What Is Quad9 DNS and Is It Better Than OpenDNS?
There are now several Domain Name Service (DNS) providers out there, all vying for your attention and internet traffic. The majority of people use their ISP’s default DNS, especially when using an ISP-issued router. But you don’t have to stick with that.
You have a choice of Google Public DNS, OpenDNS, FreeDNS, and many more, including a newcomer called Quad9 DNS. But it is it worth a switch to Quad9 DNS? Is it more secure than the alternatives? Or is it faster than its competitors? Let’s take a look at everything you need to know about Quad9.
What Is DNS?
Before we plow on, let’s quickly establish what a DNS is.
The Domain Name Service is one of those vital internet components that you use every day, but don’t always understand. The DNS is how your computer turns domain names, like MakeUseOf.com, into its IP address location on the internet.
The DNS is an ubiquitous internet feature. Every internet user depends on a DNS to complete their internet searches. Without it, every time you wanted to access a website you would input a difficult-to-remember numerical IP address. Instead, you simply pop the domain name into the address bar, hit Enter, and wait for the DNS to work its magic.
DNS systems are integral to the internet. But as with most things internet and computers, it isn’t entirely secure. That’s where alternative DNS providers come in. While your default ISP DNS is okay, the alternatives are usually faster and more secure — and that’s something we can all agree is good, right?
What Is Quad9?
Quad9, then, is a DNS provider.
The Global Cyber Alliance (GCA), IBM, and Packet Clearing House have teamed up to create a new secure DNS. The system intends to block the overwhelming majority of malware, malicious domains, botnet infrastructure, and more. It works the same as other alternative DNS systems, but the development team believes it holds the security edge over some of its direct competitors.
For instance, Quad9 pulls in security intelligence from 19 partners, one of which is IBM’s X-Force but also includes Abuse.ch, the Anti-Phishing Working Group, Bambenek Consulting, F-Secure, Netlab, and Proofpoint.
“Small to medium-sized businesses and consumers have been left behind,” Philip Reitinger, President and CEO of the Global Cyber Alliance (GCA), said in a statement. “They lack the resources, are not aware of what can be done with DNS, or are concerned about exposing their privacy and confidential information.”
Quad9 also uses two whitelisting methods. The first uses a list of the top one million requested domains. This data was initially pulled from Alexa, but the Alexa top one million site list is no longer maintained. Instead, Quad9 now uses the Majestic Million daily top one million feed. The feed is constantly updated, and the DNS accounts for any changes.
The second is a “gold list” of domains that should remain secure at all times. These include major sites and services like Microsoft Azure cloud, Amazon Web Services, and so on. Adnan Baykal, GCA’ Chief Technical Advisor says, “We do realize that docs.google.com is hosting phishing attacks, but this is DNS filtering, we cannot block that URL specifically. And we don’t ever want to completely block Google.”
Quad9 DNS server clusters around the world receive the block lists, whitelists, and gold list of domains.
At launch, Quad9 had DNS server clusters in 70 different locations around the globe, scheduled to rise to 100 by the end of 2017. Baykal elaborates that each cluster has at least three servers, but “in some critical areas, like Chicago, we have five, seven, or nine systems behind a load balancer.” The Quad9 load balancer of choice is dnsdist, using a mix of Unbound and PowerDNS servers to deliver superfast responses.
Is It Faster Than Its Competition?
Of course, the vast majority of people want fast search results . So how does Quad9 compare to its direct competition?
IPv4 DNS testing site dnsperf rates Quad9 second, behind OpenDNS, with Google Public DNS a close third.
Similarly, there are more than enough user-run tests illustrating that Quad9 is one of the fastest DNS resolution systems around. (Though the veracity of many user-run tests is somewhat questionable.)
Does Quad9 Protect My Privacy?
The next big question is privacy: does Quad9 DNS protect it? The majority of literature available to users’ suggests that privacy protection is a major focus for GCA. The Quad9 Privacy statement declares they have “no commercial motivation or desire to profit from or distribute data which we believe to be private and vital to an open and free internet.”
“Quad9 does generate and share high level anonymized aggregate statistics, including metrics on threat type, geolocation, and if available, sector, as well as other vertical metrics including performance on Quad9 (i.e. number of threats blocked, infrastructure uptime) when available with the public and our threat intelligence partners.”
There is, however, some skepticism regarding the GCA, given its foundation, backing, and associations.
Great to see #Quad9 being launched at this years #securityexpo Olympia…well done to all involved. IBM has partnered with the Global Cyber Alliance (GCA), an organisation founded by law enforcement, to launch a free public Domain Name Service (DNS) system. pic.twitter.com/iyQLDHBmjl
— Luke Kenny (@LukeKenny18) November 29, 2017
The Global Cyber Alliance was founded through a $25 million grant obtained via a criminal asset forfeiture, organized by Manhattan District Attorney Cyrus Vance Jr. And while the GCA is a non-profit organization, it requires constant funding. In the past, the GCA has received funds from the U.S. Secret Service, City of London Police (an internal City of London police force, not the regular U.K. police), France National Police, France Ministry of Justice, amongst others.
The mere association with law enforcement is enough for some to discard Quad9 DNS. “Law enforcement funded” and “secures your privacy” don’t often end up to together in the same sentence, that’s for sure.
Switching to Quad9 DNS
Want to give Quad9 DNS a try? It’s really easy to switch your DNS . I’m going to show you how to do it quickly on a Windows machine.
First, head to Control Panel > Network and Sharing Center. Then select Change adapter settings in the left column. Right-click your internet connection and select Properties. Browse to internet Protocol Version 4 (TCP/IP) and select Properties. In the bottom panel, select Use the following DNS server addresses, and enter 220.127.116.11. Press OK.
You’ve now switched your default DNS settings.
Unlike other alternative DNS systems, Quad9 only operates one fully secure DNS server address (for instance, Google Public DNS uses 18.104.22.168 as a primary and 22.214.171.124 as a secondary). There is a second address — 126.96.36.199 — but this doesn’t have a blocklist or other security features.
To Switch or Not to Switch?
Quad9 DNS is a fast, secure solution to your default ISP DNS. Is it trustworthy? This is difficult to answer. Your search data is completely anonymous but still aggregated for use with other services. Still, Google Public DNS does essentially the same but without input from 19 intelligence sources (though I’m sure Google does plenty of security analysis for their DNS regardless).
If you are worried about privacy as well as security, OpenDNS is probably a better choice . You still have blazing fast speeds, but have the bonus of privacy, too. Though for the overwhelming majority of people switching to Quad9 represents a significant upgrade, privacy issues or not.
Have you made the switch to Quad9 DNS? Did you notice a speed boost? Do you have privacy concerns? Let us know your thoughts below!