On 2017-11-23 11:23, Toralf Förster wrote:
On 11/23/2017 03:10 AM, Dave Warren wrote:
One note, 9.9.9.10 does no filtering, but sadly also doesn't enforce DNSSEC. It has the same privacy policy and similar.
The former is good, the later not a problem, b/c DNSSEC validation has to be made by the client nevertheless.
In theory, sure. But for users who don't understand DNSSEC and use an OS that doesn't do this for them, having the server block DNSSEC failures is better than nothing.