DNS Provider Quad9 moves to Switzerland
Not-For-Profit Domain Name System (DNS) provider Quad9 announced the move of its headquarters from California to Switzerland today.
Quad9 is a non-commercial DNS provider that does not collect personal information nor sell it. It is supported by donations and its sole product is the operation of its DNS service.
DNS services are used to "translate" domain names into IP addresses that computers use for communication. DNS providers are critical for privacy as they know each site that users access. Some use the information for marketing purposes or to sell them to the highest bidder.
The default DNS provider is usually the Internet Service Provider, but it is often not the fastest nor the most private one.
DNS Benchmark tools help users find a better provider, at least when it comes to speed.
What these tools don't do is provide users with other information, e.g. about the privacy policy of a service.
Quad9 made the deliberate decision to place its service under Swiss jurisdiction and thus privacy laws. Being one of the world's most user friendly privacy laws, the move to Switzerland was designed to boost Quad9's dedication to keeping user data private and secure further.
The company notes that all its users benefit from the move as the "Swiss Data Protection Act does not contain any restriction regarding the citizenship or residence of the individuals whose personal rights are to be protected by the law". In other words: all Quad9 users have the same legal protection as Swiss citizens when using the service.
The move of headquarters "is being facilitated by SWITCH", a Swiss foundation that operates critical infrastructure and its own security division.
Internet users who would like to set up Quad9 as the DNS provider on a device can do so by using the IP addresses 9.9.9.9, 149.112.112.112, and 2620:FE::FE. These versions of the DNS service include protection against malware and DNSSEC validation. Users who prefer to use just the DNS service without add-ons need to use the IP addresses 9.9.9.10, 149.112.112.10 and 2620:fe::10 respectively.
Lastly, a variant that is secured with ECS is also available by using the IP addresses 9.9.9.11, 149.112.112.11, and 2620:fe::11.
Quad9 does support DNS-over-HTTPS, a feature that encrypts DNS traffic to improve protection further.
Setup guides for all options are available on this site.
Now You: which DNS provider do you use, and why?
Specifically, the move is to Zürich, which is a great city, except for all the bicycle thieves.
@JoJo
Agreed but there is no reason to not be aware of privacy issues and that is why articles have comment sections.
You might not care, but someone does.
I understand the marketing spin of announcing a new Switzerland address given the growing distrust of tech companies hailing from Silicon Valley/SF Bay such as Quad9. However, I’m not sure how changing the HQ location to Switzerland affects users of their servers that are based in, say, the U.S. I tested Quad9’s two primary servers and it revealed that the DNS server for my searches all traced back to a Berkeley, CA-based DNS server.
I forgot to include he says a virtual machine is also necessary.
@Anonymous
I just read this article in entirety including the comment section. There is an interesting comment at the very bottom made last month that you may have missed or may want to revisit. (very bottom of page)
In summary, the commenter suggests that with the proper use of Dns over https, ie, used with a proper vpn with no logs, a reliable browser with fingerprinting resistance and ocsp disabling or (forced stapling) then it could actually be useful for privacy.
I appreciated this article for an unusual reason:
I recently updated my router’s firmware. My manually assigned static IP addresses for LAN devices — which are necessary for networking in Linux, so far as I know — were mercifully preserved, but I forgot to check whether my manually assigned DNS server was. This article prompted me to take a look-see, and wouldn’t you know it, it *wasn’t*. It was replaced by an ISP-assigned DNS server, and my ISP is Comcast so it was Comcast’s DNS server. I just changed it back to Quad9.
For the n-th time, your Comcast ISP can still essentially see what sites you connect to after you stopped using their DNS server, you’re just giving that data to Quad9 too now.
https://blog.powerdns.com/2019/09/25/centralised-doh-is-bad-for-privacy-in-2019-and-beyond/#metadata-leaks
Alternative DNS are a censorship circumvention tool at the cost of less privacy. They are the opposite of a privacy tool. You have been lied to.
@Anonymous: I didn’t say I expected more privacy by switching to Quad9. Its DNS servers just seem to be faster and better than Comcast’s.
There is no privacy. Someone always has the capability to know what you are doing unless you encrypt from your desktop to your destination, which almost no one would take the time to do unless they were actually hiding something or were unnecessarily paranoid (possible mental issue then).
So use what you want and just get on with life.
Ah, Quad9. Now that they are in Switzerland, they won’t secretly give our data as easily as before to the state for mass surveillance, fantastic. They wouldn’t even need to give it anyway, they *are* themselves the US and British law enforcement :
https://www.globalcyberalliance.org/founding-organizations/
My data feels safer already.
Thanks for the info! Since Quad9 is sponsored by GCA and all they partners do not deserve trust, in particular “Craig Newmark Philanthropies”, I’ve already changed the dns provider.
Could definitely use a masterfully crafted tutorial for moving/setting Quad9 encrypted. SimpleDNS is used; I think there are some instructions somewhere on this site. If not, Quad9 takes users through the process. The batch file is great. Use of DNS Jumper helped tremendously. Ran in to a couple of hiccups that proved a bit intimidating, but . . . Quad9 is now being used.
I use Adblock DNS, because I hate adverts. Thinking of running my own black hole server with a Raspberry Pie though. How does this compare?
A full Raspberry-Pi setup is ~$50 so if you like DIY go for it. Worst case you use the Pi for a VPN router, etc, etc. I’ve used both and went for Pi-Hole. I find it more transparent and configurable. And the community behind it is a great asset.
I still prefer my unbound local dns but if I had to use one digitale gesellschaft dns (dot, doh, no blocking) would be my way to go. of course ymmv.
I switched to Quad9 after Norton DNS was shutdown.
Both supposedly block malware.
I never noticed a website blocked by Quad9, but I have been blocked from websites by Firefox and Norton 360.
Switzerland I love that country so much
Interesting move..first thing that came to my mind when reading the headline – GDPR, as the USA is still the wild west when it comes to the internet. Been using Quad9 DNS for several years now, DoH works seemlessly here.
More for geographic means, than political ones, as an european I will check this opportunity.
Great piece of news.
I’m running a customized router (Fritzbox with Freetz) with dnsmasq on it. Put in OpenDNS and CCC as fallbacks against DNS blocking. This should be possible on all Linux systems. However the supposed altruism of free DNS providers is a bit sus too.
I use a paid-for NextDNS subscription. It allows you to enable various security features as well as (if you so wish) adblocking features. It also allows the user to choose where logs are stored, or even to entirely disable logs. Don’t know if I can trust them 100%, but their DNS servers have been more reliable for me than Quad9’s.
I’ve been using Quad9 for about 5 years in the US with 100% availability except for the worldwide DNS corruption problem a while ago that affected a lot more than Quad9.
Using YogaDNS on my desktop, Quad9 DNS servers often time out or drop connection. Nothing like this ever happens to me on Cloudflare, NextDNS or any other major provider. This is in the UK so no idea if that’s a local issue.