When does Quad9 DNS delete logs?

I just read there privacy policy and they say nothing about deleting logs they do say the data go to the archive dose this mean they keep the logs forever?

What do they write?

All the above data may be kept in full or partial form in permanent archives.

What do they log?

When you use Quad9 DNS Services, here is the full list of items that are included in our logs:

Request domain name, e.g. example.net
Record type of requested domain, e.g. A, AAAA, NS, MX, TXT, etc.
Transport protocol on which the request arrived, i.e. TCP, UDP, and encryption status of the protocol
Origin IP general geolocation information: i.e. geocode, region ID, city ID, and metro code
Protocol version IP address – IPv4, or IPv6
Response code sent, e.g. SUCCESS, SERVFAIL, NXDOMAIN, etc.
Absolute arrival time
Name of the Quad9-operated machine that processed this request
Quad9 target IP to which this request was addressed (no relation to the user’s IP address)

We may keep the following data as summary information, including all the above EXCEPT for data about the DNS record requested:

Currently-advertised BGP-summarized IP prefix/netmask of apparent client origin
Autonomous system number (BGP ASN) of apparent client origin

So, if we assume that their policy lists everything that is logged, they obviously don’t log any personal data/PII. Even if they store these log files forever, it shouldn’t be “bad” for users of their DNS service.

Quad9 is GDPR-compliant. It doesn’t have logs to delete, because it doesn’t collect and log data in the first place.

There are counters of the numbers of certain kinds of events… Numbers of queries answered per time period, number on IPv4 vs IPv6, number on TCP vs UDP, etc. But none of that contains any IP addresses or user identifiers (we don’t have any concept of a “user” to tie them to), nor anything that’s unique to any specific query.

What would be the point of keeping logs, for us? It would just be a cost and a huge risk.

               -Bill Woodcock
                Board chair, Quad9
1 Like

So, if we assume that their policy lists everything that is logged, they obviously don’t log any personal data/PII. Even if they store these log files forever, it shouldn’t be “bad” for users of their DNS service.

Nah, the policy was just what some volunteer lawyers wrote back in the day. Essentially none of that actually gets collected. As I said, there are counters for some of that, but the difference between a counter being incremented and a log entry being created was more than lawyers seemed able to distinguish at the time.

Community projects always have a bit of a cobbler’s-children issue like this, I’m afraid. Eventually one of us will have time to go back and re-write all that. But it’s hard to prioritize it over the urgent deployment requests.