It appears that <niels=nanog@bakker.net> said:
* Owen DeLong [Sat 28 Oct 2023, 01:00 CEST]:
If it’s such a reasonable default, why don’t any of the public resolvers (e.g. 1.1.1.1, 8.8.8.8, 9.9.9.9, etc.) do so?
It's generally a service that's offered for money. Quad9 definitely offer it: https://www.quad9.net/service/threat-blocking
Not really for money. Quad9, Cloudflare, and OpenDNS provide filtered DNS for free. There are expensive versions for enterprise networks but there's plenty of malware filtering DNS for users. I'm with you about the purity argument. While it certainly would be possible to use DNS filtering for political reasons (the "family friendly" versions arguably do that), the amount of malware and phish is a large and real threat. By the way, don't miss Interisle's new report on the cybercrime supply chain. They (we, actually) found five millions domains used in crime of at least a million were registered only to do crime. https://interisle.net/CybercrimeSupplyChain2023.html R's, John