Quad9

Contents

It is thanks to the Domain Name System (DNS) that we don’t have to know IP addresses by heart in order to browse the web. Instead, we simply enter the website address into a browser. In other words, the DNS is responsible for what’s known as “name resolution” – using a name server, it converts the URL into the correct IP address.

Most people use the DNS service of their network provider. However, it is possible to access a different DNS server. In recent years, more and more providers have been publishing public servers that are free to use for anybody. The best-known has to be Google’s DNS resolver, but if you’re worried about the security of your data in the hands of the internet giant, you can use a smaller service like Quad9. Rather than a commercial company, Quad9 is a non-profit organisation.

What is Quad9?

The organisation behind the Quad9 service also goes by the same name and is a consortium that includes IBM, Packet Clearing House (PCH) and the Global Cyber Alliance (GCA). Both, PCH and GCA are advocates for online security and privacy. They share the same aim, namely, to provide a DNS resolver that is both independent from commercial interests and available to users free of charge.

As well as being free to access, Quad9 is specifically focused on security and privacy. The team behind the DNS resolver promises that no user data is collected. Indeed, Quad9’s pioneering role is largely down to its emphasis on security. The service supports both DNS over TLS (DoT) and DNS over HTTPS (DoH). In recent years, it has become increasingly clear that traditional DNS has big security gaps due to a lack of encryption. This makes it more vulnerable to DNS hijacking. The new technologies effectively protect users from cyber criminals and also from government censorship.

Furthermore, Quad9 uses DNSSEC, which ensures that the delivered results are accurate. It also uses blacklists supplied by various security providers to filter out websites that have been classified as harmful. To avoid becoming censorship bodies themselves – after all, in theory, anyone could simply blacklist a website they didn’t like – the different organisations in the consortium check each other’s lists. This prevents any single party from pursuing its own individual interests. Censorship requests from local prosecutors are only applied after a definitive decision has been made in court, and even then, the censorship is only local.

Where can you find Quad9?

The name itself is a giveaway – the IP address is 9.9.9.9. Perhaps it’s also a nod to Google’s service, which you can reach via 8.8.8.8. However, the Quad9 DNS service can also be accessed via other IP addresses (both IPv4 and IPv6):

IP version	Address	DNSSEC	Security filters	EDNS
IPv4	9.9.9.9
IPv4	149.112.112.112
IPv4	9.9.9.10
IPv4	149.112.112.10
IPv4	9.9.9.11
IPv6	2620:fe::fe
IPv6	2620:fe::9
IPv6	2620:fe::10
IPv6	2620:fe::fe:10
IPv6	2620:fe::11

As you can see, Quad9 provides both secure and non-secure access. Of course, the provider recommends using secure connections, which apply DNSSEC and blacklist filters. However, if you’re looking for an entirely unfiltered browsing experience (along with the danger of exposing yourself to risks), you can access the non-secure IP addresses. Quad9 provides two IP addresses, both of which can be entered in your operating system settings. In the event that one of the communication channels is temporarily unavailable, the system can, therefore, switch directly to the other address.

Quad9 also provides an EDNS Client Subnet. This is primarily designed for Content Delivery Networks (CDNs). This type of network is used to make media files available on websites without overloading the central server. The EDNS performs load balancing and can answer CDN requests more rapidly. IoT providers are also involved in order to ensure secure DNS access for smart objects.

If you want to use one of the two encrypted connections, you have to use specific ports. For DoT, you need to use Port 853 and for DoH you need to use the standard HTTP port 443.

Quad9 doesn’t use just one DNS server. If you choose to use the service, your request will be forwarded by Anycast to one of more than 100 servers located all around the globe. With Anycast, multiple servers have the same address, but the system always selects the shortest path.

Note

Fancy giving Quad9 a go? Check out our tutorial to find out how to change your DNS server. Switching to a different provider can be a good option if you often get the “DNS server not responding” message.

Quad9 at a glance

What advantages does switching to Quad9 DNS provide?

Available free of charge
User data is not recorded
Secure connections
No government censorship
DNS over TLS and DNS over HTTPS
DNSSEC
Blacklist filters
Over 100 servers
Run by a non-profit organisation

Stay on top of AI!

Flush DNS | How to clear the DNS Cache

Operating systems, such as Windows or macOS, automatically save information about address resolution from systems and applications in the network in a DNS cache. The purpose of this practical cache is to speed up network traffic. Read on to find out why it’s useful to regularly…

HTTP
DNS

Andrey_KuzminShutterstock

How does a DNS Records work?

Without the Domain Name System, the internet as we know it today would be inconceivable. The system for name resolution itself, is based on DNS records. In these simply structured records in normal text files, a name is stored for each IP address. However, DNS records can do more…

Encyclopedia
DNS

How do you fix DNS_PROBE_FINISHED_NXDOMAIN?

When your browser displays an error message instead of loading the website you want, finding clear and reliable advice can be difficult. In Chrome, the ‘DNS_PROBE_FINISHED_NXDOMAIN’ notice means the domain name couldn’t be translated into its corresponding IP address. In this…

Tutorials
DNS

REDPIXEL.PLshutterstock

DNS TTL best practices: Understanding and configuring DNS TTL

The DNS TTL value shows how long the results of DNS queries are saved for. Under certain circumstances, it may be useful for websites to check and/or change their DNS TTL values. Keep reading to learn about the best practices for DNS TTL, DNS TTL minimum and maximum values, and…

Tutorials