Detects domains blocked by Quad9's threat intelligence by comparing the secure resolver (9.9.9.9) against the unsecured peer (9.9.9.10). No API key required; enabled by default via the enable_quad9 user option.
