In order to access websites on the Internet, all internet-connected devices must use a DNS service, which is usually configured by your ISP or your network administrator.
Yes! Quad9 is completely free for everyone! ISPs, service providers, and other large organizations are encouraged to contact us with details about their infrastructure and DNS traffic volume before sending large-scale DNS traffic to Quad9.
Yes! Quad9 provides DNSSEC validation on two out of three of our services. Please refer to [Addresses and Features(https://quad9.net/service/service-addresses-and-features) for more information.
For domains which implement DNSSEC security, the Quad9 system will cryptographically ensure that the response provided matches the intended response of the domain operator. In the event of a cryptographic failure, our system will not return an answer at all. This ensures protection against domain spoofing or other attacks that attempt to provide false data. Learn more about DNSSEC
EDNS Client-Subnet is a method that includes components of end-user IP address data in requests that are sent to authoritative DNS servers. This means that there is privacy “leakage” for recursive resolvers that send EDNS Client-Subnet data, where components of the end user’s IP address are transmitted to the remote site. While this is typically used to improve the performance of Content Distribution Networks, we have determined that Client-Subnet data falls into a grey area of personally identifiable information, and we do not transmit that data in our default service. In some circumstances, this may result in suboptimal routing between CDN origins and end users. We do support a secure service that sends Client-Subnet data.
Secure IPv4: 9.9.9.11 Provides: Security blocklist, DNSSEC, EDNS Client-Subnet sent. If your DNS software requires a Secondary IP address, please use the secure secondary address of 149.112.112.11
Secure IPv6: 2620:fe::11 Provides: Security blocklist, DNSSEC, EDNS Client-Subnet sent. If your DNS software requires a Secondary IP address, please use the secure secondary address of 2620:fe::fe:11
Setting up Quad9 takes only a few minutes and is a very straightforward process.
If you want to use Quad9 to protect all devices on your network without changing the DNS settings on all devices invidiually, you can change the DNS servers configured in your router. Please refer to your router’s documentation for instructions specific to your router model.
If you want to use Quad9 on an individual device, we have setup guides for Mac, Windows, Linux, iOS, Android, or use our Android app for a feature-rich experience which includes details logs and the ability to report a false positive or problem.
Quad9 support is happy to assist with questions or issues related to the setup process. Please contact our support team with any specific questions regarding the setup process for your use case.
Yes! All three Quad9 services support IPv6. Please refer to [Addresses and Features(https://quad9.net/service/service-addresses-and-features) for the complete list of IPv4 and IPv6 addresses.
No. There is no redirection of misspelled domain lookups. Standard NXDOMAIN replies are provided for DNS lookups that do not exist.
Yes! DNS resolution without security blocking is offered through our 9.9.9.10 address family. Please refer to [Addresses and Features(https://quad9.net/service/service-addresses-and-features) for a complete list.
Note: We do not recommend mixing secured and unsecured service IP addresses in the same configuration. Your devices will not be protected 100% of the time and it leads to confusion when debugging potential problems.
The quickest way to confirm you’re using Quad9 is to visit https://on.quad9.net, which will display a simple “Yes” or “No” answer. For more information, see our MacOS, Linux, and Windows articles.
If you believe you set up Quad9 correctly, but it does not seem to be working please contact our support team.
The Domain Name System (DNS) is the Internet’s equivalent of a phone book. It maintains a directory of domain names and translates them to Internet Protocol (IP) addresses. Even though domain names are more comfortable for people to remember, computers and other devices access websites based on IP addresses.
The service was brought online in August of 2016. Since that time, more threat intelligence has been added, more resolvers brought online, and more users added to the system.
Maintenance of the service is continuously performed and users should not experience any disruption in service.
No infrastructure is 100% safe from attack or failure. However, Quad9 has built and maintains a very robust and resilient DNS infrastructure, built on decades of past experiences and partnerships in the industry. Much of the Quad9 platform is hosted on infrastructure that supports authoritative DNS for approximately one-fifth of the world’s top-level domains, two root nameservers, and which sees billions of requests per day. There are constantly intentional and unintentional stresses put on this network, and multiple strategies are used successfully to prevent failures. Over-provisioning bandwidth and capacity, engineering multiple layers of caches and query distribution methods, and application-specific isolation or rejection of unwanted traffic all are methods used to provide high uptime.
