From d7ce2be5f4588e5451aebc457adf778081e0a114 Mon Sep 17 00:00:00 2001
From: Filippo Valsorda <hi@filippo.io>
Date: Thu, 30 Sep 2021 20:38:03 -0400
Subject: [PATCH] net/dns/resolver: add unsecured Quad9 resolvers

DNSSEC is an availability issue, as recently demonstrated by the
Slack issue, with limited security advantage. DoH on the other hand
is a critical security upgrade. This change adds DoH support for the
non-DNSSEC endpoints of Quad9.

https://www.quad9.net/service/service-addresses-and-features#unsec
Signed-off-by: Filippo Valsorda <hi@filippo.io>
---
 net/dns/resolver/forwarder.go | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/net/dns/resolver/forwarder.go b/net/dns/resolver/forwarder.go
index 7576e8b7e..6ebeb745f 100644
--- a/net/dns/resolver/forwarder.go
+++ b/net/dns/resolver/forwarder.go
@@ -712,4 +712,10 @@ func init() {
 	addDoH("149.112.112.112", "https://dns.quad9.net/dns-query")
 	addDoH("2620:fe::fe", "https://dns.quad9.net/dns-query")
 	addDoH("2620:fe::fe:9", "https://dns.quad9.net/dns-query")
+	
+	// Quad9 -DNSSEC
+	addDoH("9.9.9.10", "https://dns10.quad9.net/dns-query")
+	addDoH("149.112.112.10", "https://dns10.quad9.net/dns-query")
+	addDoH("2620:fe::10", "https://dns10.quad9.net/dns-query")
+	addDoH("2620:fe::fe:10", "https://dns10.quad9.net/dns-query")
 }