DNS-Dienst Quad9 covers last massive problem in Frankfurt


The nonprofit DNS service Quad9 appears to be suffering from its own success: Germany’s responsible server cluster in Frankfurt is currently overflowing. At the moment, a very high percentage does not react at all to DNS requests, sometimes the loss reaches an exorbitant level with a third (30-35%). The answers sometimes take a second or two to appear.

If the service, which recently moved to the more data-friendly Switzerland, is stored in the router as the sole DNS resolver, the loss and high latency, for example, significantly delay the complete creation of websites. Because the DNS resolver must first have domain names like ct.de to IP addresses ( and 2a02: 2e0: 3fe: 1001: 302: translate before the browser can load page elements.

The effect also confuses the Fritz boxes, on which Quad9 is configured with the encryption protocol DNS over TLS (DoT) as a resolver (translator between domain names and IP addresses). A reader then only helped to reestablish the Internet connection on his router – which quickly becomes annoying if 50 DoTs are aborted in a week.

Linux dnsping tool reveals that Quad9’s server cluster in Frankfurt is currently experiencing huge load issues. The origin of the DNS response is revealed by a “dig + nsid @ ct.de | grep NSID ”. The name of the respective resolver is deleted, for example res720.fra.rrdns.pch.net.

The current unreliability of Quad9 leads not only to a seemingly very slow internet in the networks behind the routers, but also when configured as a DNS resolver directly on the smartphone: If there is no response, clients make their name requests after a timeout – typically 5 seconds – again. When they get a response, they can finally reload images or embedded elements from other sites, for example websites. The higher the loss, the slower the page is completely built.

The editors of c’t noticed an unusually large loss in the single-digit percentage range with unencrypted DNS queries two weeks ago, and sometimes even longer, and reported it to Quad9 support. He cited an increasing volume of DNS queries as the reason for the dropouts in the Frankfurt cluster. Quad9 is working on increasing capacity in Frankfurt and activating new servers close to the network to better serve this region.

Not much has improved since. On the morning of September 29, we measured a 23% loss with the Linux dnsping tool with an average response time of 135 milliseconds. Other systems generally respond in less than 20 ms and with much lower loss (maximum 0.1%). When we asked again, Quad9 said new servers are being prepared for the Frankfurt cluster. As a nonprofit, not-for-profit organization, one depends on donations from its users and cannot expand infrastructure at the same rate as commercial providers.

Anyone who is currently using Quad9 as their only DNS resolver and notices a slow website structure should temporarily dodge another service – and possibly donate to upgrade the Quad9 infrastructure (link on the Quad9 page). The situation can also be relaxed by simply entering additional resolvers in the configuration of the router or the respective client software. This is also recommended for the Stubby software client as it distributes DNS queries to the registered resolver and thus protects privacy a bit better.

More from c't magazine

More from c't magazine

More from c't magazine

More from c't magazine


Source of the article

Disclaimer: This article is generated from the feed and is not edited by our team.


Previous Domain Name System (DNS) Firewall Market Size, Growth, and Key Companies - Cloudflare, Infoblox, BlueCat, EfficientIP, EonScope, Nominum, Cisco - Today Newspaper
Next Facebook is alive, DNS issues resolved after six hours of darkness

No Comment

Leave a reply

Your email address will not be published.