I noticed that Quad 9 is not able to respond to the spy.pet query:

$ dig spy.pet @9.9.9.9 +short
;; communications error to 9.9.9.9#53: timed out

But Cloudflare DNS is able to do it:

$ dig spy.pet @1.1.1.1 +short
104.26.0.165
104.26.1.165
172.67.74.73

And to be sure, I checked another domain with the same TLD to rule out the option that Quad9 is unable to handle the .pet TLD, but I received a correct answer…

$ dig hello.pet @9.9.9.9 +short
3.64.163.50

Does Quad9 censor DNS queries?

  • Monkey With A Shell@lemmy.socdojo.com
    link
    fedilink
    arrow-up
    2
    ·
    8 months ago

    How much simpler can I make this…

    You have a primary ‘master’ server in the pool.

    Replica/cache servers periodically ask the master for any updates.

    Master gives a new update, which is a sinkhole for a marked malicious domain.

    Replica/cache server now resolves malicious domain to the sinkhole address.

    This is not a ‘feature’ you have to implement, it’s a basic function of running a redundant DNS system.