Reading mode: Light Dark

New “Quad9” DNS service blocks malicious domains for everyone

Go to last post
Austinian

Austinian

Dances With Werewolves
Forum Moderator
Messages
15,233
Solutions
17
Reaction score
7,707

Loading…

arstechnica.com

Comments from our networking experts?
 
Austinian said:
Comments from our networking experts?
Click to expand...
Well, DNS is only gonna help if the malware embeds a hostname rather than an IP address.

If I was writing the code, I'd embed multiple IP's and I know that at least some malware does that.

Quad9 might be useful as a DNS service depending on how fast and reliable it turns out to be. Personally I use my service providers DNS (Comcast) as a primary and Google (8.8.8.8) as a secondary.
 
Austinian said:
https://arstechnica.com/information...ervice-blocks-malicious-domains-for-everyone/

Comments from our networking experts?
Click to expand...
"The Global Cyber Alliance (GCA)—an organization founded by law enforcement and research organizations to help reduce cyber-crime"

What better way to spy on people in the US than log their DNS lookups on a server you supply, which is supposedly there for your protection? Log someone looking at a "bad" site, take that log to a judge, and get a warrant for surveillance. You know who gets to decide what a "bad" site is, you agreed by using the service to be logged so it's not entrapment, everything legally done.

Thank you
Russell
 
Last edited:
Russell Evans said:


What better way to spy on people in the US than log their DNS lookups on a server you supply, which is supposedly there for your protection? Log someone looking at a "bad" site, take that log to a judge, and get a warrant for surveillance. You know who gets to decide what a "bad" site is, you agreed by using the service to be logged so it's not entrapment, everything legally done.
Click to expand...
Hey, it works for Apple, Facebook, Google, Twitter et al :-)
 
malch said:
Russell Evans said:
What better way to spy on people in the US than log their DNS lookups on a server you supply, which is supposedly there for your protection? Log someone looking at a "bad" site, take that log to a judge, and get a warrant for surveillance. You know who gets to decide what a "bad" site is, you agreed by using the service to be logged so it's not entrapment, everything legally done.
Click to expand...
Hey, it works for Apple, Facebook, Google, Twitter et al :-)
Click to expand...
9 out of 10 terrorists prefer DNISIS.
 
malch said:
Russell Evans said:
What better way to spy on people in the US than log their DNS lookups on a server you supply, which is supposedly there for your protection? Log someone looking at a "bad" site, take that log to a judge, and get a warrant for surveillance. You know who gets to decide what a "bad" site is, you agreed by using the service to be logged so it's not entrapment, everything legally done.
Click to expand...
Hey, it works for Apple, Facebook, Google, Twitter et al :-)
Click to expand...
As far as I know, Apple, Facebook, Google, Twitter, don't own the guns.


Thank you
Russell
 
Russell Evans said:
malch said:
Russell Evans said:
What better way to spy on people in the US than log their DNS lookups on a server you supply, which is supposedly there for your protection? Log someone looking at a "bad" site, take that log to a judge, and get a warrant for surveillance. You know who gets to decide what a "bad" site is, you agreed by using the service to be logged so it's not entrapment, everything legally done.
Click to expand...
Hey, it works for Apple, Facebook, Google, Twitter et al :-)
Click to expand...
As far as I know, Apple, Facebook, Google, Twitter, don't own the guns.
Click to expand...
Well, 3 of these 4 are partly or wholly owned by the Russkies, who have guns. And nuclear weapons. Or should I say pwned?

Quad9 doesn't seem to exist yet. Try it here by entering 9.9.9.9 (works for 8.8.8.8 and 4).

https://www.ultratools.com/tools/dnsHostingSpeedResult
 
Last edited:
CAcreeks said:


Quad9 doesn't seem to exist yet. Try it here by entering 9.9.9.9 (works for 8.8.8.8 and 4).

https://www.ultratools.com/tools/dnsHostingSpeedResult
Click to expand...
Using your link, I get this:

aa40c1509dab45118e902c8ab8a35615.jpg



--
Patco
A photograph is more than a bunch of pixels
 
How is this different from opendsn?
 
