Quad9 DNS Review for 2020

The free service backed by IBM, Packet Clearing House and the Global Cyber Alliance aims to make the DNS resolver of choice for internet security.


IBM, Packet Clearing House and the Global Cyber Alliance announced on Nov. 16 the launch of Quad9 DNS, a free service to help internet users reduce risk and stay secure online.

DNS (Domain Name Service) is a foundational element of internet infrastructure, matching IP addresses with domain names. The name "Quad9" is a reference to the IP address used by the service, which is 

"IBM has owned the address block since the 1980s," Paul Griswold, director of Strategy & Product Management at IBM X-Force, told eWEEK. "We were saving for the right project, and the value Quad9 is going to bring to the public is just such a project. We have not used it for any commercial service in the past."

In addition to the address, IBM is providing X-Force threat intelligence capabilities to the Quad9 effort. The Packet Clearing House is providing the network infrastructure for Quad9, and the Global Cyber Alliance is providing system development capabilities.

"GCA is an organization focused on reducing system cyber-risk, and we identified DNS filtering as a way to deliver enterprise-level security to consumers and small-to-medium-sized businesses," Philip Reitinger, president and CEO of the Global Cyber Alliance, told eWEEK. " We built a dynamic team of security leaders and were lucky to recruit PCH as our infrastructure partner."

PCH and GCA brought the idea for the Quad9 project to IBM nearly a year ago, and Griswold said iBM was eager to participate. He added that IBM has always been a strong proponent of collaborative defense, dating back to its launch of the X-Force Exchange in April 2015, where IBM opened up its threat intelligence for the industry to use. 

"With Quad9, IBM is happy to be contributing both the IP address for the secure DNS service, as well as X-Force Threat Intelligence to help secure the service itself," Griswold said. "X-Force Threat Intelligence has previously been primarily used by large enterprise clients, but with Quad9, we are leveraging it to secure a global DNS service that is available at no cost."

Open Source

With Quad9, DNS queries from users are routed through the secure platform, helping to protect users from security threats. John Todd, executive director of Quad9, said the underlying technology of Quad9 is all open-source and is a mix of various resolvers on the front-end systems. 

"To avoid as many single points of failure as possible and provide advanced features, there are multiple resolvers that answer questions based on load, availability and capability of the software or particular resolver instance," Todd told eWEEK. "Currently, the primary resolvers are Unbound and PowerDNS Recursor, but we expect to add others as feature profiles change during the constant updating that occurs in the open-source community."

The idea of using DNS as a way to filter, accelerate and secure traffic is not a new one, with OpenDNS, which Cisco acquired in 2015, and Google Public DNS already in the market. Quad9 is somewhat different from other DNS services in multiple respects, according to Todd. For example, the Quad9 security model is not just based on a single stream of threat intelligence data, he said. 

"While IBM provides a significant and extremely valuable set of malicious hosts to the system that we rely on for their highly vetted and accurate results, we also have 18 other threat intelligence partners who each contribute threats based on their own observations of the malware and phishing landscape," Todd said. "From a performance perspective, Quad9 is launching with an extensive geographic footprint, which makes the latency between these caching resolvers and the end-user base much shorter in many instances."

Packet Clearing House provides the network on which Quad9's packets travel and, according to Todd, they are one of the most widely peered networks in the world due to their distribution of hundreds of top-level domains. The extensive peering means that the data packets travel short paths and have fast response to the majority of the world’s population.

Todd also noted that Quad9 is a not-for-profit. "This gives us a core charter to not be profit-minded, so we are not in the business of monetizing user data," he said. "We have no business model that focuses on commoditizing user data—our goal is to provide a secure, performant DNS service with an assurance of privacy.

"We are sponsored as a not-for-profit, and our goal is to deliver security and performance to as many people as possible, as this benefits not just each end user individually, but the internet as a whole," Todd said.

Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.

Sean Michael Kerner

Sean Michael Kerner

Sean Michael Kerner is an Internet consultant, strategist, and contributor to several leading IT business web sites.