What Is Quad9 DNS and Is It Better Than OpenDNS?
Pinterest Stumbleupon Whatsapp
Advertisement

There are now several Domain Name Service (DNS) providers out there, all vying for your attention and internet traffic. The majority of people use their ISP’s default DNS, especially when using an ISP-issued router. But you don’t have to stick with that.

You have a choice of Google Public DNS, OpenDNS, FreeDNS, and many more, including a newcomer called Quad9 DNS. But it is it worth a switch to Quad9 DNS? Is it more secure than the alternatives? Or is it faster than its competitors? Let’s take a look at everything you need to know about Quad9.

What Is DNS?

Before we plow on, let’s quickly establish what a DNS is.

The Domain Name Service is one of those vital internet components that you use every day, but don’t always understand. The DNS is how your computer turns domain names, like MakeUseOf.com, into its IP address location on the internet.

The DNS is an ubiquitous internet feature. Every internet user depends on a DNS to complete their internet searches. Without it, every time you wanted to access a website you would input a difficult-to-remember numerical IP address. Instead, you simply pop the domain name into the address bar, hit Enter, and wait for the DNS to work its magic.

DNS systems are integral to the internet. But as with most things internet and computers, it isn’t entirely secure. That’s where alternative DNS providers come in. While your default ISP DNS is okay, the alternatives are usually faster and more secure 4 Reasons Why Using Third-Party DNS Servers Is More Secure 4 Reasons Why Using Third-Party DNS Servers Is More Secure Why is changing your DNS a good idea? What security benefits does it bring? Can it really make your online activities more secure? Read More — and that’s something we can all agree is good, right?

What Is Quad9?

Quad9, then, is a DNS provider.

The Global Cyber Alliance (GCA), IBM, and Packet Clearing House have teamed up to create a new secure DNS. The system intends to block the overwhelming majority of malware, malicious domains, botnet infrastructure, and more. It works the same as other alternative DNS systems, but the development team believes it holds the security edge over some of its direct competitors.

quad9 dns vs opendns

For instance, Quad9 pulls in security intelligence from 19 partners, one of which is IBM’s X-Force but also includes Abuse.ch, the Anti-Phishing Working Group, Bambenek Consulting, F-Secure, Netlab, and Proofpoint.

“Small to medium-sized businesses and consumers have been left behind,” Philip Reitinger, President and CEO of the Global Cyber Alliance (GCA), said in a statement. “They lack the resources, are not aware of what can be done with DNS, or are concerned about exposing their privacy and confidential information.”

Whitelists

Quad9 also uses two whitelisting methods. The first uses a list of the top one million requested domains. This data was initially pulled from Alexa, but the Alexa top one million site list is no longer maintained. Instead, Quad9 now uses the Majestic Million daily top one million feed. The feed is constantly updated, and the DNS accounts for any changes.

The second is a “gold list” of domains that should remain secure at all times. These include major sites and services like Microsoft Azure cloud, Amazon Web Services, and so on. Adnan Baykal, GCA’ Chief Technical Advisor says, “We do realize that docs.google.com is hosting phishing attacks, but this is DNS filtering, we cannot block that URL specifically. And we don’t ever want to completely block Google.”

Global Presence

Quad9 DNS server clusters around the world receive the block lists, whitelists, and gold list of domains.

quad9 dns vs opendns

At launch, Quad9 had DNS server clusters in 70 different locations around the globe, scheduled to rise to 100 by the end of 2017. Baykal elaborates that each cluster has at least three servers, but “in some critical areas, like Chicago, we have five, seven, or nine systems behind a load balancer.” The Quad9 load balancer of choice is dnsdist, using a mix of Unbound and PowerDNS servers to deliver superfast responses.

Is It Faster Than Its Competition?

Of course, the vast majority of people want fast search results 5 Myths About Boosting Internet Speed and Why They Don't Work 5 Myths About Boosting Internet Speed and Why They Don't Work Internet speed is a critical measurement in the 21st century. However, there's a lot of misinformation online about how to make your connection faster. Here are five myths you shouldn't believe. Read More . So how does Quad9 compare to its direct competition?

IPv4 DNS testing site dnsperf rates Quad9 second, behind OpenDNS, with Google Public DNS a close third.

quad9 dns vs opendns

Similarly, there are more than enough user-run tests illustrating that Quad9 is one of the fastest DNS resolution systems around. (Though the veracity of many user-run tests is somewhat questionable.)

Does Quad9 Protect My Privacy?

