celenity/Phoenix
8
198
Fork
You've already forked Phoenix
19

[ENHANCEMENT] Keep Quad9 in the DNS providers custom list #275

Closed
opened 2026年04月21日 15:16:58 +02:00 by ViperTheRipper · 1 comment

Confirmation Checklist

I’ve noticed in recent commits that future versions of IronFox might switch to Mullvad as the default DNS provider. I would like to request that you keep Quad9 in the custom list or consider reverting the change, based on security performance benchmarks.

According to tests conducted via GRC’s DNS Spoofability tool (grc.com/dns/dns.html), I’ve observed the following:

  • Mullvad DNS: Returns a "Moderate" result for Anti-Spoofing Safety.
  • Quad9: Consistently achieves an "Excellent" rating.

Quad9’s robust implementation of DNSSEC across all its endpoints (except for the 9.9.9.10 testing service) provides a significant layer of protection against cache poisoning and spoofing. This makes it a highly reliable choice for users prioritizing network integrity. You can find more details on their DNSSEC implementation here: https://quad9.net/news/blog/quad9-enables-dnssec-on-all-service-endpoints/

Given IronFox's focus on privacy and security, I believe providing Quad9 as a prominent option is essential for maintaining high safety standards.

Thank you for your hard work on this project!

### Confirmation Checklist - [x] I confirm that this feature is not already present on the **latest release** of Phoenix. You can check what the latest version is on [the `Releases` page](https://codeberg.org/celenity/Phoenix/releases). - [x] I confirm that this feature has **NOT** already been suggested on [the Codeberg issue tracker](https://codeberg.org/celenity/Phoenix/issues), [the GitLab issue tracker](https://gitlab.com/celenityy/Phoenix/-/issues), **and/or** [the GitHub issue tracker](https://github.com/celenityy/Phoenix/issues). I’ve noticed in recent commits that future versions of IronFox might switch to Mullvad as the default DNS provider. I would like to request that you keep Quad9 in the custom list or consider reverting the change, based on security performance benchmarks. According to tests conducted via GRC’s DNS Spoofability tool (grc.com/dns/dns.html), I’ve observed the following: - Mullvad DNS: Returns a "Moderate" result for Anti-Spoofing Safety. - Quad9: Consistently achieves an "Excellent" rating. Quad9’s robust implementation of DNSSEC across all its endpoints (except for the 9.9.9.10 testing service) provides a significant layer of protection against cache poisoning and spoofing. This makes it a highly reliable choice for users prioritizing network integrity. You can find more details on their DNSSEC implementation here: https://quad9.net/news/blog/quad9-enables-dnssec-on-all-service-endpoints/ Given IronFox's focus on privacy and security, I believe providing Quad9 as a prominent option is essential for maintaining high safety standards. Thank you for your hard work on this project!
ViperTheRipper changed title from (削除) [ENHANCEMENT] PLEASE REPLACE THIS TEXT WITH A SUMMARY OF YOUR SUGGESTION... (削除ここまで) to [ENHANCEMENT] Keep Quad9 in the DNS providers custom list 2026年04月21日 15:19:15 +02:00

Thank you for your feedback and support!

Our main concern with Quad9 is due to its domain lacking DNSSEC. While they do enforce DNSSEC resolution for sites that support it (which is great!), their address itself lacking DNSSEC is problematic, and my understanding is that weakens a lot of that protection.

So ultimately I think our default providers/resolver have to be reserved for the best of the best/highest quality options available, and I think requiring important privacy and security standards like DNSSEC is an important/necessary step in that direction. But, I can't lie - it is disappointing. Ideally, I'd prefer sticking to Quad9 - and I hope they do implement DNSSEC for their addresses so we can switch back to them in the future.

Thank you for your feedback and support! Our main concern with Quad9 is due to [its domain lacking DNSSEC](https://internet.nl/site/dns.quad9.net/3905982/#sitednssec). While they do enforce DNSSEC resolution for sites that support it *(which is great!)*, their address itself lacking DNSSEC is problematic, and my understanding is that weakens a lot of that protection. So ultimately I think our default providers/resolver have to be reserved for the best of the best/highest quality options available, and I think requiring important privacy and security standards like DNSSEC is an important/necessary step in that direction. But, I can't lie - it is disappointing. Ideally, I'd prefer sticking to Quad9 - and I hope they do implement DNSSEC for their addresses so we can switch back to them in the future.
Sign in to join this conversation.
No Branch/Tag specified
dev
pages
2026年07月08日.1
2026年06月10日.1
2026年05月21日.2
2026年05月21日.1
2026年04月27日.1
2026年03月31日.1
2026年03月30日.1
2026年02月23日.1
2026年02月16日.1
2026年01月21日.1
2025年12月23日.1
2025年11月27日.1
2025年11月07日.1
2025年10月26日.1
2025年10月12日.1
2025年10月03日.1
2025年09月07日.1
2025年08月06日.1
2025年07月30日.1
2025年07月11日.1
2025年06月24日.1
2025年06月12日.1
2025年06月10日.1
2025年06月06日.1
2025年06月02日.2
2025年06月02日.1
2025年05月11日.1
2025年04月27日.1
2025年04月15日.1
2025年04月11日.1
2025年04月02日.1
2025年03月25日.1
2025年03月20日.1
2025年03月12日.1
2025年03月05日.1
2025年02月28日.1
2025年02月21日.1
2024年02月18日.1
2025年02月14日.1
2025年02月13日.1
2025年02月01日.1
2025年01月30日.1
2025年01月27日.1
2025年01月24日.1
2025年01月22日.2
2025年01月22日.1
2025年01月20日.2
2025年01月20日.1
2025年01月19日.1
2025年01月14日.1
2025年01月13日.1
2025年01月12日.2
2025年01月12日.1
2025年01月06日.1
05January2025v1
20240103.2
20250103.1
20241229-1
20241225-1
20241216-1
20241211-1
20241204-1
20241203-1
31November2024v1
20241103-1
20240924-1
20240914-1
20240907-1
20240902-1
20240831-1
20240825-1
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
2 participants
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
celenity/Phoenix#275
Reference in a new issue
celenity/Phoenix
No description provided.
Delete branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?