ebersman> And EDNS client subnet mostly works. bortzmeyer> It is awful, privacy-wise, complicates the cache a lot and bortzmeyer> seriously decreases hit rate in cache (since the key to a bortzmeyer> cached resource is no longer type+name but bortzmeyer> type+name+source_address). I was trying to be kind. Yes. It was a hack that solved a problem for a particular pair of CDN and anycast resolver but tends to be a bad idea for much of the world. But it's there and does sometimes improve CDN performance. I seem to recall that quad9 has (or will shortly) different IPs so you can choose if you want to have ECS in your queries or not. bortzmeyer> It is not just an issue of knowledge and skills. Even if you bortzmeyer> have both, you may lack time, and prefer a shrink-wrapped bortzmeyer> solution. The future is in "boxes" which are both bortzmeyer> ready-to-use (for the guy who lacks sysadmin skills, and/or bortzmeyer> lacks time) and open (for the tinkerer). The Turris Omnia bortzmeyer> <https://omnia.turris.cz/en/> is a very good example. Indeed. The vast majority of the world doesn't even know DNS exists, much less wants to dive into all sorts of obscure settings. They want to go to the local big-box electronics store and buy a "solution". And the Turris box is a great solution but way more than most consumers will spend. I have hopes the new Turris modular approach will mean a lower price point so we have more of these and less cheap/crappy CPEs on the internet. In the pipe dream category, it would be great to think that as IoT becomes unavoidable, we'll get more boxes that do auto-update. But I'm not holding my breath...