Can anyone vouch for the quality and privacy help that Quad9 provides as a service? I was looking into it and I’m still wondering if it’d be any good for Arch.
1 Like
I have to say that I don’t know anything about this service (in fact hadn’t even heard it before), so can’t say much about it.
Switzerland however, even though in Europe, is not part of EU. This means that they are not part of GDPR agreement for example, they have their own for that matter. Quad9 seems to be GDPR compliant however.
But that’s all I can say about it. 
Not that I have performed an exhaustive review ..
But Quad9 sits along with the other alternative DNS resolvers that at least purport to care about user privacy. It might also be noted that Quad9 provides multiple servers and features so those should be part of the consideration as well.
PS.
Quad9 is one of the resolvers included and tested when using dnsdig;
Quad9 is, as far as one can check, not protocolling you, which is quite good, and the servers are very reliable and answer fast. Also, there is a variant with some malware / ad blocking lists directly set on server, if you like that. Mike Kuketz, one of the more prominent data protection bloggers and experts, is setting it on his recommended list, but in second tier, as they are not proactively censoring, but will block domain resolution if they are forced by law. They have a blocked domain identification service, so you can check even if they are not allowed to tell about a blocking order.
I use them currently on my pi-hole, though I am thinking about switching it to digitalcourage, soon. The latter has to be added manually, I am a bit lazy 
2 Likes
Are these DNS providers meant to be used on a Pi-Hole? I’m hoping to keep one on a laptop.
No, no worries, go ahead and use them. They are just another DNS services, like google and cloudflare, but with way better track record regarding privacy and main servers in Europe, as well as this variant, where they filter malwar and ad services on their dns servers. You can use them on your laptop, just in your browser or even your router - any way you see fit 
In my case, I am just using pi-hole as I am quite paranoid about tracking and ads and want to have to set it just once in my network. I have e.g. an iPad, and you do not want to know how many times a day this little thing tries to ping the icloud services (I am not using)
1 Like
DNS resolvers are meant to be used anywhere you might be able to set one.
This can be on router or laptop or even for a singular application.
If we take your linux system alone there are multiple ways to do it - from NetworkManager to systemd-resolved, depending on the makeup of the system involved.
It might also be mentioned that most modern browsers (like FF and Chromium) will not respect these settings because they do their own DNS resolving which needs to be disabled in order for the system DNS configuration to matter.
I have an Asus router which offers some options for DNS resolution among which Quad9 that I use (9.9.9.9 and149.112.112.11).
I am afraid I don’t have much more to say about it than what already has been mentioned.
Quad9 seems to be among the recommendations from people in-the-know of security and privacy stuff. So in them I trust 
1 Like
Quad9 is…Okey(speed wise) …but thy folded once and handed over all info about users so…. Trusted DNS? No.
I used them before that happened nor since.
You can find that story if you search.
You’re going to need to be clearer than that @SCORPION2000, with a link or something. I’ve not yet found anything to support your claim.
2 Likes
According to their transparency report they have not handed over any data since 2017 (quad9 was founded May 2016). And furthermore they do not store any personal data which they could hand over:
Quad9 does not store any personal information about transactions and, for clarity, has obtained a confirmation of exception from any such requirements under Swiss law.
Please give more details about what you believe quad9 did wrong.
1 Like
Not only browsers, certain smartphone do this as well.
The only solution is a firewall which blocks and reroutes every dns locally, the deactivation of all encrypted dns locally and the usage of a local resolver. I use opnsense for ecactly that.
The issue with Quad9 will be when we use secure DNS service in browser and try to access services which are hosted on cloudflare or other hosting services. Then we run into issues. Asking us to prove that we are humans and so on.
Most of these DNS service providers, especially Cloudflare and Google do harvest DNS queries to build profiles and also to tune their algorithms.
About Quality, in terms of speed and response time, Quad9 is not that good as Cloudflare (1.1.1.1) and Google DNS Resolvers (8.8.8.8). It is not bad, it is decent.
In terms of privacy I cannot definitely say whether Quad9 is better. But yeah it does appear to be better than Google DNS servers and Cloudflare ones.
