What is QUAD9 Technology

Quad9 protects users from malware, spyware, botnets, and other security threats. It enables this by providing a secure recursive public DNS resolver that users can set up in their devices, routers, and wifi endpoints as a DNS service for free. The Swiss-based not-for-profit Quad9 foundation provides the DNS service related to it. Attackers use DNS service to look into user data and use such data for commercial purposes. It also destroys such attacks by not storing or looking at the user's IP address data. This complies with General Data Protection Regulation (GDPR). It protects from malicious websites by blocking access to such websites using the threat information provided by cyber security experts and companies.

Public DNS service and Quad9 DNS configuration

1. What is a public DNS resolver

DNS converts domain names to IP (Internet protocol) addresses. The DNS arrangement also provides the performance advantage of getting the IP address from the Domain names that are close to users in a distributed system setup, providing faster access to resources. Internet users make use of DNS resolvers provided by Internet Service Providers (ISPs) to query the DNS servers for domain name translation. In addition to these DNS resolvers provided by ISP, the users can also use publicly available DNS resolvers for domain name translation. These public DNS resolvers provide additional privacy benefits and high service availability.

DNS resolvers can query DNS servers in a recursive and non-recursive manner. A recursive query from a client to a DNS server returns a reply to the client by issuing queries to other DNS servers on behalf of the client. Quad9 is a recursive public DNS resolver that provides free protection against phishing and malware. Quad9 protects users in two ways, one by giving privacy to their data and another by stopping the name resolution of malicious websites using the real-time threat information provided by security experts and cybersecurity companies.

The DNS servers have quickly become the data collection point of users' internet usage and use to profile users' online behavior for commercial purposes. The nature of name lookups at DNS resolvers reveals critical information about end users. Users can safeguard themselves from such privacy concerns using Quad9 as their DNS server configuration. Quad9 protects users' privacy by not logging any data contained in users' IP addresses. Apart from providing privacy, Quad9 protects end devices from malware, spyware, and ransomware by blocking malicious websites from accessing. Quad9 blocks malicious websites using real-time information security experts provide on existing threats and what websites are unsafe to access.

DNS currently supports Transmission Control Protocol (TCP) for communication even though it initially used User Datagram Protocol (UDP) for transport. DNS also supports Transport Layer Security (TLS) and HTTPS for security. Quad9 uses DNS over TLS with port 853. Quad9 supports standard DNS queries on port 9953.

2. Quad9 DNS configuration

Internet users can take advantage of Quad9 protection by setting the DNS server configuration in their devices to one of the following profiles.

Secure connection

IP address

DNS server (Prefereed) :

DNS server (Alternate): (TCP/IP version4)

DNS server (Prefereed) : 2620:fe::fe

DNS server (Alternate): 2620:fe::9 (TCP/IP version6)



Unsecured connection

IP address

Unsecured IP:

Unsecured Secondary address: (IPv4)

Primary unsecured:2620:fe::10

Secondary unsecured: 2620:fe::fe:10 (IPv6)



3.Quad9 Protection

Quad9 is General Data Protection Regulation (GDPR) compliant. Using Quad9 DNS configuration, the users protect their devices and avoid becoming part of malicious botnets, making the internet safe for other users. It is a free service requiring no additional software or hardware and also provides Domain Name System Security Extensions (DNSSEC) validation.

DNSSEC provides security by cryptographically signing the response from authoritative DNS servers to DNS resolvers for zones compliant with DNSSEC, and DNS resolvers can verify the authenticity of DNS data. This protects internet applications from using spoofed DNS responses. Without DNSSEC, an attacker can modify the DNS response from an authoritative DNS server and redirect users to malicious websites.

The attacker also poisons the DNS cache maintained at the DNS resolver by adjusting the DNS response, causing all future user accesses to be redirected to the malicious website. DNSSEC allows DNS resolvers to validate the integrity of data and the origin of data from the zone. Quad9 does not return a reply to the user if it identifies a spoofed response from a DNS server. Quad9 also supports DNSCrypt and DNS over HTTPS. DNSCrypt protocol encrypts communication between the DNS client and the DNS resolver. It prevents DNS spoofing by allowing verification of information received from the DNS resolver.

Quad9 safeguards users' security and privacy through its public DNS recursive resolver. It has been operational since August 2016 and also provides an uptime of 99.999% with its multipoint redundancy built into the system. Quad9 logs information about the city and state to give analysis on malicious activities and share this information with partners, but Quad9 does not log any IP address as it treats IP as Personally Identifiable Information. It usually stores the user's "reply to IP address" temporarily in RAM and destroys it as soon as a reply is sent to the user. It does not permanently store or transmit a user's "reply to IP address" to other parties.

The "reply to IP address" is resident only on the DNS resolver machine where the initial request has arrived. Quad9 collects data on the count of queries for each Query Type, e.g. A, AAAA, NS, MX, TXT, and the count of each Response Type, e.g., SUCCESS, SERVFAIL, NXDOMAIN. Quad9 also collects statistics on the transport layer protocol and encryption type e.g., IPv4, IPv6, TCP, UDP, DoT, and DoH. Apart from this, Quad9 also collects statistics related to BGP(Border Gateway Protocol) advertised IP prefix. Quad9 does not correlate or combine data from other sources.

As Quad9 protects malicious websites by blocking access to such websites using the threat information provided by cyber security experts and companies, legitimate websites can also be accidentally blocked. It handles such cases by adding those accidentally blocked legitimate websites to the whitelist. Quad9 updates its threat information using public sources and information from its providers. These updates are carried out regularly and in a near real-time fashion. It returns NXDOMAIN for blocked domains. Quad9 blocks only malicious host names but does not currently block spam websites or provide filtering of content on websites. With Quad9, attackers can not use malicious domains to attack users.

Updated on: 11-Apr-2023


Kickstart Your Career

Get certified by completing the course

Get Started