▸ Service Addresses & Features
Quad9 has several different service offerings for recursive DNS features. Each is represented by a different IP address (or, in some cases, hostname), which you use to configure your systems. See our Set Up Guides for how to configure the most commonly used devices.
- IP-based Configuration Settings
- DNS-over-HTTPS Configuration Settings
- DNS-over-TLS Configuration Settings
- Android Configuration Options
- DNSCrypt Configuration Options
Recursive DNS Server Addresses and Features - IP based configuration
Recommended: Malware Blocking, DNSSEC Validation (this is the most typical configuration)
9.9.9.9
149.112.112.112
2620:fe::fe
Unsecured: No Malware blocking, no DNSSEC validation (for experts only!)
9.9.9.10
149.112.112.10
2620:fe::10
Secured w/ECS: Malware blocking, DNSSEC Validation, ECS enabled
9.9.9.11
149.112.112.11
2620:fe::11
Hints: If you have devices that need to be configured by IP address, make sure to put ALL the IP addresses listed for your selected service into any configuration areas. Putting in just one of the three will leave you vulnerable to single-path failures if they should occur. Even if you do not yet have IPv6, please add those addresses from the list so you don’t have to remember later – most systems will ignore IPv6 addresses if they cannot be used.
DNS-over-HTTPS Configuration Settings
A growing number of systems use DNS-over-HTTPS (RFC 8484), or “DoH,” as a method to communicate DNS messages. DoH is one of several ways to encrypt DNS messages between clients and recursive resolver servers. The tools that support DoH typically use a hostname as their configuration criteria. For more information, see this blog post which discusses some of these features. Notably, Firefox and Chrome can accept DoH settings.
Recommended: Malware Blocking, DNSSEC Validation (this is the most typical configuration)
Unsecured: No Malware blocking, no DNSSEC validation (for experts only!)
Secured w/ECS: Malware blocking, DNSSEC Validation, ECS enabled
DNS-over-TLS Configuration Settings
Recommended: Malware Blocking, DNSSEC Validation (this is the most typical configuration)
Unsecured: No Malware blocking, no DNSSEC validation (for experts only!)
Secured w/ECS: Malware blocking, DNSSEC Validation, ECS enabled
Android Configuration Options
Quad9 provides an app for Android users, which greatly simplifies configuration of Quad9 DNS for those devices. The app also includes other features such as a full log of DNS queries, notification on block events, and encryption (using DNS-over-TLS) of all queries to the Quad9 systems.
Find the “Quad9 Connect” app on the Google Play store by clicking here
DNSCrypt configuration options
DNSCrypt is a less frequently used DNS encryption protocol, but it is supported by Quad9. To read more about DNSCrypt, see our post here, or you may download the configuration files and stamps by following https://www.quad9.net/quad9-resolvers.toml