November 16, 2017 By Jim Brennan 3 min read

IBM has long advocated for strong and innovative means to enhance privacy and data protection, and we are pleased to announce our latest investment in privacy-enhancing technology with the new Quad9 Domain Name System (DNS) offering. Created in collaboration with Packet Clearing House (PCH) and the Global Cyber Alliance (GCA), Quad9 goes far beyond standard DNS name resolution, with four key areas of focus.

  • Privacy: Unlike many other DNS services, Quad9 makes use of aggregated data, but by design does not store, correlate or otherwise employ any personally identifiable information (PII). Quad9 does not and never will share any of its data with marketers, nor will it use this data for demographic analysis.

  • Security: Quad9 makes security a chief priority to deliver superior protection against cybercrime networks and malware, integrating security analysis from individual machines’ DNS queries to global trends.

  • Scalability: Quad9 leverages PCH’s long history of providing highly robust DNS back-end infrastructure, including over 160 points of presence around the world.

  • Ease of use: Administrators can easily configure endpoint devices to point to the Quad9 DNS server at address

Commitment to Collaborative Defense

Building on our investment in collaborative defense with this new offering, IBM is teaming with two well-established nonprofits committed to a shared vision of a private, secure internet. PCH is a nonprofit entity responsible for providing operational support and security for internet infrastructure, including the core of DNS, with crucial coordination tasks for internet exchange (peering) points. PCH also operates a critical infrastructure protection hotline communications system that links thousands of network operation centers and computer emergency response teams (CERTs).

The Global Cyber Alliance, a nonprofit coalition founded by a partnership of law enforcement and research organizations, is dedicated to addressing cyber risk across borders and industries. Its focus is on concrete actions and measurable change.

Why DNS Matters

Every data transaction on the internet requires a link between originating and receiving endpoints, like a user seeking a website. Humans need a human-friendly URL, but that has to be translated into the machine-readable numeric equivalent. These internet data transactions are underpinned by domain name translation, using servers and software that rely on a distributed, trust-based system that comprise the DNS system.

It’s not just the named URLs that companies and internet users employ that use DNS services. By 2025, there will be 80 billion internet-connected, or Internet of Things (IoT), devices in homes and offices. End users aren’t able to update these devices as software misconfigurations and vulnerabilities are discovered without help from the manufacturer, so employing secure connection at the DNS level can help prevent the devices from being used for nefarious purposes.

Since the DNS servers themselves can’t tell the difference between a data packet with malicious intent and an innocent data packet checking last night’s sports scores, advanced analytics need to be implemented to identify and block the malicious traffic, as in the case of Quad9. Known malicious domains are identified through threat intelligence from IBM X-Force Exchange. Advanced analytics are performed on IP addresses to assign a risk score based on text, visual object recognition, optical character recognition (OCR), structure and linkages to other sites, and the presence of suspicious files to identify malicious IPs.

Make the Change to Quad9

DNS servers are typically assigned by your internet provider or IT department, and both consumers and businesses can make a simple change to the Dynamic Host Configuration Protocol (DHCP) to route DNS traffic through Quad9 without requiring end users to make any changes. Quad9 is and will remain freely available to anyone who wants to use it.

Visit the Quad9 website for details and videos on how to make the change to a safer, more private internet browsing experience.

Learn More About Quad9

More from Network

Databases beware: Abusing Microsoft SQL Server with SQLRecon

20 min read - Over the course of my career, I’ve had the privileged opportunity to peek behind the veil of some of the largest organizations in the world. In my experience, most industry verticals rely on enterprise Windows networks. In fact, I can count on one hand the number of times I have seen a decentralized zero-trust network, enterprise Linux, macOS network, or Active Directory alternative (FreeIPA). As I navigate my way through these large and often complex enterprise networks, it is common…

Easy configuration fixes can protect your server from attack

4 min read - In March 2023, data on more than 56,000 people — including Social Security numbers and other personal information — was stolen in the D.C. Health Benefit Exchange Authority breach. The online health insurance marketplace hack exposed the personal details of Congress members, their families, staff and tens of thousands of other Washington-area residents. It appears the D.C. breach was due to “human error”, according to a recent report. Apparently, a computer server was misconfigured to allow access to data without proper…

X-Force identifies vulnerability in IoT platform

4 min read - The last decade has seen an explosion of IoT devices across a multitude of industries. With that rise has come the need for centralized systems to perform data collection and device management, commonly called IoT Platforms. One such platform, ThingsBoard, was the recent subject of research by IBM Security X-Force. While there has been a lot of discussion around the security of IoT devices themselves, there is far less conversation around the security of the platforms these devices connect with.…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today