Quad9

From Wikipedia, the free encyclopedia
Jump to navigation Jump to search

Quad9 is a nonprofit public-benefit organization supported by IBM, Packet Clearing House (PCH), Global Cyber Alliance (GCA), and many other cybersecurity organizations for the purpose of operating a privacy-and-security-centric public DNS resolver.[1][2] Its main differentiation from other open DNS resolvers is that it automatically blocks domains known to be associated with malicious activity,[3][4] does not log the IP addresses of queries users send to it,[5] and have no commercial intention to profit from or distribute data obtained from end-users or partners.[5]

Service[edit]

The Quad9 DNS service operates recursive name servers for public use at the four following IP addresses. The addresses are mapped to the nearest operational server by anycast routing. Quad9 offers DNS over TLS over port 853,[6] DNS over HTTPS over port 443,[7] and DNSCrypt service over port 443.[8]

Category Recommended (Secure)[9]
IPv4 addresses 9.9.9.9[9]

149.112.112.112

IPv6 addresses 2620:fe::fe[9]

2620:fe::9

Quad9 is accessible via the anycast IP addresses for IPv4: 9.9.9.9 (hence its name) and 149.112.112.112, and IPv6: 2620:fe::fe and 2620:fe::9.[9] This service supports the malicious domain blocklist, DNSSEC, and all DNS encryption methods. Additionally, the service supports DNS over TLS on port 853 since its public launch using the domain of dns.quad9.net,[10] and support for DNS over HTTPS on port 443 was later added using the URL of https://dns.quad9.net/dns-query.[9]

Quad9 also offer an alternative service with no blocklist on IPv4: 9.9.9.10 and 149.112.112.10, and IPv6: 2620:fe::10 and 2620:fe::fe:10.[9] This service supports no malicious domain blocklist, no DNSSEC, and no DNS encryption methods.

A service supporting ECS is also available on IPv4: 9.9.9.11 and 149.112.112.11, and IPv6: 2620:fe::11 and 2620:fe::fe:11.[9] This service supports the malicious domain blocklist, DNSSEC, DNS encryption methods, and sends EDNS Client-Subnet.

See also[edit]

References[edit]

  1. ^ "About Quad9 DNS". Quad9. Retrieved 2018-04-08.
  2. ^ "Quad9". Global Cyber Alliance. Retrieved 2018-04-08.
  3. ^ "FAQ: How does Quad9 protect me from malicious domains?". Quad9. Retrieved 2018-04-08.
  4. ^ "New "Quad9" DNS service blocks malicious domains for everyone". Ars Technica. Retrieved 2018-04-08.
  5. ^ a b "Quad9 Privacy Policy". Quad9. Retrieved 2018-04-08.
  6. ^ "FAQ: Does Quad9 support DNS over TLS?". Quad9. Retrieved 2018-04-08.
  7. ^ "FAQ: Does Quad9 support DNS over HTTPS (DoH)?". Quad9. Retrieved 2018-10-05.
  8. ^ "DNSCrypt Now in Testing". Quad9. Retrieved 2018-10-22.
  9. ^ a b c d e f g "DoH with Quad9 DNS Servers". Quad9. Retrieved 2018-10-05.
  10. ^ "Enable Private DNS using Quad9 on Android 9". Quad9. Retrieved 2018-04-08.

External Links[edit]