What's new

DNS Trivia

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

dlandiss

Very Senior Member
Has anyone found any pros or cons about using the "Quad9" DNS servers? They claim all sorts of security advantages, and they measure faster response than the Google servers (and LOTS faster than OpenDNS).
 
From my quick tests today, when an entry is not cached, Google still resolves faster than quad9. When cached, both respond about the same.

I heard ppl use a benchmark from GRC for test on Windows. Mac users can try Namebench.

quad9 improved a lot in the past few months in my region. I may consider switching back to quad9 since it can act as a default fallback of blocking rogue domains if they're not already among your adblock lists.
 
In my location, Quad9 is the fastest resolving public dns. (Uncached).
Then Google, then Opendns a long way behind....

GRC results consistent over a few months now.
 
I think it is a good idea but speed is not there for me.

Microsoft Windows [Version 10.0.16299.334]
(c) 2017 Microsoft Corporation. All rights reserved.
C:\Users\lee>ping 9.9.9.9
Pinging 9.9.9.9 with 32 bytes of data:
Reply from 9.9.9.9: bytes=32 time=67ms TTL=49
Reply from 9.9.9.9: bytes=32 time=65ms TTL=49
Reply from 9.9.9.9: bytes=32 time=64ms TTL=49
Reply from 9.9.9.9: bytes=32 time=60ms TTL=49
Ping statistics for 9.9.9.9:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 60ms, Maximum = 67ms, Average = 64ms
C:\Users\lee>ping 8.8.8.8
Pinging 8.8.8.8 with 32 bytes of data:
Reply from 8.8.8.8: bytes=32 time=18ms TTL=57
Reply from 8.8.8.8: bytes=32 time=24ms TTL=57
Reply from 8.8.8.8: bytes=32 time=21ms TTL=57
Reply from 8.8.8.8: bytes=32 time=21ms TTL=57
Ping statistics for 8.8.8.8:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 18ms, Maximum = 24ms, Average = 21ms
C:\Users\lee>
 
I think locking your DNS is just as important as what DNS you use. You don't want any of your device's DNS requests to roll out to a rogue DNS, do to a bad Ad or whatever. I pick what DNS servers are valid and block all others so my network will not work if a rogue DNS is picked up. IT is better to not work than to corrupt a device.
 
Re: Namebench on a Mac

If your using it on a later version of macOS (10.13+ maybe earlier too) see this topic for help finding the results. https://github.com/catap/namebench/issues/8

I never managed to find the file, using that method from console as one user states. I just opened /var/ and searched for .html, found it rather quickly.

I was using OpenDNS on the router, and lets just say nothing at all even touches it, nor is it even in the same state so to speak. You may be obviously different.
 
Yes I am Spectrum Texas. Here is a traceroute 9.9.9.9

Microsoft Windows [Version 10.0.16299.334]
(c) 2017 Microsoft Corporation. All rights reserved.
C:\Users\lee>traceroute 9.9.9.9
'traceroute' is not recognized as an internal or external command,
operable program or batch file.
C:\Users\lee>tracert 9.9.9.9
Tracing route to dns.quad9.net [9.9.9.9]
over a maximum of 30 hops:
1 4 ms 5 ms 4 ms 192.168.0.254
2 5 ms 3 ms 3 ms 192.168.10.1
3 15 ms 36 ms 23 ms cpe-72-133-80-1.sw.res.rr.com [72.133.80.1]
4 24 ms 27 ms 29 ms tge0-0-0.elgntx0801h.texas.rr.com [66.68.3.169]
5 19 ms 26 ms 13 ms agg38.ausutxla01r.texas.rr.com [24.175.42.138]
6 26 ms 32 ms 26 ms agg22.dllatxl301r.texas.rr.com [24.175.41.46]
7 20 ms 21 ms 30 ms 66.109.1.216
8 19 ms 21 ms 17 ms 4.68.72.117
9 24 ms 22 ms 23 ms 4.68.72.69
10 61 ms 65 ms 67 ms te7-4-10G.ar1.PAO2.gblx.net [67.17.111.246]
11 62 ms 61 ms 67 ms packet-clearing-house.gigabitethernet9-28.ar1.pao2.gblx.net [208.178.194.98]
12 62 ms 62 ms 62 ms dns.quad9.net [9.9.9.9]
Trace complete.
C:\Users\lee>
 
Yes I am Spectrum Texas. Here is a traceroute 9.9.9.9
C:\Users\lee>tracert 9.9.9.9
...
11 62 ms 61 ms 67 ms packet-clearing-house.gigabitethernet9-28.ar1.pao2.gblx.net [208.178.194.98]

Ouch. Yeah, they're sending you to Palo Alto ("pao") instead of Dallas. Sorry. I'll have our interconnection folks try to get them to fix it, but they'll always be more responsive to a customer than to another network operator... So if you want to open a ticket with them, point them at https://pch.net/peering and ask them why they're not interconnecting in Equinix or TIE Dallas to solve this problem. It's not just effecting Quad9, of course... You're also getting poor performance to two of the root nameservers and most of the top-level domains, since they're all routed the same way out of AS42.

Thanks.
 
Yes I have been complaining since Spectrum took over. Response time keeps climbing.

I think we lost Austin when Spectrum took over so now I flip flop between Houston and Dallas.
 
Has anyone found any pros or cons about using the "Quad9" DNS servers? They claim all sorts of security advantages, and they measure faster response than the Google servers (and LOTS faster than OpenDNS).

A new contender?

Cloudflare DNS:
IPv4:
1.1.1.1
1.0.0.1

IPv6:
2606:4700:4700::1111
2606:4700:4700::1001

Quicker than Quad9 for me......
 
Is there any way to use Gloudflare new DNS service 1.1.1.1 security features like DNS over HTTPS and DNS over TLS on ASUS routers?

Pretty much, for DNS over TLS you could do something via DNSMasq, Unbound, or DNSCrypt, which will require changing your port from 53 to 853.

for DNS over HTTPS, require's a little more hand's on involvement and currently DNSCrypt has a working version of Cloudflare on the latest version I believe providing DNS over HTTPS

Here's 2 resource link's to get you started.

https://www.snbforums.com/threads/how-to-change-wan-dns-port.18177/

https://www.snbforums.com/threads/replacing-dnsmasq-dns-with-unbound.37473/
(Xentrk was apart of this discussion)
 
Last edited:
A new contender?

Cloudflare DNS:
IPv4:
1.1.1.1
1.0.0.1

IPv6:
2606:4700:4700::1111
2606:4700:4700::1001

Quicker than Quad9 for me......

Cloudflare seems to be based in Australia so people in Australia will probably find it quicker. My only thought is I thought 1.0.0.0 IP address space was awarded to China years ago. Maybe I was wrong.


Capture5.PNG
 
My only thought is I thought 1.0.0.0 IP address space was awarded to China years ago.
My understanding is that APNIC loaned the addresses to this project.

My ISP is Charter/Spectrum in St. Louis. The DNS speed differences in the first 20 outside of my ISP are negligible.

Nameservers.png
 

Similar threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top