Service Addresses & Features
Quad9 has several different service offerings for recursive DNS features. Each is represented by a different IP address (or, in some cases, hostname), which you use to configure your systems. See our Set Up Guides for how to configure the most commonly used devices.
- Recommended Settings
- Secured w/ECS
- Unsecured
- Android Configuration Options
- DNSCrypt Configuration Options
Recursive DNS Server Addresses and Features - Service based configuration:
Recommended: Malware Blocking, DNSSEC Validation (this is the most typical configuration)
IPv4
IPv6
HTTPS
TLS
Secured w/ECS: Malware blocking, DNSSEC Validation, ECS enabled
IPv4
IPv6
HTTPS
TLS
Unsecured: No Malware blocking, no DNSSEC validation (for experts only!)
IPv4
IPv6
HTTPS
TLS
Hints: If you have devices that need to be configured by IP address, make sure to put ALL the IP addresses listed for your selected service into any configuration areas. Putting in just one of the three will leave you vulnerable to single-path failures if they should occur. Even if you do not yet have IPv6, please add those addresses from the list so you don’t have to remember later – most systems will ignore IPv6 addresses if they cannot be used.
Android Configuration Options
Quad9 provides an app for Android users, which greatly simplifies configuration of Quad9 DNS for those devices. The app includes other features such as a full log of DNS queries, notification on block events, and encryption (using DNS-over-TLS) of all queries to the Quad9 systems.
Find the “Quad9 Connect” app on the Google Play store:
It is also possible to use Quad9 services using the Private DNS feature of Android, click here to find out how to do it.
DNSCrypt configuration options
DNSCrypt is a less frequently used DNS encryption protocol, but it is supported by Quad9. To read more about DNSCrypt, see our post here, or you may download the configuration files and stamps by following https://www.quad9.net/quad9-resolvers.toml