Skip to content

use quad9 as DNS resolver for buildserver

quad9.net is a non-profit set up to provide a independent, private and trustworthy DNS resolver to the internet at large. By default, it includes blocking of malware domains, but at the same time, resists blocking orders on legitimate domains. I think the buildserver VM should use this for its DNS resolver.

  • Blocking malware domains seems like an easy win.
  • Resisting abusive DNS takedown orders lines up with our mission of accessibility
  • As ECH becomes available, then the sites the build is visiting would be more obfuscated, making profiling via the internet traffic flow much harder.

At this point, this would only be worth doing if it is easy. As ECH adoption grows, it'll become worth more.

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information