The next big question is privacy: does Quad9 DNS protect it? The majority of literature available to users’ suggests that privacy protection is a major focus for GCA. The Quad9 Privacy statement declares they have “no commercial motivation or desire to profit from or distribute data which we believe to be private and vital to an open and free internet.”

“Quad9 does generate and share high level anonymized aggregate statistics, including metrics on threat type, geolocation, and if available, sector, as well as other vertical metrics including performance on Quad9 (i.e. number of threats blocked, infrastructure uptime) when available with the public and our threat intelligence partners.”

There is, however, some skepticism regarding the GCA, given its foundation, backing, and associations.

The Global Cyber Alliance was founded through a $25 million grant obtained via a criminal asset forfeiture, organized by Manhattan District Attorney Cyrus Vance Jr. And while the GCA is a non-profit organization, it requires constant funding. In the past, the GCA has received funds from the U.S. Secret Service, City of London Police (an internal City of London police force, not the regular U.K. police), France National Police, France Ministry of Justice, amongst others.

The mere association with law enforcement is enough for some to discard Quad9 DNS. “Law enforcement funded” and “secures your privacy” don’t often end up to together in the same sentence, that’s for sure.

Switching to Quad9 DNS

Want to give Quad9 DNS a try? It’s really easy to switch your DNS How to Change Your DNS Settings on Windows (And Why You Might Want To) How to Change Your DNS Settings on Windows (And Why You Might Want To) DNS is an important part of browsing the internet, but the DNS servers your system uses aren't set in stone. Here's how to change that. Read More . I’m going to show you how to do it quickly on a Windows machine.

First, head to Control Panel > Network and Sharing Center. Then select Change adapter settings in the left column. Right-click your internet connection and select Properties. Browse to internet Protocol Version 4 (TCP/IP) and select Properties. In the bottom panel, select Use the following DNS server addresses, and enter 9.9.9.9. Press OK.

You’ve now switched your default DNS settings.

quad9 dns vs opendns

Unlike other alternative DNS systems, Quad9 only operates one fully secure DNS server address (for instance, Google Public DNS uses 8.8.8.8 as a primary and 8.8.4.4 as a secondary). There is a second address — 9.9.9.10 — but this doesn’t have a blocklist or other security features.

To Switch or Not to Switch?

Quad9 DNS is a fast, secure solution to your default ISP DNS. Is it trustworthy? This is difficult to answer. Your search data is completely anonymous Google Shares Your Data, But Is It All Bad News? Google Shares Your Data, But Is It All Bad News? Does Google really want to give worldwide authorities wider access to your personal details? Or has their demand for better data sharing for counter-terrorism been misreported? Is Google actually fighting for your privacy? Read More but still aggregated for use with other services. Still, Google Public DNS does essentially the same This Is Why You Should Stop Using Google Search This Is Why You Should Stop Using Google Search Google has unrivaled access to your browsing habits. Giving everything to Google isn't such a good idea. Here are some excellent Google alternatives that still get the job done. Read More but without input from 19 intelligence sources (though I’m sure Google does plenty of security analysis for their DNS regardless).

If you are worried about privacy as well as security, OpenDNS is probably a better choice 5 DNS Servers Guaranteed to Improve Your Online Safety 5 DNS Servers Guaranteed to Improve Your Online Safety Changing your DNS provider can dramatically improve your computer's defenses against online threats -- but which should you choose? We show you five DNS providers you can switch to today. Read More . You still have blazing fast speeds, but have the bonus of privacy, too. Though for the overwhelming majority of people switching to Quad9 represents a significant upgrade, privacy issues or not.

Have you made the switch to Quad9 DNS? Did you notice a speed boost? Do you have privacy concerns? Let us know your thoughts below!

Enjoyed this article? Stay informed by joining our newsletter!

Enter your Email

Leave a Reply

Your email address will not be published. Required fields are marked *

  1. Cisco
    April 1, 2018 at 7:32 pm

    A Bedtime Story.
    Some decades ago most anti-virus
    companies agreed not to reveal any
    'government surveillance'
    software hiding on your computer.

    BTW - Do a GOOGLE search for
    'Government Surveillance Software', 2014 is latest article.

    In early 1990's the most popular and well funded
    anonymous email site was hacked by bad boys and
    discovered the site was funded by the CIA.
    The U.S. government wanted to know who used
    anonymous email and WHY.
    It turned out that many woman wanted
    to hide their true email address on dating sites.

    Now we have a secure DNS service funded by
    trusted American law enforcement ... #Quad9 DNS

    It is not history that repeats itself,
    the blindness of man that repeats itself.

