How does Quad9 protect me from malicious domains?
Quad9 brings together cyber threat intelligence about malicious domains from variety of public and private sources and blocks access to those malicious domains when your system attempts to contact them.
How will Quad9 help protect my data?
When you use Quad9, attackers and malware cannot leverage the known malicious domains to control your systems, and their ability to steal your data or cause harm will be hindered. Quad9 is an effective and easy way to add an additional layer of security to your infrastructure for free.
How does Quad9 ensure that it has the latest threat intelligence?
Quad9 gathers threat intelligence from all its providers and public sources and updates the Quad9 infrastructure with this information. This update happens regularly (several times a day) or may be in near-real-time depending on the ability of the vendor to supply the TI data.
Is there a service that Quad9 offers that does not have the blocklist or other security?
The primary IP address for Quad9 is 9.9.9.9, which includes the blocklist, DNSSEC, and other security features. However, there are alternate IP addresses that the service operates which do not have these security features. These might be useful for testing validation, or to determine if there are false positives in the Quad9 system.
Secure IP: 9.9.9.9 Blocklist, DNSSEC, No EDNS Client-Subnet
Unsecure IP: 9.9.9.10 No blocklist, no DNSSEC, send EDNS Client-Subnet
Note: Use only one of these two addresses. Some networking software may include terminology such as “Secondary DNS Server” in configuration windows; this can be left blank. Putting both 9.9.9.9 and 9.9.9.10 into “primary” and “secondary” fields may result in unsecure results in rare circumstances.
Is there IPv6 support for Quad9?
Yes. Quad9 operates identical services on a set of IPv6 addresses, which are on the same infrastructure as the 9.9.9.9 systems.
Secure IPv6: 2620:fe::fe Blocklist, DNSSEC, No EDNS Client-Subnet
Unsecure IPv6: 2620:fe::10 No blocklist, no DNSSEC, send EDNS Client-Subnet
root@LEDE:~# ping -c 5 9.9.9.9
PING 9.9.9.9 (9.9.9.9): 56 data bytes
64 bytes from 9.9.9.9: seq=0 ttl=59 time=47.150 ms
64 bytes from 9.9.9.9: seq=1 ttl=59 time=37.797 ms
64 bytes from 9.9.9.9: seq=2 ttl=59 time=46.332 ms
64 bytes from 9.9.9.9: seq=3 ttl=59 time=44.825 ms
64 bytes from 9.9.9.9: seq=4 ttl=59 time=86.612 ms
--- 9.9.9.9 ping statistics ---
5 packets transmitted, 5 packets received, 0% packet loss
round-trip min/avg/max = 37.797/52.543/86.612 ms
root@LEDE:~# mtr -w 9.9.9.9
Start: Wed Jan 8 15:04:49 2020
HOST: LEDE Loss% Snt Last Avg Best Wrst StDev
1.|-- 117.215.188.1 0.0% 10 2.0 3.1 1.3 10.3 2.9
2.|-- 218.248.167.198 0.0% 10 2.0 2.5 2.0 3.0 0.0
3.|-- 218.248.255.5 0.0% 10 2.9 2.9 2.2 3.8 0.3
4.|-- 218.248.255.6 70.0% 10 3.1 2.6 2.1 3.1 0.0
5.|-- 218.248.181.18 70.0% 10 37.1 32.5 29.5 37.1 3.9
6.|-- 103.27.170.101 0.0% 10 41.1 40.6 32.5 51.5 5.0
7.|-- dns9.quad9.net 0.0% 10 35.3 37.5 32.7 43.0 3.3
root@LEDE:~# dig +short @9.9.9.9 google.com
172.217.160.174
root@LEDE:~#
59.92.xx.xx
IP address and I cannot ping 9.9.9.9
root@bumblebee:~# mtr -w -z 9.9.9.9
Start: 2020-04-22T00:36:12+0530
HOST: bumblebee.varkey.io Loss% Snt Last Avg Best Wrst StDev
1. AS9829 static.bb.ill.59.92.184.1.bsnl.in 0.0% 10 2.2 2.2 1.9 2.5 0.2
2. AS9829 218.248.167.198 0.0% 10 3.6 2.9 1.9 3.9 0.6
3. AS9829 218.248.255.5 30.0% 10 3.4 3.1 2.5 3.8 0.4
4. AS9829 218.248.255.6 80.0% 10 3.1 3.5 3.1 4.0 0.6
5. AS9829 117.216.202.210 70.0% 10 79.4 53.7 40.8 79.4 22.2
@Not a TXT record
6. AS??? ??? 100.0 10 0.0 0.0 0.0 0.0 0.0
root@bumblebee:~#