DNS Blocking Effectiveness: Recent Independent Tests

Quad9’s DNS blocking service has recently been part of an independent test done to compare various DNS-based blocking systems. 

The results are impressive. In these tests, Quad9 blocks more than 97% of the hosts that were listed as malicious. The tests were duplicated by more DNS enthusiasts as well, with consistent results.

This type of testing is tricky to do and can suffer from many types of bias. The sample set of data can skew results significantly. It appears that one of our TI providers is ingesting the threat list that was used for this test, which gave us high results. But the word “skew” is a loaded term – we certainly do try to skew our results so that they provide more coverage, by collecting as much data from as many commercial and non-commercial sources as possible, while still trying to keep our “false positive” rate as low as we can. Any trick we can apply that gets better results for end users, we’ll try it. Quad9 intentionally blends multiple, different providers of threat data into our solution so that we get this type of cross-coverage. If we obtain enough high-quality data from enough sources, we hope to be able to continue to provide the broadest range of protection available, skewing the results towards more blocked malware/phishing/C2 domains.

DNS filtering is an effective and simple way to protect your network no matter whose DNS filtering service you use. A recent study has shown that around 30% of cyber-crime events (total) could be mitigated by using a DNS firewall, which globally means that hundreds of billions of dollars of damage could be avoided. You might think DNS firewalls are only useful for phishing spam or lookalike links in web pages – but they protect against much more than that. Malware and spyware that gets installed through other means often will try to “phone home” or trick your browser into visiting lookalike pages, and DNS filters can help with that protection.

As you consider what DNS filtering service to use, think about the long-term implications of your decision: What are the costs? What are the privacy issues? Who are you supporting? Are your goals aligned with the provider or are they focused on a different end result?  We believe Quad9 is the best answer to all of these questions, as our charter as a nonprofit is to bring better security and privacy to end users.

We welcome additional tests, and we’re thrilled with the exceptionally high results that we returned. That being said, we’re also able to be realistic about expectations and say that we don’t anticipate that any solution (even one as great as ours!) would see this type of result all the time. Given that we operate as a free service, and provide security and privacy with no hidden commercial agenda, there really is every reason to use Quad9.

Near-perfect scores are great and noteworthy, but we’re bringing benefit at any blocking rate. If we can provide protection against even a smaller percentage of cybercrime risks than what these tests prove, the cost/benefit analysis is still clear: Quad9 is a huge win.