  2. D. HEFLIN
    January 25, 2018 at 1:41 am

    I FOLLOWED YOUR INSTRUCTIONS TO GET TO THE PLACE YOU SAY IN WINDOWS 7 SINCE WINDOWS 7 DOING IT THE WAY YOU SAID IT DOESN'T HAVE WHAT YOU SAY IN THAT LIST IF YOU WILL GO TO THE FAR RIGHT OF THE BOTTOM TASK BAR WHERE THE START BUTTON IS BUT ON ITS RIGHT IF YOU HAVE YOURS SET UP TO HIDE THE ICONS AS I DO CLICK THAT ARROW & RIGHT CLICK YOUR INTERNET CONNECTION THEN OPEN NETWORK & SHARING CENTER FROM THERE I FINALLY FOUND WHERE YOU SAY TO select Change adapter settings in the left column IT ISN'T WHERE YOU SAY TO FIND IT IN WIN 7 HOME PREMIUM & SEARCHING THE CONTROL PANEL FOR "CHANGE ADAPTER SETTINGS SIMPLY BRINGS UP CHANGE DISPLAY ADAPTER SETTINGS AS FAR AS I KNOW THE WAY I'M SAYING IS THE ONLY WAY TO GET TO THE CHANGE ADAPTER SETTINGS IN WIN 7 HOME PREMIUM & FIND CHANGE ADAPTER SETTINGS IN THE LEFT COLUMN THEN RIGHT CLICK YOUR INTERNET CONNECTION THEN CLICK PROPERTIES & YOU WILL HAVE THE TAB HE MENTIONS OPEN, THEN SIMPLY SELECT THE "INTERNET PROTOCOL VERSION 4 (TCP/IPV4) & SELECT PROPERTIES BELOW IT AFTER YOU HAVE IT SELECTED SINCE I HAVE MINE CONNECTED VIA MY LAN WIRE & ALSO VIA MY WIRELESS ROUTER I DID HAVE TO DO THIS TWICE 1 TIME FOR EACH OF THEM
    THE ABOVE IS TO GET IT DONE IN WIN 7 HOME PREMIUM, I TRIED YOUR METHOD TO GET TO IT & COULDN'T SINCE IT SIMPLY ISN'T THERE
    SO YOUR OPERATING SYSTEM & WEATHER OR NOT YOU HAVE MULTIPLE CONNECTIONS SET UP AS I DO WILL DETERMINE IF YOU NEED TO DO IT ONCE OR TWICE AS I HAD TO BUT I DID NOTICE A VERY NICE SEED INCREASE FROM HAVING IT AS WIND-BLOWS DEFAULT, BUT ANYMORE I DO CALL ALL MICROSOFT EVERYTHING TURDWARE, THAT INCLUDES THEIR HARDWARE & SOFTWARE, BUT I WOULDN'T CHANGE TO WIND BLOWS 10 TURDWARE SIMPLY BECAUSE I THINK GATES WOULDN'T HAVE GIVEN IT AWAY IF THAT SHIT WASN'T GOING TO CHARGE MY ASS FOR ANY APP I WANTED & ALSO SUBSEQUENTLY BLOCK ALL THE VIDEO'S I DOWNLOAD WITHOUT ANY SUBSCRIPTION, I AM 100% DISABLED & ON A VERY VERY LIMITED FIXED INCOME & WILL NEVER ALLOW ANYONE TO CON ME INTO COSTING MYSELF MONEY I DON'T HAVE, BUT IF THE IRS & SOCIAL SECURITY DIDN'T CONSPIRE TOGETHER WHEN I ACTUALLY FINALLY GOT MY DISABILITY I WOULD HAVE EASILY OF GOTTEN EASILY 6 TO 10 TIMES WHAT I GET A MONTH FROM MY SOCIAL SECURITY DISABILITY BUT BUSH KILLED EVERYONE'S ABILITY TO TRUST THE US GOVERNMENT TO TAKE PROPER CARE OF ITS DISABLED & ELDERLY CITIZENS WITH ITS RAIDING OF THE LIE OF A SOCIAL SECURITY SURPLUS, BUT I ALSO DOUBT THAT ASS HAT EVER DID A SINGLE HONEST DAYS WORK IN ITS SHITTY LIFE, SINCE YOU DON'T BECOME THAT UBER WEALTHY BY FOLLOWING THE RULES & ACTUALLY PAYING YOUR TAXES MINE WERE ALL SELF EMPLOYMENT TAXES I BEGAN PAYING AT AGE 6 & I WORKED MY ASS OFF EVERY DAY OF MY LIFE FROM 6 UNTIL I COULDN'T WORK, YES I WENT TO SCHOOL THEN AFTER SCHOOL WENT TO WORK WITH MY DAD LATE EVERY DAY 7 DAYS A WEEK 365 & 1/4 DAYS A YEAR UNTIL I WAS 18 & BY THEN I WAS A MASTER FLOOR COVERING MECHANIC SO I MADE GOOD MONEY BUT ALSO PAID OUT MY ASS FOR SELF EMPLOYMENT TAXES & FOR WORKMAN'S COMP WHICH BY THE TIME FLOOR STORES BEGAN BEING ABLE TO ALLOW THEIR MECHANICS TO WAIVE THEIR WORKMAN'S COMP COVERAGE IT WAS COSTING EASILY 52.8 % OF MY EARNINGS WHICH WHEN IT WAS AT 20% WAS TOO DAMN MUCH BUT I BEGAN SAYING NOT ONLY NO BUT HELL NO I DON'T WANT TO PAY THAT SHIT WHEN IT JUMPED TO 35%, I STILL DON'T THINK IT WAS LEGAL FOR THE STORES TO HAVE ME SIGN A WAIVER FOR THAT COVERAGE BUT DIDN'T & WOULDN'T WORK TO GIVE SOME LAZY ASS INSURANCE COMPANY OVER 1/3 MY INCOME TO SUPPLY COVERAGE THEY WOULD FIGHT ME TO DEATH RATHER THAN EVER PAY! ME AFTER AN INJURY!

