Consultez nos guides d'installation et la FAQ, ou utilisez la barre de recherche ci-dessous pour trouver des informations pertinentes.
When Quad9 blocks a domain, the response contains the NXDOMAIN code. That code is also returned when a domain does not exist. To differentiate between domains that are nonexistent and blocked, we set the authority bit differently. When you receive an NXDOMAIN with authority 0, that is a block from Quad9. When you receive an NXDOMAIN with authority 1, then that is a domain that does not exist.
A domain will also fail to resolve if DNSSEC authentication fails, but that will result in the SERVFAIL code instead of NXDOMAIN.
$ dig @9.9.9.9 isitblocked.org
; <<>> DiG 9.11.3-1ubuntu1.11-Ubuntu <<>> @9.9.9.9 isitblocked.org
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 33072
;; flags: qr rd ad; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
;; WARNING: recursion requested but not available
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1500
;; QUESTION SECTION:
;isitblocked.org. IN A
;; Query time: 8 msec
;; SERVER: 9.9.9.9#53(9.9.9.9)
;; WHEN: Tue Oct 06 17:23:03 EDT 2020
;; MSG SIZE rcvd: 44
$ dig @9.9.9.9 sfaisofnadgre.odafds
; <<>> DiG 9.11.3-1ubuntu1.11-Ubuntu <<>> @9.9.9.9 sfaisofnadgre.odafds
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 44310
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;sfaisofnadgre.odafds. IN A
;; AUTHORITY SECTION:
. 2092 IN SOA a.root-servers.net. nstld.verisign-grs.com. 2020100602 1800 900 604800 86400
;; Query time: 10 msec
;; SERVER: 9.9.9.9#53(9.9.9.9)
;; WHEN: Tue Oct 06 17:21:05 EDT 2020
;; MSG SIZE rcvd: 124
$ dig @9.9.9.9 A brokendnssec.net +dnssec
; <<>> DiG 9.16.25 <<>> @9.9.9.9 A brokendnssec.net +dnssec
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 13075
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags: do; udp: 512
; EDE: 10 (RRSIGs Missing)
;; QUESTION SECTION:
;brokendnssec.net. IN A
;; Query time: 163 msec
;; SERVER: 9.9.9.9#53(9.9.9.9)
;; WHEN: Mon Feb 21 19:23:10 CET 2022
;; MSG SIZE rcvd: 51
nslookup -debug -type=a isitblocked.org 9.9.9.9
------------
Got answer:
HEADER:
opcode = QUERY, id = 1, rcode = NOERROR
header flags: response, want recursion, recursion avail.
questions = 1, answers = 1, authority records = 0, additional = 0
QUESTIONS:
9.9.9.9.in-addr.arpa, type = PTR, class = IN
ANSWERS:
-> 9.9.9.9.in-addr.arpa
name = dns9.quad9.net
ttl = 41243 (11 hours 27 mins 23 secs)
------------
Server: dns9.quad9.net
Address: 9.9.9.9
------------
Got answer:
HEADER:
opcode = QUERY, id = 2, rcode = NXDOMAIN
header flags: response, want recursion
questions = 1, answers = 0, authority records = 0, additional = 0
QUESTIONS:
isitblocked.org, type = A, class = IN
------------
------------
Got answer:
HEADER:
opcode = QUERY, id = 3, rcode = NXDOMAIN
header flags: response, want recursion
questions = 1, answers = 0, authority records = 0, additional = 0
QUESTIONS:
isitblocked.org, type = A, class = IN
------------
*** dns9.quad9.net can't find isitblocked.org: Non-existent domain
nslookup -debug -type=a a89s0d809as8d90as8d09a8d09sa8.com 9.9.9.9
------------
Got answer:
HEADER:
opcode = QUERY, id = 1, rcode = NOERROR
header flags: response, want recursion, recursion avail.
questions = 1, answers = 1, authority records = 0, additional = 0
QUESTIONS:
9.9.9.9.in-addr.arpa, type = PTR, class = IN
ANSWERS:
-> 9.9.9.9.in-addr.arpa
name = dns9.quad9.net
ttl = 40065 (11 hours 7 mins 45 secs)
------------
Server: dns9.quad9.net
Address: 9.9.9.9
------------
Got answer:
HEADER:
opcode = QUERY, id = 2, rcode = NXDOMAIN
header flags: response, want recursion, recursion avail.
questions = 1, answers = 0, authority records = 1, additional = 0
QUESTIONS:
a89s0d809as8d90as8d09a8d09sa8.com, type = A, class = IN
AUTHORITY RECORDS:
-> com
ttl = 896 (14 mins 56 secs)
primary name server = a.gtld-servers.net
responsible mail addr = nstld.verisign-grs.com
serial = 1645468196
refresh = 1800 (30 mins)
retry = 900 (15 mins)
expire = 604800 (7 days)
default TTL = 86400 (1 day)
------------
------------
Got answer:
HEADER:
opcode = QUERY, id = 3, rcode = NXDOMAIN
header flags: response, want recursion, recursion avail.
questions = 1, answers = 0, authority records = 1, additional = 0
QUESTIONS:
a89s0d809as8d90as8d09a8d09sa8.com, type = A, class = IN
AUTHORITY RECORDS:
-> com
ttl = 895 (14 mins 55 secs)
primary name server = a.gtld-servers.net
responsible mail addr = nstld.verisign-grs.com
serial = 1645468196
refresh = 1800 (30 mins)
retry = 900 (15 mins)
expire = 604800 (7 days)
default TTL = 86400 (1 day)
------------
*** dns9.quad9.net can't find a89s0d809as8d90as8d09a8d09sa8.com: Non-existent domain
nslookup -debug -type=a brokendnssec.net 9.9.9.9
------------
Got answer:
HEADER:
opcode = QUERY, id = 1, rcode = NOERROR
header flags: response, want recursion, recursion avail.
questions = 1, answers = 1, authority records = 0, additional = 0
QUESTIONS:
9.9.9.9.in-addr.arpa, type = PTR, class = IN
ANSWERS:
-> 9.9.9.9.in-addr.arpa
name = dns9.quad9.net
ttl = 40413 (11 hours 13 mins 33 secs)
------------
Server: dns9.quad9.net
Address: 9.9.9.9
------------
Got answer:
HEADER:
opcode = QUERY, id = 2, rcode = SERVFAIL
header flags: response, want recursion, recursion avail.
questions = 1, answers = 0, authority records = 0, additional = 0
QUESTIONS:
brokendnssec.net, type = A, class = IN
------------
------------
Got answer:
HEADER:
opcode = QUERY, id = 3, rcode = SERVFAIL
header flags: response, want recursion, recursion avail.
questions = 1, answers = 0, authority records = 0, additional = 0
QUESTIONS:
brokendnssec.net, type = A, class = IN
------------
*** dns9.quad9.net can't find brokendnssec.net: Server failed