DNS Malware Filtering Compared: Quad9 VS Cloudflare VS DNS Filter VS OpenDNS / Cisco Umbrella

Networking & Firewalls
31

Hello from Greece. Been following Tom on YouTube but this video gave me a reason to signup on the forum.

I recently switched to Quad9 (57ms latency) from Cloudflare (17ms latency) since the latter was giving me some blank replies on some DNSSEC-enabled zones. I also found that Quad9 is more transparent in their documentation and provide more granularity (e.g. I am using the “Blocklist, DNSSEC, EDNS Client-Subnet sent” service).

I do advocate Quad9 to my peers but the latency discussion is always a show stopper. @quad9dns is there any plans for a closer to the home service (i.e. Easter Europe)? We are currently being served by London.

Just for the fun of it, here’s my forward section of my DNS resolver box (unbound) at home. I forward google and cloudflare related queries to their DNS services :laughing: and the rest to Quad9 :slight_smile:

# Google related queries to 8.8.8.8
forward-zone:
 name: "google.com."
 forward-addr: 2001:4860:4860::8888@853
 forward-addr: 8.8.8.8@853
 forward-addr: 2001:4860:4860::8844@853
 forward-tls-upstream: yes

forward-zone:
 name: "google.gr."
 forward-addr: 2001:4860:4860::8888@853
 forward-addr: 8.8.8.8@853
 forward-addr: 2001:4860:4860::8844@853
 forward-tls-upstream: yes

forward-zone:
 name: "youtube.com."
 forward-addr: 2001:4860:4860::8888@853
 forward-addr: 8.8.8.8@853
 forward-addr: 2001:4860:4860::8844@853
 forward-tls-upstream: yes

forward-zone:
 name: "youtube.gr."
 forward-addr: 2001:4860:4860::8888@853
 forward-addr: 8.8.8.8@853
 forward-addr: 2001:4860:4860::8844@853
 forward-tls-upstream: yes

forward-zone:
 name: "like.com."
 forward-addr: 2001:4860:4860::8888@853
 forward-addr: 8.8.8.8@853
 forward-addr: 2001:4860:4860::8844@853
 forward-tls-upstream: yes

forward-zone:
 name: "gmail.com."
 forward-addr: 2001:4860:4860::8888@853
 forward-addr: 8.8.8.8@853
 forward-addr: 2001:4860:4860::8844@853
 forward-tls-upstream: yes

forward-zone:
 name: "googleapis.com."
 forward-addr: 2001:4860:4860::8888@853
 forward-addr: 8.8.8.8@853
 forward-addr: 2001:4860:4860::8844@853
 forward-tls-upstream: yes

forward-zone:
 name: "blogger.com."
 forward-addr: 2001:4860:4860::8888@853
 forward-addr: 8.8.8.8@853
 forward-addr: 2001:4860:4860::8844@853
 forward-tls-upstream: yes

forward-zone:
 name: "android.com."
 forward-addr: 2001:4860:4860::8888@853
 forward-addr: 8.8.8.8@853
 forward-addr: 2001:4860:4860::8844@853
 forward-tls-upstream: yes

forward-zone:
 name: "doubleclick.com."
 forward-addr: 2001:4860:4860::8888@853
 forward-addr: 8.8.8.8@853
 forward-addr: 2001:4860:4860::8844@853
 forward-tls-upstream: yes

forward-zone:
 name: "adwords.com."
 forward-addr: 2001:4860:4860::8888@853
 forward-addr: 8.8.8.8@853
 forward-addr: 2001:4860:4860::8844@853
 forward-tls-upstream: yes

forward-zone:
 name: "googleanalytics.com."
 forward-addr: 2001:4860:4860::8888@853
 forward-addr: 8.8.8.8@853
 forward-addr: 2001:4860:4860::8844@853
 forward-tls-upstream: yes

forward-zone:
 name: "google-analytics.com."
 forward-addr: 2001:4860:4860::8888@853
 forward-addr: 8.8.8.8@853
 forward-addr: 2001:4860:4860::8844@853
 forward-tls-upstream: yes

forward-zone:
 name: "waze.com."
 forward-addr: 2001:4860:4860::8888@853
 forward-addr: 8.8.8.8@853
 forward-addr: 2001:4860:4860::8844@853
 forward-tls-upstream: yes

forward-zone:
 name: "1e100.net."
 forward-addr: 2001:4860:4860::8888@853
 forward-addr: 8.8.8.8@853
 forward-addr: 2001:4860:4860::8844@853
 forward-tls-upstream: yes

forward-zone:
 name: "googleusercontent.com."
 forward-addr: 2001:4860:4860::8888@853
 forward-addr: 8.8.8.8@853
 forward-addr: 2001:4860:4860::8844@853
 forward-tls-upstream: yes

forward-zone:
 name: "g.com."
 forward-addr: 2001:4860:4860::8888@853
 forward-addr: 8.8.8.8@853
 forward-addr: 2001:4860:4860::8844@853
 forward-tls-upstream: yes

forward-zone:
 name: "goo.gl."
 forward-addr: 2001:4860:4860::8888@853
 forward-addr: 8.8.8.8@853
 forward-addr: 2001:4860:4860::8844@853
 forward-tls-upstream: yes

forward-zone:
 name: "ytimg.com."
 forward-addr: 2001:4860:4860::8888@853
 forward-addr: 8.8.8.8@853
 forward-addr: 2001:4860:4860::8844@853
 forward-tls-upstream: yes


forward-zone:
 name: "yt.be."
 forward-addr: 2001:4860:4860::8888@853
 forward-addr: 8.8.8.8@853
 forward-addr: 2001:4860:4860::8844@853
 forward-tls-upstream: yes

forward-zone:
 name: "youtu.be."
 forward-addr: 2001:4860:4860::8888@853
 forward-addr: 8.8.8.8@853
 forward-addr: 2001:4860:4860::8844@853
 forward-tls-upstream: yes

forward-zone:
 name: "google.co.uk."
 forward-addr: 2001:4860:4860::8888@853
 forward-addr: 8.8.8.8@853
 forward-addr: 2001:4860:4860::8844@853
 forward-tls-upstream: yes

# Cloudflare related queries to 1.1.1.1
forward-zone:
 name: "cloudflare.com."
 forward-addr: 2606:4700:4700::1111@853
 forward-addr: 1.1.1.1@853
 forward-addr: 2606:4700:4700::1001@853
 forward-tls-upstream: yes

forward-zone:
 name: "cloudflare.at."
 forward-addr: 2606:4700:4700::1111@853
 forward-addr: 1.1.1.1@853
 forward-addr: 2606:4700:4700::1001@853
 forward-tls-upstream: yes

forward-zone:
 name: "cloudflare.us."
 forward-addr: 2606:4700:4700::1111@853
 forward-addr: 1.1.1.1@853
 forward-addr: 2606:4700:4700::1001@853
 forward-tls-upstream: yes

forward-zone:
 name: "cloudflare.co.at."
 forward-addr: 2606:4700:4700::1111@853
 forward-addr: 1.1.1.1@853
 forward-addr: 2606:4700:4700::1001@853
 forward-tls-upstream: yes

## All the rest to upstream (currently quad9)
forward-zone:
 name: "."
 forward-addr: 2620:fe::11@853 # quad9.net secondary
 forward-addr: 9.9.9.11@853         # quad9.net primary
 forward-addr: 2620:fe::fe:11@853 # quad9.net secondary
 forward-tls-upstream: yes
1 Like