Kitz ADSL Broadband Information
adsl spacer  
Support this site
Home Broadband ISPs Tech Routers Wiki Forum
 
     
   Compare ISP   Rate your ISP
 
Please login or register.

Login with username, password and session length
Advanced search  

News:

Author Topic: New DNS Service 9.9.9.9  (Read 939 times)

underzone

  • Reg Member
  • ***
  • Posts: 203
New DNS Service 9.9.9.9
« on: November 17, 2017, 05:50:30 PM »

A free service that helps stop consumers visiting websites known to be malicious has been set up by IBM and two other industry bodies.
The Quad 9 service requires people to change the settings on their home router so web addresses can be checked.
It uses 19 separate lists of web-based threats to spot those used by phishing gangs or other cyber-thieves.
One security expert said it could be a "challenge" getting people to adopt the filtering system.

New “Quad9” DNS service blocks malicious domains for everyone
Set DNS server to 9.9.9.9, and (known) malware and phishes won’t be able to phone home.

http://www.bbc.co.uk/news/technology-42025569

https://arstechnica.com/information-technology/2017/11/new-quad9-dns-service-blocks-malicious-domains-for-everyone/

"Anyone anywhere can use it," said Phil Rettinger, GCA's president and chief operating officer, in an interview with Ars. The service, he says, will be "privacy sensitive," with no logging of the addresses making DNS requests—"we will keep only [rough] geolocation data," he said, for the purposes of tracking the spread of requests associated with particular malicious domains. "We're anonymizing the data, sacrificing on the side of privacy." - bye bye Google DNS!
Logged

BT Infinity 2, ECI PCP, Vigor 130, pfSense 2.4.2

jelv

  • Helpful
  • Reg Member
  • *
  • Posts: 640
Re: New DNS Service 9.9.9.9
« Reply #1 on: November 17, 2017, 06:27:43 PM »

I've just compared the tracert to that and Google's DNS - for me it has two less hops!
Logged
Programming today is a race between software engineers striving to build bigger and better idiot-proof programs, and the Universe trying to produce bigger and better idiots. So far, the Universe is winning. Rick Cook, The Wizardry Compiled

renluop

  • Kitizen
  • ****
  • Posts: 2749
Re: New DNS Service 9.9.9.9
« Reply #2 on: November 17, 2017, 07:02:57 PM »

Google has primary and secondary DNS; quad9 just the one i.e. 9999. Is that correct?

As a less knowledgeable member I'm thinking if that could be not a good thing, as shouldn't one always have an alternative and a non-quad9 would bear risks as before.
Logged

underzone

  • Reg Member
  • ***
  • Posts: 203
Re: New DNS Service 9.9.9.9
« Reply #3 on: November 17, 2017, 07:10:11 PM »

quad9 just the one i.e. 9999. Is that correct?

As a less knowledgeable member I'm thinking if that could be not a good thing, as shouldn't one always have an alternative and a non-quad9 would bear risks as before.

Nope.

"As of launch, there were clusters of DNS servers configured in 70 different locations around the world; Baykal said that the organization expects to have 100 sites up and running by the end of the year. Each cluster has at least three servers, Baykal explained, "and in some critical areas, like Chicago, we have five, seven, or nine systems behind load balancer.""
Logged

BT Infinity 2, ECI PCP, Vigor 130, pfSense 2.4.2

Chrysalis

  • Content Team
  • Addicted Kitizen
  • *
  • Posts: 5087
Re: New DNS Service 9.9.9.9
« Reply #4 on: November 17, 2017, 07:13:52 PM »

yeah they defenitly have geo based routing, slightly better latency for me vs google dns.

Code: [Select]
C:\Users\Chris\AppData\Local\FiveM\FiveM.app>ping 8.8.8.8

Pinging 8.8.8.8 with 32 bytes of data:
Reply from 8.8.8.8: bytes=32 time=9ms TTL=60
Reply from 8.8.8.8: bytes=32 time=9ms TTL=60
Reply from 8.8.8.8: bytes=32 time=9ms TTL=60
Reply from 8.8.8.8: bytes=32 time=9ms TTL=60

Ping statistics for 8.8.8.8:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 9ms, Maximum = 9ms, Average = 9ms

C:\Users\Chris\AppData\Local\FiveM\FiveM.app>ping 9.9.9.9

Pinging 9.9.9.9 with 32 bytes of data:
Reply from 9.9.9.9: bytes=32 time=7ms TTL=60
Reply from 9.9.9.9: bytes=32 time=7ms TTL=60
Reply from 9.9.9.9: bytes=32 time=6ms TTL=60
Reply from 9.9.9.9: bytes=32 time=6ms TTL=60

Ping statistics for 9.9.9.9:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 6ms, Maximum = 7ms, Average = 6ms

