Various operating systems, such as Windows or macOS, automatically save information about address resolution from systems and applications in the network in a DNS cache. For Linux there are also corresponding services, though they have to be installed by the user. The purpose of this practical cache is to speed up network traffic, which is particularly important on the internet. Why it’s useful to...
It is thanks to the Domain Name System (DNS) that we don’t have to know IP addresses by heart in order to browse the web. Instead, we simply enter the website address into a browser. In other words, the DNS is responsible for what’s known as “name resolution” – using a name server, it converts the URL into the correct IP address.
Most people use the DNS service of their network provider. However, it is possible to access a different DNS server. In recent years, more and more providers have been publishing public servers that are free to use for anybody. The best-known has to be Google’s DNS resolver, but if you’re worried about the security of your data in the hands of the internet giant, you can use a smaller service like Quad9. Rather than a commercial company, Quad9 is a non-profit organization.
What is Quad9?
The organization behind the Quad9 service also goes by the same name and is a consortium that includes IBM, Packet Clearing House (PCH) and the Global Cyber Alliance (GCA). Both, PCH and GCA are advocates for online security and privacy. They share the same aim, namely, to provide a DNS resolver that is both independent from commercial interests and available to users free of charge.
As well as being free to access, Quad9 is specifically focused on security and privacy. The team behind the DNS resolver promises that no user data is collected. Indeed, Quad9’s pioneering role is largely down to its emphasis on security. The service supports both DNS over TLS (DoT) and DNS over HTTPS (DoH). In recent years, it has become increasingly clear that traditional DNS has big security gaps due to a lack of encryption. This makes it more vulnerable to DNS hijacking. The new technologies effectively protect users from cyber criminals and also from government censorship.
Furthermore, Quad9 uses DNSSEC, which ensures that the delivered results are accurate. It also uses blacklists supplied by various security providers to filter out websites that have been classified as harmful. To avoid becoming censorship bodies themselves – after all, in theory, anyone could simply blacklist a website they didn’t like – the different organizations in the consortium check each other’s lists. This prevents any single party from pursuing its own individual interests. Censorship requests from local prosecutors are only applied after a definitive decision has been made in court, and even then, the censorship is only local.
Where can you find Quad9?
The name itself is a giveaway – the IP address is 126.96.36.199. Perhaps it’s also a nod to Google’s service, which you can reach via 188.8.131.52. However, the Quad9 DNS service can also be accessed via other IP addresses (both IPv4 and IPv6):
|IP version||Address||DNSSEC||Security filters||EDNS|
As you can see, Quad9 provides both secure and non-secure access. Of course, the provider recommends using secure connections, which apply DNSSEC and blacklist filters. However, if you’re looking for an entirely unfiltered browsing experience (along with the danger of exposing yourself to risks), you can access the non-secure IP addresses. Quad9 provides two IP addresses, both of which can be entered in your operating system settings. In the event that one of the communication channels is temporarily unavailable, the system can, therefore, switch directly to the other address.
Quad9 also provides an EDNS Client Subnet. This is primarily designed for Content Delivery Networks (CDNs). This type of network is used to make media files available on websites without overloading the central server. The EDNS performs load balancing and can answer CDN requests more rapidly. IoT providers are also involved in order to ensure secure DNS access for smart objects.
If you want to use one of the two encrypted connections, you have to use specific ports. For DoT, you need to use Port 853 and for DoH you need to use the standard HTTP port 443.
Quad9 doesn’t use just one DNS server. If you choose to use the service, your request will be forwarded by Anycast to one of more than 100 servers located all around the globe. With Anycast, multiple servers have the same address, but the system always selects the shortest path.
Quad9 at a glance
What advantages does switching to Quad9 DNS provide?
- Available free of charge
- User data is not recorded
- Secure connections
- No government censorship
- DNS over TLS and DNS over HTTPS
- Blacklist filters
- Over 100 servers
- Run by a non-profit organization