The Quad9 project treats user privacy as a first-order priority along with performance and security. Part of the concept of privacy is keeping others from seeing what DNS requests you are sending. Encryption using DNS-over-TLS has been part of Quad9’s offering since launch last year. DNSCrypt is a protocol that has been around for some time, and many open source systems support it, and today we are confirming that we are moving out of beta support and into operational for DNSCrypt and DOH (via DNSCrypt) on our anycast array.
All our servers are listed in the public server list for DNSCrypt.
Need More Info?
Contact our support team if you need more detailed instructions or have any questions.
You can still download the Quad9 specific config from https://www.quad9.net/quad9-resolvers.toml.
Then just cut and paste the configuration fragment into your dnscrypt-proxy.toml file. If you comment out other public resolvers, you can test with only Quad9 servers.
If you’re just looking for the Quad9 stamps, go to https://www.quad9.net/quad9-resolvers.md.
If you are using a version of DNSCrypt that requires manual entry you can find our public key using dig:
dig @220.127.116.11 2.dnscrypt-cert.quad9.net txt