Quad9 DNS outage today? (sometime around 12:30-14:30 Eastern)

  • SpinRite v6.1 Release #3
    Guest:
    The 3rd release of SpinRite v6.1 is published and may be obtained by all SpinRite v6.0 owners at the SpinRite v6.1 Pre-Release page. (SpinRite will shortly be officially updated to v6.1 so this page will be renamed.) The primary new feature, and the reason for this release, was the discovery of memory problems in some systems that were affecting SpinRite's operation. So SpinRite now incorporates a built-in test of the system's memory. For the full story, please see this page in the "Pre-Release Announcements & Feedback" forum.
    /Steve.
  • Be sure to checkout “Tips & Tricks”
    Dear Guest Visitor → Once you register and log-in please checkout the “Tips & Tricks” page for some very handy tips!

    /Steve.
  • BootAble – FreeDOS boot testing freeware

    To obtain direct, low-level access to a system's mass storage drives, SpinRite runs under a GRC-customized version of FreeDOS which has been modified to add compatibility with all file systems. In order to run SpinRite it must first be possible to boot FreeDOS.

    GRC's “BootAble” freeware allows anyone to easily create BIOS-bootable media in order to workout and confirm the details of getting a machine to boot FreeDOS through a BIOS. Once the means of doing that has been determined, the media created by SpinRite can be booted and run in the same way.

    The participants here, who have taken the time to share their knowledge and experience, their successes and some frustrations with booting their computers into FreeDOS, have created a valuable knowledgebase which will benefit everyone who follows.

    You may click on the image to the right to obtain your own copy of BootAble. Then use the knowledge and experience documented here to boot your computer(s) into FreeDOS. And please do not hesitate to ask questions – nowhere else can better answers be found.

    (You may permanently close this reminder with the 'X' in the upper right.)

saguaro

Active member
Oct 22, 2020
31
4
Did anyone experience disruption using Quad9 today? I had 4+ websites not load, while others were fine. At one point I couldn't reach www.sans.org, register.gotowebinar.com, and a subdomain of usps.com, among others. I manually checked with dig and got some "no response" and some responses that had no IP address:
Rich (BB code):
user ~ % dig @9.9.9.9 register.gotowebinar.com
; <<>> DiG 9.10.6 <<>> @9.9.9.9 register.gotowebinar.com
; (1 server found)
;; global options: +cmd
;; connection timed out; no servers could be reached
user ~ % dig @9.9.9.9 www.sans.org
; <<>> DiG 9.10.6 <<>> @9.9.9.9 www.sans.org
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 13279
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;www.sans.org. IN A
;; Query time: 35 msec
;; SERVER: 9.9.9.9#53(9.9.9.9)
;; WHEN: Wed Dec 16 12:49:57 EST 2020
;; MSG SIZE rcvd: 41
 
I do not use 9.9.9.9, but I asked a friend of mine for you. I'll try to let you know the response when I get it.

But I did find this if this might be useful for you.

Looks like 100% uptime to me.
 
I wasn't online in your timeframe, but I have had Quad9 stop responding for me for brief outages in the past. I would query and fail, but then check Google (8.8.8.8) and it would be working fine. It never seemed to last long when it happened. It did cause me to make 9.9.9.9 be my primary and 8.8.8.8 as my secondary.
PHolder2020Dec17DNS.png
 
I wasn't online in your timeframe, but I have had Quad9 stop responding for me for brief outages in the past. I would query and fail, but then check Google (8.8.8.8) and it would be working fine. It never seemed to last long when it happened. It did cause me to make 9.9.9.9 be my primary and 8.8.8.8 as my secondary.
I use Quad9 for their malware filtering, so setting Google's defeats the purpose. Don't know what device you have for local DNS server, but apparently the logic used for the DNS server alternates varies. Some cycle requests through the list of DNS servers, some will go to the alternate when the primary doesn't respond fast enough, etc.

I had configured 1.1.1.2 as a backup, which also has similar features, but some say not as good. Probably headed for NextDNS anyway.

PS: Quad9 confirmed the outage or disruption by email, but no other info.
 
As an example of the lack of control over where your DNS forwarding is sent, these stats come from when i added 1.1.1.2 as a third nameserver after the Quad9 outage was resolved--basically 48 hrs. Somehow more requests went there than the primary and secondary combined.

Server: 1.1.1.2 Queries sent: 25028 Queries retried or failed: 32 Server: 149.112.112.112 Queries sent: 4404 Queries retried or failed: 28 Server: 9.9.9.9 Queries sent: 13843 Queries retried or failed: 25
 
You router appears to be the type that uses the fastest responding DNS server.

I think I remember an OpenWRT router would use my ISP DNS by default beside the DHCP would add it as the 3rd router on the list because OpenDNS only has two IPs for me, and somehow dnsmasq would find out that was the fastest DNS server to use, so most queries would go there (I added an option in the config box so that it would use OpenDNS instead, but that was annoying), so for you, 1.1.1.2 is the fastest DNS server from your location.
 
You router appears to be the type that uses the fastest responding DNS server.

I think I remember an OpenWRT router would use my ISP DNS by default beside the DHCP would add it as the 3rd router on the list because OpenDNS only has two IPs for me, and somehow dnsmasq would find out that was the fastest DNS server to use, so most queries would go there (I added an option in the config box so that it would use OpenDNS instead, but that was annoying), so for you, 1.1.1.2 is the fastest DNS server from your location.
Indeed, probably because it's running dnsmasq as well. I wasn't aware of that behavior before. Anyway, the point is that selecting configuring several dns servers may not have the effect one expects--especially if one uses a service for filtering.

If one relies on DNS to provide malware or "family-friendly" filtering, configuring another "backup" service may well result in defeating the filtering...