Quad9 – Safer addressing on the internet
I sometimes grow weary of the never ending stories of the bad guys being successful. Quad9 is a free Domain Name Service (DNS) from the good guys that should make life safer for everyone. Basically if you use this service, it will pretty well prevent any malicious software from connecting your laptop, tablet, phone, smart watch, smart toaster, smart whatever to an evil doer’s website, because it will not resolve the address. It can’t give 100% guaranteed protection, but it’ll be extremely effective … and did I mention, it’s FREE?!?!
What is DNS?
A Domain Name Service is the backbone of addressing, as every website is stored on a server located somewhere on the internet. Your favourite security website (www.L2CyberSecurity.com) is sitting on a server in Dublin. That server has an Internet address of 188.8.131.52. You don’t need to know that long-winded number. You just need to know the nice, friendly name L2CyberSecurity.com. When you type that address, or click a link to that address in your browser, your PC/Laptop will pass the friendly name to some DNS server (whichever one it is configured to use), that will then return the long-winded number to the browser, so off it goes to that server and dishes up the webpage to you.
How does the existing DNS fail to protect me?
If you currently use the DNS server that your provider gives you, or perhaps OpenDNS or Google’s DNS, then if you get infected with malicious software, this will probably try to “phone home”, i.e.- connect with a server controlled by the evil doers. It will look to connect to the server by referencing a friendly name (e.g.- www.scaryevilhackersoftware.co) and the usual DNS servers will resolve that to the bad guys server and facilitate the connection.
IT’S NOT THEIR FAULT! This is how the internet is supposed to work.
How does Quad9 protect me?
The good people over at IBM, the Packet Clearing House (PCH) and Global Cyber Alliance came together and set-up this global service. They have made it genuinely free to use, without any sneaky monitoring of what you do. When you have it set-up, Quad 9 will check a site you are trying to connect to against the IBM X-Force threat intelligence database of over 40 billion analysed web pages and images. it also uses feeds from 18 additional threat intelligence partners to block a large portion of the threats that present risk to end users and businesses alike. If the site you are trying to connect with is a known evil site, Quad9 will NOT resolve the friendly address to the long winded number. It will effectively return a “domain/site does not exist”.
That sounds great. How do I set it up?
For a business environment, please contact your IT Department or IT Service Provider. There could be internal DNS server dependencies which, if you implemented Quad9, might break an application. IT will need to make a determination on whether it can be implemented or not.
For home users, on the Quad 9 home page there are videos and instructions for configuring Mac and Windows desktops/laptops.
However, for the best possible coverage, I would recommend you have this setting applied to the router or modem that your service provider installed with your connection. It should be noted that some internet providers do not allow changes to be made to their router (Imagine and Sky are two examples). You may need to log a support request to have the change applied to your router.
If you are, or know somebody who is technically competent (and game-playing teenagers may not fit this criteria ?), the change is as easy as logging into the router and changing, whats called, the DHCP settings. Before anything is changed, you should make a note of what the current DNS settings are. Then all you have to do is change the primary DNS server to 184.108.40.206 (4 nines … Quad9 … get it now? ?). The secondary address can be set to whatever was previously the primary address. Be sure to save the setting and reboot the router.
When the router comes back up, any device that connects to it (laptop, desktop, tablet, phone, smart toaster, etc.) will receive the protection of Quad9 automatically.
If you have any connectivity issues after the change, then simply log back into the router and put back the DNS settings under DHCP that had been there before, save the setting and reboot the router again.
One thing I had concerns about was performance. I previously used Google’s DNS (220.127.116.11) which was always pretty responsive. So when I tested it’s performance against Quad9’s I found that Quad9 was generally faster than Google. They are improving the service all the time as demand increases, so it should always be very quick.
So for me it’s a ??.