Hi - you had asked about a management interface for Quad9. There is no way to monitor Quad9’s filtering via a web interface at Quad9, since we do not have the concept of an “account” due to privacy and data collection issues. However, if you are willing to do a bit of hackery, then it is possible to see which queries are being blocked by our filter versus which queries are being naturally given an NXDOMAIN. We flag our blocked queries with the RD bit in the reply. If you’re using Quad9 as a forwarder, Pi-Hole automatically recognizes this and will flag the blocks appropriately, but it’s possible to just capture the packets manually as well.
If you’re a user of tshark (the command-line version of wireshark for Linux) then you could run a command like this constantly to get a list of blocked hosts. Of course, change the ethernet interface for your local installation, and that interface would need to be able to “see” all the query replies coming from Quad9 towards your host(s). This loops to prevent disk exhaustion since tshark keeps temp files. Use “dig @184.108.40.206 +short A blocked.test.on.quad9.net” to trigger a block result.
while true; do tshark -np -i ens32 -q -c 100000 -E separator=, -E quote=d -T fields -e frame.time_epoch -e dns.qry.name -e ip.src -e ipv6.src -e ip.dst -e ipv6.dst -Y “dns.flags.rcode eq 3 && dns.flags.recavail eq 0” “src net 220.127.116.11/24 or src net 18.104.22.168/24 or src net 22.214.171.124/24 or src net 2620:fe::0/48” 2>/dev/null; done