Quad9
Quad9 is a public DNS resolver that blocks access to malware infected websites.[1][2] The service protects privacy by not logging the IP address of users who set their computers to send queries to it.[3][4]
CleanerDNS, Inc., a California non-profit corporation, operates Quad9. CleanerDNS is supported by IBM, Packet Clearing House (PCH), Global Cyber Alliance (GCA), other cyber-security organizations, and private donations.[5]
Service
IP addresses
Quad9 operates recursive name servers for public use at the following IP addresses. These addresses are mapped to the nearest operational server by anycast routing. Quad9 offers DNS over TLS over port 853,[6] DNS over HTTPS over port 443,[7] and DNSCrypt over port 443.[8]
Secured (Mainstream) | Unsecured | Secured with ECS support | |
---|---|---|---|
DoH addresses[9] | https://dns.quad9.net/dns-query https://dns9.quad9.net/dns-query (optional) |
https://dns10.quad9.net/dns-query | https://dns11.quad9.net/dns-query |
DoT addresses[10] | dns.quad9.net dns9.quad9.net (optional) |
dns10.quad9.net | dns11.quad9.net |
IPv4 addresses[9] | 9.9.9.9 149.112.112.112 149.112.112.9 (optional) |
9.9.9.10 149.112.112.10 |
9.9.9.11 149.112.112.11 |
IPv6 addresses[9] | 2620:fe::fe 2620:fe::fe:9 2620:fe::9 (optional) |
2620:fe::10 2620:fe::fe:10 |
2620:fe::11 2620:fe::fe:11 |
Quad9's primary DNS service is accessible via the IP addresses for IPv4: 9.9.9.9 and 149.112.112.112, and IPv6: 2620:fe::fe and 2620:fe::fe:9. This service supports blocklist, DNS encryption, and DNSSEC.[9]
Quad9's alternative DNS service that supports limited features is accessible on IPv4: 9.9.9.10 and 149.112.112.10, and IPv6: 2620:fe::10 and 2620:fe::fe:10. This service only supports DNS encryption.[9]
Quad9's identical DNS service that supports ECS is accessible on IPv4: 9.9.9.11 and 149.112.112.11, and IPv6: 2620:fe::11 and 2620:fe::fe:11. This service supports blocklist, DNS encryption, DNSSEC, and ECS.[9]
Privacy
No personally-identifiable information is collected by the Quad9 system. IP addresses of end users are not stored to disk or distributed outside of the equipment answering the query in the local data center. Quad9 is a not-for-profit organization with the core charter to provide secure, fast, private DNS. Therefore there are no secondary revenue streams for personally-identifiable data.[11]
References
- "How does Quad9 protect me from malicious domains?". Quad9. Retrieved 2018-04-08.
- "New "Quad9" DNS service blocks malicious domains for everyone". Ars Technica. Retrieved 2018-04-08.
- "Quad9 Privacy Policy". Quad9. Retrieved 2018-04-08.
- "A Deeper Dive Into Public DNS Resolver Quad9". Internet Society. Retrieved 2018-04-08.
- "About Quad9 DNS". Quad9. Retrieved 2018-04-08.
- "Does Quad9 support DNS over TLS?". Quad9. Retrieved 2018-04-08.
- "Does Quad9 support DNS over HTTPS (DoH)?". Quad9. Retrieved 2018-10-05.
- "DNSCrypt and more DOH Support Live (via dnscrypt)". Quad 9. 2019-04-04. Retrieved 2020-09-28.
- "DoH with Quad9 DNS Servers". Quad9. Retrieved 2018-10-05.
- "Enable Private DNS using Quad9 on Android 9". Quad 9. 2018-09-18. Retrieved 2020-09-28.
- "About Quad 9: Security. Privacy. Performance". About Quad 9: Security. Privacy. Performance. Retrieved 2020-10-24.