Clicky

▸ Service Addresses & Features

Quad9 has several different service offerings for recursive DNS features. Each is represented by a different IP address (or, in some cases, hostname), which you use to configure your systems. See our Set Up Guides for how to configure the most commonly used devices.

Recursive DNS Server Addresses and Features - IP based configuration

Recommended: Malware Blocking, DNSSEC Validation (this is the most typical configuration)

IPv4

9.9.9.9

149.112.112.112

IPv6

2620:fe::fe

Unsecured: No Malware blocking, no DNSSEC validation (for experts only!)

IPv4

9.9.9.10

149.112.112.10

IPv6

2620:fe::10

Secured w/ECS: Malware blocking, DNSSEC Validation, ECS enabled

IPv4

9.9.9.11

149.112.112.11

IPv6

2620:fe::11

Hints: If you have devices that need to be configured by IP address, make sure to put ALL the IP addresses listed for your selected service into any configuration areas. Putting in just one of the three will leave you vulnerable to single-path failures if they should occur. Even if you do not yet have IPv6, please add those addresses from the list so you don’t have to remember later – most systems will ignore IPv6 addresses if they cannot be used.

DNS-over-HTTPS Configuration Settings

A growing number of systems use DNS-over-HTTPS (RFC 8484), or “DoH,” as a method to communicate DNS messages. DoH is one of several ways to encrypt DNS messages between clients and recursive resolver servers. The tools that support DoH typically use a hostname as their configuration criteria. For more information, see this blog post which discusses some of these features. Notably, Firefox and Chrome can accept DoH settings.

Recommended: Malware Blocking, DNSSEC Validation (this is the most typical configuration)

https://dns.quad9.net/dns-query

Unsecured: No Malware blocking, no DNSSEC validation (for experts only!)

https://dns10.quad9.net/dns-query

Secured w/ECS: Malware blocking, DNSSEC Validation, ECS enabled

https://dns11.quad9.net/dns-query

DNS-over-TLS Configuration Settings

Recommended: Malware Blocking, DNSSEC Validation (this is the most typical configuration)

tls://dns.quad9.net

Unsecured: No Malware blocking, no DNSSEC validation (for experts only!)

tls://dns10.quad9.net

Secured w/ECS: Malware blocking, DNSSEC Validation, ECS enabled

tls://dns11.quad9.net

Android Configuration Options

Quad9 provides an app for Android users, which greatly simplifies configuration of Quad9 DNS for those devices. The app also includes other features such as a full log of DNS queries, notification on block events, and encryption (using DNS-over-TLS) of all queries to the Quad9 systems.

Find the “Quad9 Connect” app on the Google Play store by clicking here

DNSCrypt configuration options

DNSCrypt is a less frequently used DNS encryption protocol, but it is supported by Quad9. To read more about DNSCrypt, see our post here, or you may download the configuration files and stamps by following https://www.quad9.net/quad9-resolvers.toml