I’m taking a swinging you-know-what guess here, but I’m willing to bet that’s not how this tool is intended to be used. I’m betting the intent of the tool is that you enter a web site or other standard “destination” and then it walks DNS starting with the DNS servers you have configured in your OS. Entering the name or IP address of a DNS server into this tool may not give you any meaningful information about the DNS performance of that server.
 
incoherent1 said:
How is this different from opendsn?
Click to expand...
Opendns? It's a direct competitor. Not yet proven of course but maybe it will turn out better (or maybe not).

Either way, folks should think about who they wish to share their online habits with as Russell has cautioned.
 
Patco said:
Member said:
Quad9 doesn't seem to exist yet. Try it here by entering 9.9.9.9 (works for 8.8.8.8 and 4).

https://www.ultratools.com/tools/dnsHostingSpeedResult
Click to expand...
Using your link, I get this:

aa40c1509dab45118e902c8ab8a35615.jpg
Click to expand...
Thanks Patco, my firewall or nannyware must be blocking it.

Anyhow, performance is marginally better than Google 8.8.8.8 and .4, although this could be owing to lighter load.

I tried OpenDNS but many parts of the Internet are unavailable, specifically a news site I liked to read, until the editor died. Also sites with dirty jokes. Quad9 remains to be seen.
 
Last edited:
Billiam29 said:
I’m taking a swinging you-know-what guess here, but I’m willing to bet that’s not how this tool is intended to be used. I’m betting the intent of the tool is that you enter a web site or other standard “destination” and then it walks DNS starting with the DNS servers you have configured in your OS. Entering the name or IP address of a DNS server into this tool may not give you any meaningful information about the DNS performance of that server.
Click to expand...
It looks more like any other DNS service to me.

DNS filters for known malware sites can be useful but I worry that some folks will be misled into thinking Quad9 gives them comprehensive protection from malware and all the rest. It won't; not even close. For most people, a commercial AV program is probably a much better bet (although the two are not necessarily mutually exclusive).
 
malch said:
Billiam29 said:
I’m taking a swinging you-know-what guess here, but I’m willing to bet that’s not how this tool is intended to be used. I’m betting the intent of the tool is that you enter a web site or other standard “destination” and then it walks DNS starting with the DNS servers you have configured in your OS. Entering the name or IP address of a DNS server into this tool may not give you any meaningful information about the DNS performance of that server.
Click to expand...
It looks more like any other DNS service to me.

DNS filters for known malware sites can be useful but I worry that some folks will be misled into thinking Quad9 gives them comprehensive protection from malware and all the rest. It won't; not even close. For most people, a commercial AV program is probably a much better bet (although the two are not necessarily mutually exclusive).
Click to expand...
Ooops, sorry. When I said "I’m willing to bet that’s not how this tool is intended to be used" I was actually referring to the link that CAcreeks and Patco mentioned for "dnsHostingSpeedResult" at ultratools.com.
 
Billiam29 said:
Ooops, sorry. When I said "I’m willing to bet that’s not how this tool is intended to be used" I was actually referring to the link that CAcreeks and Patco mentioned for "dnsHostingSpeedResult" at ultratools.com.
Click to expand...
Oops. Got it!

Send three and fourpence, we're going to a dance :-)
 
Thanks for the gracefull response to my typo!

I thought it looked to offer the same functionality, but being somewhat ignorant about such subtleties, wanted to clarify.
 
You must log in or register to reply here.

Keyboard shortcuts

f
Forum
m
My threads
Mobile site
About
Editorial content
Cameras & Lenses
Community
All content, design, and layout are Copyright © 1998–2025 Digital Photography Review All Rights Reserved.
Reproduction in whole or part in any form or medium without specific written permission is prohibited.
When you use DPReview links to buy products, the site may earn a commission.
©GPS Media - Guides, Products, Services.
Back
Top