Leaving aside the desirability of DNS servers like Quad9 lying in their
answers, how do you distinguish an NXDOMAIN answer which is Quad9
telling you something you need to know, and any other NXDOMAIN reply, of
which there will probably be a large number?
Cheers,
Simon.
On 28/01/18 13:53,
Hello simon & folks,
After the launch of Quad9 where harmful domains return NXDOMAIN if a
query is made, I have developed a quick patch to log NXDOMAIN only,
and discover compromised devices on a local network instead of simply
blocking them.
[More info about quad9 here: https://www.quad9.net/]