Be cautious with Quad9; their main address (9.9.9.9) has a "malware" blacklist that has misfired several times already: twice for a private torrent tracker, once for gist.github.com, issue was resolved within minutes to hours. They have a non-filtered address (9.9.9.10), but it doesn't do DNSSEC verification. IMO they're too unreliable to be worth the hassle.
Quad9 employs DNSSEC on all endpoints now. https://quad9.net/news/blog/quad9-enables-dnssec-on-all-serv...
This is great, thanks for the correction! I tried resolving dnssec-failed.org and it does indeed fail with EDE 6 (DNSSEC Bogus). I'm not sure why this hasn't been updated on the info page[0] yet, given that the change is about three months old.
[0]: https://quad9.net/service/service-addresses-and-features/
Was about to comment this. I actually don't like advert or malware blocking on my public DNS resolvers. It sounds cool but annoying when it misfires.
Once Quad9 blocked Halo MCC XBOX Live -> Steam achievements, several fileshare services (probably used for malware somewhere but not my usage) etc...
1.1.1.1 blocked archive.is or got blocked by them or something...
Gone back to Google DNS (gasp) for now, yes as a European... no blocking, fast, never goes down.
It's fine when it's a non default option. Like use x.x.x.x for DNS, x.x.x.y for DNS+adblocking, x.x.x.z for totalitarian corporate blocklist that doesn't let you do anything fun
I believe cloudflare only blocked archive.is on their "Families" filtered dns. I've been using their normal 1.1.1.1 and haven't encountered any blocks.
IIRC the block was on archive.today's side as a protest against 1.1.1.1 intentionally not supporting ECS.
https://news.ycombinator.com/item?id=36971650
https://news.ycombinator.com/item?id=19828702
This is what I am referring to. But from an end-user side, one option does not work, and one does work. Then I will use the working DNS.
Yesterday 1.1.1.1 failed to resolved "theinformation.com" (hosted on CF itself!) for many hours, answering NXDOMAIN.