Cloud9 DNS

Centrifuge

Regular Contributor
Been using Quad9 for like a month now. I don't experience the issues that I had earlier. So something seems to be fixed.
I use cloudflare for DoT, I think I'll try Quad 9. I switched from quad9 because of intermittent timeouts on frequently used websites when using them for dns, a page reload usually fixed it, but was annoying. I'll give it another go.
 

coxhaus

Part of the Furniture
I use cloudflare for DoT, I think I'll try Quad 9. I switched from quad9 because of intermittent timeouts on frequently used websites when using them for dns, a page reload usually fixed it, but was annoying. I'll give it another go.
Frequently used web sites should be cached. Maybe take a look at your DNS caching software.
 

Gar

Very Senior Member
Frequently used web sites should be cached. Maybe take a look at your DNS caching software.
Can you explain that a bit more? Caching DNS how exactly? Thanks
 

Bill Woodcock

Occasional Visitor
Are there any plans for Quad9 to become a partner in Firefox's TRR program? Right now only Cloudflare and NextDNS are part of it.
Yep. We've been in contract negotiation with them since... (checking old email here) ...March of 2018.

They didn't get in contact with us until they decided they wanted to do this default-DoH thing outside of the US, so they needed a solution that would be legal in places with privacy laws. So one problem is that they already had one set of contracts with privacy carve-outs that weren't necessary for us, that we've been trying to get them to tighten up, at least as regards us. The other problem is that we have a malware-blocking service, as well as an unblocked service, and if people select the malware-blocking service, we need Mozilla to not switch that out from under them without letting them know that they're about to lose that protection, and that requires new UI in Mozilla, which isn't a fast process.

Anyway, that'll all come together eventually.

Google did a somewhat different process in Chrome... They check to see whether there's a DoH version of whatever recursive resolver you've already selected, and if so, they switch you over to it. As a result, they've gotten a lot less flak.
 

Bill Woodcock

Occasional Visitor
Been using Quad9 for like a month now. I don't experience the issues that I had earlier. So something seems to be fixed.
Sorry, didn't mean to disappear on you guys. I just got kinda swamped with other things. There'll be some new Quad9 announcements later this summer. And the whole .ORG takeover-attempt sucked nearly all of my time for the better part of six months. Although a lot of that was about bad business, a significant part was about bad DNS as well, so some of you may find some passing interest in that: https://www.icann.org/en/system/files/correspondence/woodcock-to-icann-board-22jan20-en.pdf

On the topic of Quad9 performance, DNS queries are easy to answer quickly. Answering DNS queries quickly while you're being DDoSed is a bit more work. Decrypting and encrypting DoT, DoH, and DNScrypt queries and answers quickly at the same time is even more work. Configuring and shipping stacks of servers to two hundred locations around the world is work, and it's work that's slowed down somewhat by all of the logistics difficulties imposed by the pandemic. Nonetheless, work goes forward. In anything as big and complex as this (this many locations, this many other networks that we interconnect with, each of this has its own routing policies, this many different protocols being supported in different combinations) it's hard to make any useful generalizations about performance... It'll work well for some people, and poorly for others, in different times and at different places. As a non-profit, we can't just sell shares to pay for all that work, we have to actually get people to fund it, but they are. So. Work moves forward in actual discrete chunks in specific places, so performance may go from lousy to good for specific users, as a result of new work done. Conversely, some ISP may change their routing, and start sending queries halfway around the world, for no particular reason at all, until we find out about it and talk with them and see if we can get them to fix it.

We have to answer a lot more queries each week than the week before, so there's a fair bit of work involved in keeping up with that growth in demand. At the same time, a lot of our work goes into helping people understand how to run their own caching resolvers, as you guys do, and making those leak as little query data as possible out to us or other recursive resolver operators, and from the outreach we've done and people we've talked with, it seems like that's actually going really well, so the queries we actually see are dwarfed by those which get answered locally, out of people's own caches, so that's a huge success.

Anyway, long answer to say that it's great if you're seeing performance improvements. If you're seeing performance problems, I'd always encourage you to send a traceroute to [email protected], and our folks will do their very best to get you an answer. If you don't get an answer promptly, like as not it's because we've tracked the problem down to an external network and we're waiting for them to change something, or we've tracked the problem down to a performance bottleneck in the scale of our own server clusters, and we're trying to arrange logistics to get more servers to the location you're hitting. In any event, we could certainly do better on keeping people apprised of where things stand, and you have my apologies for any failings there. I can tell you that we're getting a lot more done over time, that our people are working their asses off, and that we've got as many people working on all this as our donors can pay for.

So, again, it's all a big volunteer project, so if you're able to let us know when something's going wrong, and be patient with us until we can get it fixed, it'll continue getting better. If you've got corporate resources that you can throw at it, we'd love to have you join the many donors who are keeping it all paid for, but we're getting by with what we get right now, too, so there's no funding crisis to be addressed or anything. And there are lots of other really good volunteer open-source projects that need support at least as much as we do.
 

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top