New secure Quad9 DNS service supports IPv6

Quad9 is a new DNS service that prevents against malware. Previously I would have recommended OpenDNS to provide this service. But doesn’t support IPv6 with the malware protection. It only has an resolver. Quad9 supports both and protects against malware domains.

Quad9 is the result of a partnership between IBM (who provided the IP address used), Packet Clearing House, and the Global Cyber Alliance. PCH has worked since 1995 to deliver a faster, more scalable Domain Name System, making it more resilient against attack. PCH pioneered anycast to spread load among in more locations. They have been anycasting top-level domain name since 1997, and root name since 2001. The GCA is an international, cross-sector group, who want to confront, address, and prevent malicious cyber activity. The Global Cyber Alliance is unique as it spans borders and sectors, making it different to industry or country-specific endeavours.

While all that sounds reasonable, there are a large number of law enforcement agencies within the GCA. That might hinder adoption from the ultra-paranoid, even if Quad9 claim no identifiable logging of DNS requests. However, queries transmitted across the network can be TLS encrypted, and the resolvers use DNSSEC to ensure names passed come from confirmed sources. Various threat feeds, including IBM’s X-Force screen the DNS addresses against known malicious sites, and these return an NXDOMAIN error, rather than redirecting you to an alternate location. (Compared with other providers which may fill a landing page with adverts to provide a revenue stream).

If you want to set up your systems to use the Quad9 DNS service, then just set the DNS servers on your system to, or 2620:fe::fe, the IPv6 resolver. (Although why they didn’t reflect either :9999 or 9:9:9:9 at the end of the address, I’ll never know.) Use the videos on the Quad9 Setup page to help for Apple and Microsoft Windows platforms.

Stay safe out there.


Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.