By now everyone probably knows 8.8.8.8, Google's public DNS service which is as neutral as possible... except they collect your data and you implicitely agree to it merely by using it.

Project Quad9 aims to reduce the global spreading of malware by making sure your computer can't communicate with servers that are known to host malware, botnets, and other baddies. So, unlike Google it's not neutral - in that you may get an error on a domain that actually exists, but they don't collect your queries for advertising purposes. If you wish to use it, all you need to do is set your DNS to 9.9.9.9, they have servers all over the world already to make sure access is fast for everyone (if anyone wants to use it, let us know if it's as fast as Google's service).

What do you think about this idea? Will it have an impact on malware spread worldwide?



Source: Arstechnica

 

[pandavova]

I will try it.
I have nothing to do, so why not?

 

[BetaXenon]

So, DNS has nothing to do with the blocked sites?

There is many methods of various effectivity how your Internet Provider can block site access, and blocking addresses on their own DNS server (address of which you can receive automatically) is one of such methods, simple change on other DNS helping in most cases if there is such block.
Also note that many public DNS server have list that they block because their country (of location) law says so.
But DNS is the service that helping you to find path to the needed sites.

This same sites can also require you to live in "whitelisted" country or your Internet Provider can, basically, commit "man-in-the-middle"-type attack to block you if you are directly connect to some site that they forced to restrict access by government (it's a thing in Russian Federation, and some other countries), in this case VPN (or less secure proxy) is your friend, since in this case you are connecting to VPN server (or proxy), and from here thing out of control of your Internet Provider.

 

[Deleted User]

The only thing this will affect is the low-threat spammy stuff. The problem with relying on your DNS server to filter out the bad stuff is... you have to have made a DNS query in the first place. Referring to a node by IP is going to be completely unaffected, botnets will likely see zero impact.

 

[ATofix]

I already have a anti virus program called McFee Internet security or something like that. Is it worth changing the DNS still?

--------------------- MERGED ---------------------------

I mean, to be honest, watching porn is common behavior in any country.

But guns, yeah, that's cause for concern in places like the US.

I'm like that one guy who don't watch porn on this site arn't I? Darn morals.

 

[codezer0]

Anyone have some experience with this DNS setup, or tried it out? how well is it holding up?

 

[Deleted User]

I'm like that one guy who don't watch porn on this sire arn't I? Darn morals.

I don't watch porn either, in all honesty. It's just that I'm positive almost everyone else on the internet has.

besides, hentai is better

 

[hyperzlib]

Nothing can stop you from watching porn.

But the GFW can

 

[wolfmankurd]

This is a nice idea but flies too close to limiting access to information. The UK already blocks access to websites it doesn't agree with, May has her sights set on porn sites.

Scary stuff.

 

[aSpookyNinja]

By now everyone probably knows 8.8.8.8, Google's public DNS service which is as neutral as possible... except they collect your data and you implicitely agree to it merely by using it.
So, unlike Google it's not neutral - in that you may get an error on a domain that actually exists, but they don't collect your queries for advertising purposes. If you wish to use it, all you need to do is set your DNS to 9.9.9.9, they have servers all over the world already to make sure access is fast for everyone (if anyone wants to use it, let us know if it's as fast as Google's service).

The Global Cyber Alliance (GCA)—an organization founded by law enforcement and research organizations to help reduce cyber-crime—has partnered with IBM and Packet Clearing House to launch a free public Domain Name Service system.

Packet Clearing House is known for providing tools for network analysis. Google is more of a chaotic neutral, while Quad9 is along the lines of neutral evil.

 

[TeamScriptKiddies]

Anyone have some experience with this DNS setup, or tried it out? how well is it holding up?

Been using it since the announcement here on GBAtemp and I gotta say, I'm pretty impressed with the results so far. No issues accessing any of the sites I normally browse, but to test the waters, I took it upon myself to click some sketchier links on google searches to see that the DNS server did in fact block them. Of course nothing is 100% full proof, but its an extra layer of security that certainly can't hurt, especially if you have others in the house that aren't very tech savvy and might click on things they really shouldn't. For those wondering, if you do decide to use this DNS server, you SHOULD use it in conjunction with a proper firewall and antivirus as it only blocks "known bad domains" so as new ones pop up, its not going to recognize and block them right away. Also its not going to protect you from botnets and other things of that nature. I also set up google's DNS as a secondary in case Quad9 goes down for any reason so I don't lose web access and have to fiddle with my DNS settings to get it back....