If you are worried about privacy, then I would suggest the following. Use two different browsers, one for Google/Microsoft services and the other for everything else. Ideally one browser should be based on Webkit/Blink and the other on Gecko. In both the browsers install fingerprint blocker or fingerprint obfuscator. And in both the browsers use different secure DNS service providers, not your ISP one. Do not share login from Google/Microsoft across the browser.
For paranoia, use tor or vpn + tor. And if you have access to paid vpn then keep on hopping servers across different geography every day. Do not use free vpn services or those which come bundled with AntiVirus/Security suites. Stay away and dont use any Meta products or services like Faceboot/Insta/etc.
I do my own DNS speedtest with dnsperf:
google 8.8.8.8:
Queries sent: 1000
Queries completed: 999 (99.90%)
Queries lost: 1 (0.10%)
Response codes: NOERROR 981 (98.20%), SERVFAIL 4 (0.40%), NXDOMAIN 14 (1.40%)
Average packet size: request 31, response 67
Run time (s): 4.422102
Queries per second: 225.910664
Average Latency (s): 0.060718 (min 0.009491, max 4.026796)
Latency StdDev (s): 0.201432
cloudflare 1.1.1.1
Queries sent: 1000
Queries completed: 1000 (100.00%)
Queries lost: 0 (0.00%)
Response codes: NOERROR 983 (98.30%), SERVFAIL 3 (0.30%), NXDOMAIN 14 (1.40%)
Average packet size: request 31, response 67
Run time (s): 4.275797
Queries per second: 233.874527
Average Latency (s): 0.092707 (min 0.011488, max 3.908059)
Latency StdDev (s): 0.228740
quad9 9.9.9.9
Queries sent: 1000
Queries completed: 995 (99.50%)
Queries lost: 5 (0.50%)
Response codes: NOERROR 969 (97.39%), SERVFAIL 3 (0.30%), NXDOMAIN 23 (2.31%)
Average packet size: request 31, response 66
Run time (s): 2.355718
Queries per second: 422.376532
Average Latency (s): 0.090895 (min 0.006747, max 1.944526)
Latency StdDev (s): 0.187312
Latency is all around 0.06-0.09 s; queries per second is best for quad9. In a nutshell I would say, speed wise you can not tell the difference in real life between all three.
If you are looking for data privacy optimized DNS Services with similar good performance I can recommend a good read:
Its in german but the list of recommended DNS Server is good to understand even if you do not speak german. quad9 and cloudflare are on that list too.
EDIT
I am currently using the new DNS4EU servers in combination with my pihole:
2 Likes
Please provide source! Like @Bink, neither I have I found some information attesting to what you are asserting.
I vaguely remember this, IIRC, it’s why they stopped logging anything. No data to hand over. Maybe it wasn’t quad9.
Quad9 is solid for me, I have been using their DNS servers for years now, especially for the malware blocking (where they usually rank among the best).
Their privacy policy is also pretty good and they have always been transparent about any issues so far (e.g. when they are ordered to block sites by courts etc.).
As far as the performance goes, you will have to test that yourself since this depends heavily on the country you are in, how many servers they have in that country and how your ISP is routing your traffic to their servers.
A good overview for privacy focused DNS providers (and other good recommendations):
1 Like
Please provide a source for this.
This is the first time I am reading anything like this and I also can’t find anything that would add credibility to this claim.
Is this something like the “Proton is a honeypot” situation again?
I read about DNS4EU at Kuketz, it is on my shortlist as new DNS on my pi-hole, too. Would love some comparison and real life experience before starting with it. As I am not a Linux buff and still making loads of mistakes in my configurations, I played it safe and used currently one of the “clickable” options there (I had to rebuild my pi-hole for a reason *coughs), where Quad9 seems to be the most sensible from Kuketz list you linked, as it is somewhat an honorable mention if you know the high standards Mike has. Hope this is not too off-topic, though
You may be interested to have a look at Mullvad’s DNS resolvers as well:
To MY knowledge they haven’t been “caught red handed” handing over users’ information to any entities.
I use theirs on an Android device and I am pretty content with the result so far.
For further research, perhaps: https://dnscrypt.info/public-servers/