> On Oct 30, 2023, at 07:58, Livingood, Jason <jason_living...@comcast.com>
> wrote:
>
> On 10/27/23, 19:01, "NANOG on behalf of Owen DeLong wrote:
>
>> If it’s such a reasonable default, why don’t any of the public resolvers
>> (e.g. 1.1.1.1, 8.8.8.8, 9.9.9.9, etc.) do so?
>> DNS isn’t the right place to attack this, IMHO.
>
> Are we sure that the filtering is done in the default view - I would suggest
> the user check to ensure they don't have a filtering service (e.g. parental
> controls/malware protection) turned on. In my **personal** opinion, the
> default view should have DNSSEC validation & no filtering; users can always
> optionally select additional protection services that might include DNS-based
> filtering as well as other mechanisms.
>
> JL
>
Looks like 9.9.9.9 is filtered but ONLY for actual verified security threats,
not spam, etc.
If you want unfiltered, they offer 9.9.9.10.
Cloudflare offers two different filtered services, but 1.1.1.1 remains
unfiltered.
1.1.1.2 is “No Malware”
1.1.1.3 is “No Malware or Adult Content”
So yes, apparently one (and only one) public resolver now filters by default.
I stand by my statement… It should be an opt-in choice, not a default.
Owen
