revengineer 122 Posted February 18, 2019 Share Posted February 18, 2019 After beating my head against the wall for hours yesterday, I thought a share a useful tidbit of information. Last year, I set up my pfsense firewall to use both Cloudflare (1.1.1.1) and Quad9 (9.9.9.9) DNS. I chose these providers because they support DNS over TLS. Recently I started having significant issues with Live TV not loading or aborting. After hours of investigation yesterday, I found that the URL from my IPTV provider was sometimes not resolving. I used dnschecker.org to identify Quad9 as the culprit. Reading the FAQ on the Quad9 website, I found that they have a black list to protect you from "bad stuff" and they blacklisted my IPTV provider. So when the DNS resolution came back as non-existent, my IPTV would bomb. The problem could be resolved by using 9.9.9.10 instead of 9.9.9.9 but the former does not provide DNSSEC. So I ditched Quad9 all together and use Cloudflare only. Problem solved (at least for now)! I reported the above issue to my IPTV provided and two hours later they swapped out the IP address. So Quad9 is working for now but only until they decide to blacklist the site again. So it will be hit or miss in the future. I do enough filtering on my end and I like to determine myself what good and bad is. So I do not need my DNS provider to contribute here. Link to comment Share on other sites More sharing options...
Luke 37009 Posted February 19, 2019 Share Posted February 19, 2019 Thanks for the info ! Link to comment Share on other sites More sharing options...
Carlo 4330 Posted February 21, 2019 Share Posted February 21, 2019 After beating my head against the wall for hours yesterday, I thought a share a useful tidbit of information. Last year, I set up my pfsense firewall to use both Cloudflare (1.1.1.1) and Quad9 (9.9.9.9) DNS. Quad9 plays havoc with Kodi as well I've heard. You're obviously on top of things running pfsense but I generally recommend to others to get a "decent" home router such as an ASUS that has built in Trend Micro blocking (options that can be turned on). For most home users this seems to be pretty ideal (surprisingly). That combined with Google DNS servers works really well and block the nasty phishing type sites that you actually don't want people in your household to end up on. Pretty good but not overly protective in a bad way. There for sure are better solutions but it's free with router purchase so... Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now