C:\Users\Chris\AppData\Local\FiveM\FiveM.app>
Logged
Sky Fiber Pro - Billion 8800NL bridge & PFSense BOX running PFSense 2.4 - ECI Cab

burakkucat

  • Global Moderator
  • Senior Kitizen
  • *
  • Posts: 20601
  • Over the Rainbow
    • The ELRepo Project
Re: New DNS Service 9.9.9.9
« Reply #5 on: November 17, 2017, 07:22:06 PM »

Just for the analysts amongst us --

[Duo2 ~]$ ping -c5 8.8.8.8
PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
64 bytes from 8.8.8.8: icmp_seq=1 ttl=57 time=41.2 ms
64 bytes from 8.8.8.8: icmp_seq=2 ttl=57 time=40.2 ms
64 bytes from 8.8.8.8: icmp_seq=3 ttl=57 time=41.6 ms
64 bytes from 8.8.8.8: icmp_seq=4 ttl=57 time=40.5 ms
64 bytes from 8.8.8.8: icmp_seq=5 ttl=57 time=40.7 ms

--- 8.8.8.8 ping statistics ---
5 packets transmitted, 5 received, 0% packet loss, time 4047ms
rtt min/avg/max/mdev = 40.205/40.891/41.635/0.507 ms
[Duo2 ~]$ ping -c5 8.8.4.4
PING 8.8.4.4 (8.8.4.4) 56(84) bytes of data.
64 bytes from 8.8.4.4: icmp_seq=1 ttl=57 time=39.6 ms
64 bytes from 8.8.4.4: icmp_seq=2 ttl=57 time=39.2 ms
64 bytes from 8.8.4.4: icmp_seq=3 ttl=57 time=39.0 ms
64 bytes from 8.8.4.4: icmp_seq=4 ttl=57 time=43.0 ms
64 bytes from 8.8.4.4: icmp_seq=5 ttl=57 time=38.0 ms

--- 8.8.4.4 ping statistics ---
5 packets transmitted, 5 received, 0% packet loss, time 4043ms
rtt min/avg/max/mdev = 38.003/39.796/43.097/1.744 ms
[Duo2 ~]$ ping -c5 9.9.9.9
PING 9.9.9.9 (9.9.9.9) 56(84) bytes of data.
64 bytes from 9.9.9.9: icmp_seq=1 ttl=58 time=40.1 ms
64 bytes from 9.9.9.9: icmp_seq=2 ttl=58 time=38.5 ms
64 bytes from 9.9.9.9: icmp_seq=3 ttl=58 time=39.4 ms
64 bytes from 9.9.9.9: icmp_seq=4 ttl=58 time=39.7 ms
64 bytes from 9.9.9.9: icmp_seq=5 ttl=58 time=39.6 ms

--- 9.9.9.9 ping statistics ---
5 packets transmitted, 5 received, 0% packet loss, time 4046ms
rtt min/avg/max/mdev = 38.542/39.502/40.121/0.587 ms
[Duo2 ~]$
Logged
:cat:  100% Linux and, previously, Unix. Co-founder of the ELRepo Project.

Please consider making a donation to support the running of this site.

smf22

  • Member
  • **
  • Posts: 44
Re: New DNS Service 9.9.9.9
« Reply #6 on: November 18, 2017, 12:21:13 PM »

yeah they defenitly have geo based routing, slightly better latency for me vs google dns.

It's not mentioned in the article, but I would expect the geo based routing to be based on Anycast. The existing OpenDNS and Google Public DNS do this as described by Google in their FAQ How does Google Public DNS know where to send my queries?. Perhaps it's Anycast to get to the nearest cluster and then as they describe, the dnsdist to load balance across nodes of the cluster.

In terms of latency, I'd imagine the load on the servers is currently much lower than the other public DNS servers as there'll be fewer people using them.
Logged
BT FTTC 80/20 Huawei Cab - Zyxel VMG8924-B10A bridge mode + Ubiquiti EdgeRouter X - smf22 on MDWS via DSLstats

art37

  • Member
  • **
  • Posts: 36
Re: New DNS Service 9.9.9.9
« Reply #7 on: January 15, 2018, 12:33:05 PM »

Sorry to hijack an existing thread. Does anyone know the IPv4 and IPv6 secondary servers for Quad9? I have a Fritz!Box that requires both primary and secondary before it will allow a change. I recall reading somewhere that it is unwise to mix secure with insecure.
Logged

roseway

  • Administrator
  • Senior Kitizen
  • *
  • Posts: 38840
  • Penguins CAN fly
    • DSLstats
Re: New DNS Service 9.9.9.9
« Reply #8 on: January 15, 2018, 01:05:04 PM »

I found this: https://www.stationx.net/improve-your-security-and-privacy-check-out-the-new-quad9-dns-service/ which recommends 149.112.112.112 as the secondary IPV4 DNS server. A whois enquiry on this number shows that it's owned by the Packet Clearing House, so it should be genuine.
Logged
  Eric
 

anything