    • LEROY FINK
      April 3, 2018 at 12:51 am

      AND THEY STOLE ALL YOUR LOWER CASE LETTERS, JUST LIKE THEY DID TO ME!!!!

  3. Rosario
    January 18, 2018 at 4:35 pm

    If I have a VPN that does not leak DNS requests do I even have to worry about setting up something like Quad9?

  4. Tyler Durden
    January 18, 2018 at 4:35 am

    I use quad 9 on just about anything. My laptop, phone, xbox etc. I noticed a slight difference in speed with my Xbox, but nothing crazy. I mainly use it for the privacy features.

  5. Bill Woodcock
    January 18, 2018 at 1:18 am

    Hi. I'm the chairman of Quad9's board, and the executive director of Packet Clearing House. I'd like to address a few of the points raised in your article.

    The main one is that "Quad9 versus OpenDNS" is a false dichotomy. OpenDNS is an excellent service, and Cisco Umbrella (of which OpenDNS is a part) and IBM X-Force solve a completely different problem than Quad9. Cisco and IBM have vast IT support businesses, and provide commercial service, under contract, to enterprise IT departments, which in turn are responsible for the end-user devices within their enterprises. Those contracts establish a framework for the handling of privacy and confidential data between the two parties. End-users within the customer enterprise are there to do the work of the enterprise, and their privacy expectations are very different than those of private individuals in their homes. Enterprise IT departments need immediate notification when one of the devices within their purview is infected by malware. That's a privacy regime entirely unlike that of a home user.

    By contrast, Quad9 is aimed at users who do not have an IT department supporting their devices and network use, who are responsible for their own security and privacy, and who are not experts. Users who do not have a contractual relationship with Quad9, and thus (particularly in Europe, under the General Data Protection Regulation, or GDPR) need a service which is inherently GDPR compliant, rather than one which achieves that compliance through a contractual relationship with another enterprise. Quad9 achieves that compliance by not collecting regulated Personally Identifiable Information (PII) in the first place. That option is not available to Cisco or IBM, which need to be able to provide that information to enterprise IT customers.

    So, it's an entirely different service, with a different approach, solving a different problem for a different constituency. OpenDNS is an excellent service, and Cisco and IBM do admirable work. But they aren't able to provide a GDPR-compliant solution for end-users, by the very nature of what they do. It's not possible to both collect that data from people with whom you don't have a contractual relationship, and still be compliant. Nor is it possible to provide first-rate malware threat intelligence, as they do, without collecting that data.

    Unfortunately, you don't discuss the privacy protections that Quad9 provides, and instead devote quite a lot of space to discussion of GCA's donors, who are not Quad9's donors. GCA is a donor to Quad9, providing a bit less than 1% of Quad9's 2017 budget. We are grateful to GCA, as to all of our donors, but their donors are not our donors. The majority of our hundreds of donors are Internet and technology companies, like NTT, IBM, Equinix, Level3, Comcast, and Afilias. They support Quad9 because they thrive when the Internet thrives, and the Internet thrives when users are able to rely upon it without sacrificing their privacy or security.

  6. Todd
    January 17, 2018 at 7:37 pm

    I use Tenta DNS. It not only uses DNSSEC but also DNS over TLS. Most secure DNS server I've found to date.