Check-out our set up guides and the FAQ, or use the below search bar to find relevant information.
These instructions are still under review so inaccuracies may exist. Please leave a comment if you notice any errors or if you have any general suggestions.
Quad9 blocks against known malicious domains, preventing your computers and IoT devices from connecting to malware or phishing sites. Whenever a Quad9 user clicks on a website link or types in an address into a web browser, Quad9 checks the site against a list of domains combined from 19 different threat intelligence partners. Each threat intelligence partner supplies a list of malicious domains based on their heuristics which examine such factors as scanned malware discovery, network IDS past behaviors, visual object recognition, optical character recognition (OCR), structure and linkages to other sites, and individual reports of suspicious or malicious behavior. Based on the results, Quad9 resolves or denies the lookup attempt, preventing connections to malicious sites when there is a match.
Quad9's blocklist may occasionally include safe domains, we refer to these as false positives, that have been included by error. Please follow the instructions below for reporting a false positive:
While Quad9's blocklist is an aggregation of 19 different threat intelligence feeds, new malicious domains are always appearing and may not be included in our blocklist. Our blocklist is almost entirely comprised of domains from our threat intelligence partners and rarely includes domains included by Quad9 so the best course of action is to report any malicious domain to your threat intelligence provider of choice. If you wish to bring a domain directly to Quad9's attention, please follow the instructions below for reporting malicious domains and we can elevate requests to our threat intelligence partners.
Please only report domains that you either know or suspect to be malicious. If you are looking through your DNS logs and notice unrecognized domains, that does not necessarily mean they are malicious. Web browsers or applications on your device may query or communicate with other domains in order to function properly, even if you did not specifically navigate to them.