure without paying for it by PII.

So, unlike others, Quad9 does not collect personal information. Quad9 does not have a concept of a "user" to hang records off of, and does not collect any IP addresses. Quad9 is the only big anycast resolver that doesn't collect personal information, and it's the only free one that's GDPR-compliant. (Cisco's commercial Umbrella offering is GDPR-compliant and doesn't sell information.) There are people who say that it's okay to collect information if you don't do anything bad with it, but that's really problematic, because breaches happen all the time. Any information you collect will eventually be stolen, and when it's stolen, it'll be sold. So, don't collect unnecessary information in the first place. And if you're commercial, you'll eventually go bankrupt or get bought, whereupon the information is out of control again.

Relative to security, malware and phishing and so forth are a horrible problem, particularly with IoT junk. Botnets are getting very large, and the DDoS attacks they source are a vast problem. So using the recursive resolver to block contact between bot software and its C&C, as David did with OpenDNS, is an excellent way to protect users from malware, and to protect the Internet from infected devices. Whereas OpenDNS has Cisco as its sole source of "threat intelligence," Quad9, as a not-for-profit Internet industry project, has twenty, including Cisco and IBM and F-Secure and many others. So Quad9 offers malware blocking that uses the best information we can glean from all twenty threat intel providers, plus a whitelist of known-good major sites, to make sure that infected devices at your sites can't connect to C&C and start DDoSing people, and that credulous users won't be able to connect to phishing sites that will steal their information.

Google and Cloudflare do not do malware blocking. Cisco Umbrella/OpenDNS does.

What we recommend you do is to run a local caching resolver that performs QNAME minimization and DNS-over-TLS, provision it with plenty of cache, and only leak the minimum possible information out to a recursive resolver, and make sure that you agree with the privacy policy of the recursive resolver. Lots of folks use the combination of PiHole and Stubby for that purpose. One way you can tell whether people are monetizing your data is by seeing whether they recommend you connect your end-nodes directly to their service, or whether they recommend you put a caching resolver in front. :)

If you want to make this question more visible, you could post it to Quora, and I'll post the answer there as well.
 
Last edited:

QuikSilver

Very Senior Member
https://en.wiktionary.org/wiki/kiboze

Other things to do, yes, but Quad9 is a high priority for us, and heck, I'm just sitting around an airport lounge waiting for my next plane, so I might as well be useful, right?



Sure.



Relative to those two, the answer is the same: privacy and security.

A lot of people look at recursive DNS and think that performance is the thing that matters, because it's the thing that they can measure. Performance is easy to see, because anybody can run dnsperftest to see which gives the quickest average response time from their location. But of the four large ones (OpenDNS/Umbrella being the fourth) all are likely to give you very good performance if you're in North America or Western Europe. Because the other three are commercial, they focus their effort in the places where people have the most money to spend, so you're less likely to get good performance from them if you're in Africa or South America or the Caribbean or South Asia, for instance. But if you're in the US, or Canada, or France, or Germany, any of the four will give you perfectly sufficient performance, and no amount of tinkering or switching is likely to yield any user-noticeable improvement. But performance isn't the point. Google was already there when we set up Quad9, and we're not going to blow our donors' money solely to one-up somebody's commercial offering on the basis of performance.

The point was privacy and security.

Google and Cloudflare make their money by collecting and selling personal information. Whatever you may think about the morality of that, it's flat-out illegal in Europe, and Quad9 was started because European privacy regulators asked us (meaning PCH, in this case) to stand up a GDPR-compliant recursive resolver, as an existence-proof that it was possible to run this critical infrastructure without paying for it by stealing users' personal information and hawking it to data-brokers.

So, unlike the others, Quad9 does not collect personal information. Quad9 does not have a concept of a "user" to hang records off of, and does not collect any IP addresses. Quad9 is the only big anycast resolver that doesn't collect personal information, and it's the only free one that's GDPR-compliant. (Cisco's commercial Umbrella offering is GDPR-compliant and doesn't sell information.) There are people who say that it's okay to collect information if you don't do anything bad with it, but that's completely wrong, because breaches happen all the time. Any information you collect will eventually be stolen, and when it's stolen, it'll be sold. So, don't collect unnecessary information in the first place.

Relative to security, malware and phishing and so forth are a horrible problem, particularly with IoT junk. Botnets are getting very large, and the DDoS attacks they source are a vast problem. So using the recursive resolver to block contact between bot software and its C&C, as David did with OpenDNS, is an excellent way to protect users from malware, and to protect the Internet from infected devices. Whereas OpenDNS has Cisco as its sole source of "threat intelligence," Quad9, as a not-for-profit Internet industry project, has twenty, including Cisco and IBM and F-Secure and many others. So Quad9 offers malware blocking that uses the best information we can glean from all twenty threat intel providers, plus a whitelist of known-good major sites, to make sure that infected devices at your sites can't connect to C&C and start DDoSing people, and that credulous users won't be able to connect to phishing sites that will steal their information.

How we recommend you use Quad9 is to run a local caching resolver that performs QNAME minimization and DNS-over-TLS, provision it with plenty of cache, and only leak the minimum possible information out to us. Lots of folks use the combination of PiHole and Stubby for that purpose. One way you can tell whether people are monetizing your data is by seeing whether they recommend you connect your end-nodes directly to their service, or whether they recommend you put a caching resolver in front. :)

If you want to make this question more visible, you could post it to Quora, and I'll post the answer there as well.
Wow! Thanks for taking the time out of your schedule to help me (and possibly others) understand how Quad9 differs from the others. This has definitely taught me some things I didn't know. I will admit that I have used Quad9 a few times but always went back to googledns and Cloudflare. This has helped me understand the differences between them and will make Quad9 a permanent fixture in my network settings. :) Safe travels!
 

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top