IBM has long advocated for strong and innovative means to enhance privacy and data protection, and we are pleased to announce our latest investment in privacy-enhancing technology with the new Quad9 Domain Name System (DNS) offering. Created in collaboration with Packet Clearing House (PCH) and the Global Cyber Alliance (GCA), Quad9 goes far beyond standard DNS name resolution, with four key areas of focus.
Privacy: Unlike many other DNS services, Quad9 makes use of aggregated data, but by design does not store, correlate or otherwise employ any personally identifiable information (PII). Quad9 does not and never will share any of its data with marketers, nor will it use this data for demographic analysis.
Security: Quad9 makes security a chief priority to deliver superior protection against cybercrime networks and malware, integrating security analysis from individual machines’ DNS queries to global trends.
Scalability: Quad9 leverages PCH’s long history of providing highly robust DNS back-end infrastructure, including over 160 points of presence around the world.
Ease of use: Administrators can easily configure endpoint devices to point to the Quad9 DNS server at address 126.96.36.199.
Commitment to Collaborative Defense
Building on our investment in collaborative defense with this new offering, IBM is teaming with two well-established nonprofits committed to a shared vision of a private, secure internet. PCH is a nonprofit entity responsible for providing operational support and security for internet infrastructure, including the core of DNS, with crucial coordination tasks for internet exchange (peering) points. PCH also operates a critical infrastructure protection hotline communications system that links thousands of network operation centers and computer emergency response teams (CERTs).
The Global Cyber Alliance, a nonprofit coalition founded by a partnership of law enforcement and research organizations, is dedicated to addressing cyber risk across borders and industries. Its focus is on concrete actions and measurable change.
Why DNS Matters
Every data transaction on the internet requires a link between originating and receiving endpoints, like a user seeking a website. Humans need a human-friendly URL, but that has to be translated into the machine-readable numeric equivalent. These internet data transactions are underpinned by domain name translation, using servers and software that rely on a distributed, trust-based system that comprise the DNS system.
It’s not just the named URLs that companies and internet users employ that use DNS services. By 2025, there will be 80 billion internet-connected, or Internet of Things (IoT), devices in homes and offices. End users aren’t able to update these devices as software misconfigurations and vulnerabilities are discovered without help from the manufacturer, so employing secure connection at the DNS level can help prevent the devices from being used for nefarious purposes.
Since the DNS servers themselves can’t tell the difference between a data packet with malicious intent and an innocent data packet checking last night’s sports scores, advanced analytics need to be implemented to identify and block the malicious traffic, as in the case of Quad9. Known malicious domains are identified through threat intelligence from IBM X-Force Exchange. Advanced analytics are performed on IP addresses to assign a risk score based on text, visual object recognition, optical character recognition (OCR), structure and linkages to other sites, and the presence of suspicious files to identify malicious IPs.
Make the Change to Quad9
DNS servers are typically assigned by your internet provider or IT department, and both consumers and businesses can make a simple change to the Dynamic Host Configuration Protocol (DHCP) to route DNS traffic through Quad9 without requiring end users to make any changes. Quad9 is and will remain freely available to anyone who wants to use it.
Visit the Quad9 website for details and videos on how to make the change to a safer, more private internet browsing experience.