Quad9 DNS Service: 9.9.9.9

[Sushubh]

Quad 9 | Internet Security and Privacy in a Few Easy Steps

 

[Sushubh]

How does Quad9 protect me from malicious domains?
Quad9 brings together cyber threat intelligence about malicious domains from variety of public and private sources and blocks access to those malicious domains when your system attempts to contact them.

How will Quad9 help protect my data?
When you use Quad9, attackers and malware cannot leverage the known malicious domains to control your systems, and their ability to steal your data or cause harm will be hindered. Quad9 is an effective and easy way to add an additional layer of security to your infrastructure for free.

How does Quad9 ensure that it has the latest threat intelligence?
Quad9 gathers threat intelligence from all its providers and public sources and updates the Quad9 infrastructure with this information. This update happens regularly (several times a day) or may be in near-real-time depending on the ability of the vendor to supply the TI data.

 

[Sushubh]

Is there a service that Quad9 offers that does not have the blocklist or other security?
The primary IP address for Quad9 is 9.9.9.9, which includes the blocklist, DNSSEC, and other security features. However, there are alternate IP addresses that the service operates which do not have these security features. These might be useful for testing validation, or to determine if there are false positives in the Quad9 system.
Secure IP: 9.9.9.9 Blocklist, DNSSEC, No EDNS Client-Subnet

Unsecure IP: 9.9.9.10 No blocklist, no DNSSEC, send EDNS Client-Subnet

Note: Use only one of these two addresses. Some networking software may include terminology such as “Secondary DNS Server” in configuration windows; this can be left blank. Putting both 9.9.9.9 and 9.9.9.10 into “primary” and “secondary” fields may result in unsecure results in rare circumstances.

Is there IPv6 support for Quad9?
Yes. Quad9 operates identical services on a set of IPv6 addresses, which are on the same infrastructure as the 9.9.9.9 systems.
Secure IPv6: 2620:fe::fe Blocklist, DNSSEC, No EDNS Client-Subnet

Unsecure IPv6: 2620:fe::10 No blocklist, no DNSSEC, send EDNS Client-Subnet

 

[Sushubh]

pings are terrible which i guess is expected. performance seems to be fine.

 

[Sushubh]

Now Testing DNSCrypt • Quad 9 Privacy

guide to enable quad9 on simple dnscrypt app.

 

[eriek_halenx]

Hello, I wanted to use quad9 dns. Is anyone able to ping quad9? On bsnl ftth? Its getting timed out for me.

 

---

[eriek_halenx]

@Ameen , @varkey , @pothi , @vignesh_venkatesan , anyone else whose ping to quad9 times out? Its the same on my bsnl 3g.

 

[varkey]

I can ping and query 9.9.9.9 without issues from BSNL FTTH.

root@LEDE:~# ping -c 5 9.9.9.9
PING 9.9.9.9 (9.9.9.9): 56 data bytes
64 bytes from 9.9.9.9: seq=0 ttl=59 time=47.150 ms
64 bytes from 9.9.9.9: seq=1 ttl=59 time=37.797 ms
64 bytes from 9.9.9.9: seq=2 ttl=59 time=46.332 ms
64 bytes from 9.9.9.9: seq=3 ttl=59 time=44.825 ms
64 bytes from 9.9.9.9: seq=4 ttl=59 time=86.612 ms

--- 9.9.9.9 ping statistics ---
5 packets transmitted, 5 packets received, 0% packet loss
round-trip min/avg/max = 37.797/52.543/86.612 ms
root@LEDE:~# mtr -w 9.9.9.9
Start: Wed Jan  8 15:04:49 2020
HOST: LEDE            Loss%   Snt   Last   Avg  Best  Wrst StDev
  1.|-- 117.215.188.1    0.0%    10    2.0   3.1   1.3  10.3   2.9
  2.|-- 218.248.167.198  0.0%    10    2.0   2.5   2.0   3.0   0.0
  3.|-- 218.248.255.5    0.0%    10    2.9   2.9   2.2   3.8   0.3
  4.|-- 218.248.255.6   70.0%    10    3.1   2.6   2.1   3.1   0.0
  5.|-- 218.248.181.18  70.0%    10   37.1  32.5  29.5  37.1   3.9
  6.|-- 103.27.170.101   0.0%    10   41.1  40.6  32.5  51.5   5.0
  7.|-- dns9.quad9.net   0.0%    10   35.3  37.5  32.7  43.0   3.3
root@LEDE:~# dig +short @9.9.9.9 google.com
172.217.160.174
root@LEDE:~#

 

[eriek_halenx]

Finally quad9 is reachable 🤩(BSNL ftth thiruvanthapuram). Using it on pihole since yesterday night. About 50 ping vs 25 for Google dns.

@varkey

 

[eriek_halenx]

So quad9 is pingable when getting an Ip with range 117.205.x.x. But still not pingable from the 59.95.x.x range🤷‍♂️

 

[varkey]

Can confirm that same behaviour as @eriek_halenx, right now I have a 59.92.xx.xx IP address and I cannot ping 9.9.9.9

 

[pswapneel]

@eriek_halenx @varkey I am not seeing this issue for the entirety of AS9829. Maybe the issue is to a subset of the network. Could you both share traceroute to 9.9.9.9 ?

 

[varkey]

@swapneelp Looks like it doesn't leave BSNL's network for some reason. 🤷‍♂️

root@bumblebee:~# mtr -w -z 9.9.9.9
Start: 2020-04-22T00:36:12+0530
HOST: bumblebee.varkey.io                        Loss%   Snt   Last   Avg  Best  Wrst StDev
  1. AS9829   static.bb.ill.59.92.184.1.bsnl.in   0.0%    10    2.2   2.2   1.9   2.5   0.2
  2. AS9829   218.248.167.198                     0.0%    10    3.6   2.9   1.9   3.9   0.6
  3. AS9829   218.248.255.5                      30.0%    10    3.4   3.1   2.5   3.8   0.4
  4. AS9829   218.248.255.6                      80.0%    10    3.1   3.5   3.1   4.0   0.6
  5. AS9829   117.216.202.210                    70.0%    10   79.4  53.7  40.8  79.4  22.2
@Not a TXT record
  6. AS???    ???                                100.0    10    0.0   0.0   0.0   0.0   0.0
root@bumblebee:~#

 

[pswapneel]

@varkey Thanks for sharing the traceroute. I can confirm, the issue is also present with AS55824 and AS4758. The lack of a looking glass at AS9829 makes it impossible to infer.

 

[Sushubh]

Quad9 Blocks Pirate Site Globally After Sony Demanded €10,000 Fine * TorrentFreak

Following another setback in its legal dispute with Sony Music, Quad9 has decided to block pirate site Canna worldwide.

torrentfreak.com