Blog

Enable Private DNS using Quad9 on Android 9

You might have seen the news that Google released a new feature called Private DNS mode in Android 9 Pie.

This new feature makes it easier to keep third parties from listening in on the DNS queries coming from your device by encrypting those queries.  DNS-over-TLS is something Quad9 has supported since our launch almost a year ago, and we’re excited to have Android support this feature in a way that end users can configure quickly and easily.

Configuring Private DNS to use Quad9

Android Pie only supports DNS-over-TLS at this time. To enable this on your device:

  1. Go to Settings –> Network & Internet –> Advanced –> Private DNS.
  2. Select the Private DNS provider hostname option.
  3. Enter dns.quad9.net and select Save.

private-dns-quad9-768x733.png

That’s it; you’re done!

Quad9 now protects you with anti-malware security, and your DNS requests on Android 9 are encrypted.

More about DNS-over-TLS

The protocol used by Private DNS is an industry standard called “DNS-over-TLS” which has been available on all Quad9 instances worldwide since our launch. By encrypting DNS traffic, your security and privacy is improved when connecting to unsecured public WiFi networks and even against observation by your mobile phone carrier on your data plan.

We encourage new methods to protect DNS data in flight, and we’re pleased to see Android supporting encryption out-of-the-box.

Caveats and Finding about Private DNS in Android (*)

Small print: You may find that not 100% of your queries are protected with Private DNS in this version of Android. There are are some queries that may “leak” through after your device wakes from sleep mode for about 30 seconds, as well as some cases that we’ve observed where the encryption isn’t stable in this release, which means downgrading back to standard unencrypted DNS without notice to the user. Remember this is the first implementation of this feature for Android, and we assume that like all first releases multiple iterations will occur. If you see ‘Couldn’t Connect’ when you press ‘Save’ after populating the ‘Private DNS hostname’ field, that doesn’t mean it isn’t using TLS – there seem to be some inconsistencies in this first release of Android, and we’ll be working with the development community to debug and assist in solving some of these issues.

Questions or Comments?

If you’re having any issues using Quad9 with Android 9, contact-us via our Support page.