Thanks. That’s unfortunate but it is what it is.

I did try CIRA but found their performance lacking. The latency was higher than some of the other resolvers I’ve tried. Having said that, it was a while ago so maybe I’ll try them again to see if they’ve improved.

Are you using CIRA? If so, how do you like it?

---

@toolcubed wrote:

Are you using CIRA? If so, how do you like it?

---

Like it from what perspective?  I just want a DNS service to resolve DNS queries and to have a high uptime.  I don't use them for parental controls, ad blocking or any other value-added function.  If they block malicious sites that come online, that's a nice bonus... so long as they do not not break access to any major services.

For third-party DNS services, I have used CIRA, Quad9 and Cloudflare.  They all perform well enough for me, and I do not have any concerns about any of those organizations from a privacy or a business ethics perspective.  I, personally, feel that they are all better choices than using Rogers DNS.

I have DNS over TLS configured on my firewall, and I used Quad9 for quite a while without any complaints.  It just worked -- no surprises, no weird behaviour.  A few months ago, I switched to Cloudflare because people complained about how "slow" Quad9 was.  I can't say that I noticed any difference in normal use.  I don't use any sites or services that require a massive number of DNS lookups.  If Quad9 requires another millisecond to perform a lookup, so be it.

To be honest, the biggest performance hit that I get is transiting Rogers' DOCSIS network which, on a good day, adds 20-25ms of latency to every data packet and acknowledgement.

If you want to give DNS over TLS a try, start using it with Cloudflare, just to see whether or not the added privacy/security is worth the performance hit.  Then try your preferred DNS provider to see if you notice any difference.

Thanks for the detailed response. I’ve switched to CIRA (using DoT with their “protected” filter that blocks malware) and it actually seems pretty good. Much better than my previous experience with them. They must’ve improved their IP transit performance. My pings to Google are a good 10-15ms lower than they were with Quad9, which is what I was using before. 18ms avg with CIRA compared to 30-35 avg with Quad9.

With Quad9, I had too many false unresolved queries, having to refresh multiple times to get certain pages to load. I also didn’t like the fact that Rogers routed me to Quad9’s New York and Virginia servers. The most recent issue (which was the final nail in the coffin that made me want to ditch Quad9) is that they had a routing leak in Asia a few days ago, which caused me to get routed to their server in Kazakhstan, and thus, significantly increased latency for several days.

I used Cloudflare before. Their performance was good but I experienced two minor outages while using them. I also experienced two very strange and unrelated issues while using their service. I won’t get into the details here. Lastly, I wanted a resolver with good malware blocking performance and Cloudflare’s isn’t great. That led me to switch to Quad9 at the time.

Anyway, CIRA seems pretty good. Their latency seems to be on par with Cloudflare’s (i.e. it’s low) and I like the fact that they’re Canadian. I’ll stick with them for a while and see how it goes.

Thanks again.

Well…that didn’t last long. I came across an interesting piece of news about allegations against CIRA’s CEO, which was first reported in The Star a few years ago.

Apparently, some CIRA staff members were working on configuring a new laptop for the CEO and came across explicit pictures of him on his old laptop’s hard drive. They brought it up to HR because they didn’t feel comfortable with continuing the setup after finding the pics. CIRA then fired those staff members while the CEO kept his position.

If that’s how they manage a situation of that nature, then I simply can’t trust them and I’m not comfortable using their service. I’ve switched back to Rogers DNS for now.