Quad9

From Wikipedia, the free encyclopedia
Jump to navigation Jump to search

Quad9 is a nonprofit organization supported by IBM, Packet Clearing House (PCH), Global Cyber Alliance (GCA), and many other cybersecurity organizations for the purpose of operating a privacy-and-security-centric public DNS resolver.[1][2] Its main differentiator from other open DNS resolvers is that it automatically blocks domains known to be associated with malicious activity,[3][4] and does not log the IP address of its users that sent queries to it.[5]

Service[edit]

IP addresses[edit]

Quad9 operates recursive name servers for public use at the following IP addresses. These addresses are mapped to the nearest operational server by anycast routing. Quad9 offers DNS over TLS over port 853,[6] DNS over HTTPS over port 443,[7] and DNSCrypt over port 443.[8]

Recommended (Secure)
IPv4 addresses[9] 9.9.9.9

149.112.112.112

IPv6 addresses[9] 2620:fe::fe

2620:fe::9

Quad9 is accessible via the anycast IP addresses for IPv4: 9.9.9.9 (hence its name) and 149.112.112.112, and IPv6: 2620:fe::fe and 2620:fe::fe:9.[10] This service supports DNS encryption, DNSSEC, and malicious domain blocking.

An unsecured or vanilla service that only supports DNS encryption is available on IPv4: 9.9.9.10 and 149.112.112.10, and IPv6: 2620:fe::10 and 2620:fe::fe:10.[10] This service does not support DNSSEC and malicious domain blocking.

A secured service supporting ECS is reachable on IPv4: 9.9.9.11 and 149.112.112.11, and IPv6: 2620:fe::11 and 2620:fe::fe:11.[10] This service supports DNS encryption, DNSSEC, EDNS Client Subnet, and malicious domain blocking.

Quad9 do not publish or recommend checking the Static SPKI Fingerprint and require a TLS Hostname of dns.quad9.net when concerned with DNS over TLS.

See also[edit]

References[edit]

  1. ^ "About Quad9 DNS". Quad9. Retrieved 2018-04-08.
  2. ^ "Quad9". Global Cyber Alliance. Retrieved 2018-04-08.
  3. ^ "FAQ: How does Quad9 protect me from malicious domains?". Quad9. Retrieved 2018-04-08.
  4. ^ "New "Quad9" DNS service blocks malicious domains for everyone". Ars Technica. Retrieved 2018-04-08.
  5. ^ "Quad9 Privacy Policy". Quad9. Retrieved 2018-04-08.
  6. ^ "FAQ: Does Quad9 support DNS over TLS?". Quad9. Retrieved 2018-04-08.
  7. ^ "FAQ: Does Quad9 support DNS over HTTPS (DoH)?". Quad9. Retrieved 2018-10-05.
  8. ^ "DNSCrypt Now in Testing". Quad9. Retrieved 2018-10-22.
  9. ^ a b "DNS Need to Know Info". Quad9. Retrieved 2018-10-05.
  10. ^ a b c "DoH with Quad9 DNS Servers". Quad9. Retrieved 2018-10-05.

External Links[edit]