I seem to post a lot about DNS, it’s an important part of the internet. For most people, it’s just something your ISP does for you. But, it can actually be much more powerful.
A number of years ago Google launched their public DNS resolvers, which they promise not to track if you choose to use them. They are also extremely fast due to a large number of PoPs (points of presence) and in many cases will outperform those provided by your ISP. Furthermore – has your ISP promised not to track or sell your DNS data?
A new DNS service has been released, called Quad9. It’s so-called because of the IP address – 184.108.40.206 – which the service operates on, donated by IBM. This new service doesn’t just resolve domain names to IP addresses, it also helps keep you safe. By combining many different sources, including IBM’s X-Force threat intelligence database, it blocks requests to malicious domains. X-Force alone lists over 40 billion threats. This can help you avoid many visible and invisible threats. From obvious cases such as phishing websites, preventing connections to botnets and even adding much-needed security to other devices connected to your network.
How does Quad9 DNS work?
I’ll leave this to Quad9 to explain:
Quad9 routes your DNS queries through a secure network of servers around the globe. The system uses threat intelligence from more than a dozen of the industry’s leading cyber security companies to give a real-time perspective on what websites are safe and what sites are known to include malware or other threats. If the system detects that the site you want to reach is known to be infected, you’ll automatically be blocked from entry – keeping your data and computer safe.
If you’d like to try out this free service for yourself, they have a range of articles on their site to help you.
Should I switch?
Yes. Quad9 is backed by a number of very trustworthy companies – IBM, Packet Clearing House and Global Cyber Alliance. It currently uses data from 19 sources to compile it’s filtering list. These include IBM X-Force, F-Secure, abuse.ch and RiskIQ.
The service is provided for free. If you don’t like it for any reason, it’s very straightforward to switch back.
We’ve been using it for a few days and have been delighted with the results, so why not give it a whirl?
If you’re familiar with how to configure DNS, just switch your DNS resolver to 220.127.116.11 (or 2620:fe::fe for IPv6). If you need help, follow the step by stop guides here.