Quad9 is a global anycast service. Multiple points of presence around the world mean redundancy is built into the system. If a resolver goes down, the traffic is automatically routed to the next closest resolver. To date, our uptime has been 99.999%.
Quad9 utilizes algorithms based on the domain’s attributes to ensure legitimate domains are not blocked. However, in the rare case a legitimate domain becomes blocked, Quad9 works with the users and threat integelligence providers to quickly investigate and recategorize the domain. Please contact our support team if you believe a domain is erroneously blocked.
Users will experience an “NXDOMAIN” response if a website/domain is blocked, which communicates that the domain does not exist.
Quad9 blocks “malicious” domains, which are in some way intended to directly lead to behavior or results that a reasonable end user would consider detrimental. This does not currently include spam sites, which send repeated advertising information, or in some cases which may even send an email that contains phishing requests. The URLs of content is where we make our determination on inclusion into the blocklist, not the origin of emails. While spam may be annoying, and even costly, it is not necessarily a security risk. Quad9 can protect mail servers against malicious hosts and phishing domains which appear in our blended threat intelligence list, but not against spammers. There are other DNS-based lists which are specifically tuned for spam mitigation, though we cannot endorse any particular one to use at this time
Yes! For more information on the configuration of dnscrypt see the the DNSCrypt Information Page. Quad9 is included in the list of public resolvers.
Yes! All of our services accept DNS over TLS queries on the standard port 853. Please refer to [Addresses and Features(https://quad9.net/service/service-addresses-and-features) for a list DNS over TLS addresses.
Yes! DNS over HTTPS queries can be sent to: https://dns.quad9.net/dns-query. For more information on configuring your client, see our blog post at https://quad9.net/doh-quad9-dns-servers/
If you believe there is a malicious domain that Quad9 is not blocking, please report the domain to our support team with details about why the domain may be malicious. Quad9 will perform an investigation and work with our upstream threat intelligence providers to further im
We support DNS queries on port 9953 as well as 53. In addition we support DNS-over-TLS on the standard port of 853 using the auth name of dns.quad9.net. For more information on the configuration of DNS-over-TLS see the DNS Privacy Project.
Quad9 aggregates cyber threat intelligence from a variety of public and private sources about malicious domains and blocks access to those malicious domains when your system attempts to connect to them.
Quad9 provides fully anonymized telemetry back to the TI providers only for the malicious domains they share with Quad9. This telemetry never includes the source IP information of the user.
Quad9 gathers threat intelligence from all its providers and public sources and updates the Quad9 infrastructure with this information. This update happens regularly (several times a day) or in near-real-time depending on the ability of the vendor to supply threat data.
The Quad9 infrastructure does not store any personal data about its users. Please read our complete Data Policy as there are exceptions for harmful attacks against our infrastructure.
No. Quad9 has no plans to provide content filtering. Quad9 is dedicated solely to internet security and the blocking of malicious domains, such as phishing, malware, and exploit kits.
Quad9 does not and never will share any of its data with marketers, nor will it use this data for demographic analysis. Our purpose is fighting cybercrime on the Internet and to enable individuals and entities to be more secure. We do this by increasing visibility into the threat landscape by providing generic telemetry to our security industry partners who contribute data for threat blocking.
When you use Quad9, attackers and malware cannot leverage the known malicious domains to control your systems, and their ability to steal your data or cause harm will be hindered. Quad9 is an effective and easy way to add an additional layer of security to your infrastructure for free.
When an entity or an individual is using the Quad9 infrastructure, their IP address is not logged in our system. We, however, log the geo-location of the system (city, state, country) and use this information for malicious campaign and actor analysis, as well as a component of the data we provide our threat intelligence partners.
Quad9 does not store IP address data of clients. For a detailed explanation of how Quad9 treats DNS query data, please see the Data and Privacy Policy page
Drop us a line through our contact page with your organization details and contact information.