DNS resolver 9.9.9.9 will check requests against IBM threat database

Group Co-founded by City of London Police promises 'no snooping on your requests'

125 Reg comments Got Tips?

The Global Cyber Alliance has given the world a new free Domain Name Service resolver, and advanced it as offering unusually strong security and privacy features.

The Quad9 DNS service, at 9.9.9.9, not only turns URIs into IP addresses, but also checks them against IBM X-Force's threat intelligence database. Those checks protect agains landing on any of the 40 billion evil sites and images X-Force has found to be dangerous.

The Alliance (GCA) was co-founded by the City of London Police, the District Attorney of New York County and the Center for Internet Security and styled itself "an international, cross-sector effort designed to confront, address, and prevent malicious cyber activity."

IBM's helped the project in two ways: back in 1988, Big Blue secured the 9.0.0.0/8 block of 16 million addresses, which let it dedicate 9.9.9.9 to the cause.

The Alliance, which oversees the initiative, said the other partner, Packet Clearing House, gave the system global reach via 70 points of presence in 40 countries.

It claimed users wouldn't suffer a performance penalty for using the service, but added it plans to double the Quad9 PoPs over the next 18 months.

GCA, which did the development work, also coordinated the threat intelligence community to incorporate feeds from 18 other partners, “including Abuse.ch, the Anti-Phishing Working Group, Bambenek Consulting, F-Secure, mnemonic, 360Netlab, Hybrid Analysis GmbH, Proofpoint, RiskIQ, and ThreatSTOP.”

The organisation promised that records of user lookups would not be put out to pasture in data farms: “Information about the websites consumers visit, where they live and what device they use are often captured by some DNS services and used for marketing or other purposes”, it said. Quad9 won't “store, correlate, or otherwise leverage” personal information.

Google makes the same promise for its 8.8.8.8 DNS service, saying: “We don't correlate or combine information from our temporary or permanent logs with any personal information that you have provided Google for other services.” However, most home users accept the default configuration for their ISP, each of which will have its own attitude to monetising user data.

GCA also said it hoped the resolver would attract users on the security-challenged Internet of Things, because TVs, cameras, video recorders, thermostats or home appliances “often do not receive important security updates”.

If you're one of the lucky few whose ISP offers IPv6, there's a Quad9 resolver for you at 2620:fe::fe (the PCH public resolver). ®

SUBSCRIBE TO OUR WEEKLY TECH NEWSLETTER


Keep Reading

There are DDoS attacks, then there's this 809 million packet-per-second tsunami Akamai says it just caught

Bank on the receiving end of massive 418Gbps traffic barrage

Stuffing nonsense: Persistent cyberpunks are pummelling banks' public APIs, warns Akamai

Security biz clocked 55 million malicious login attempts on a client

Singapore’s mega-investment firm Temasek joins Facebook’s Libra cryptocurrency effort

To facilitate global payments, which is surely of interest to an investor in Alibaba

Watch your MANRS: Akamai, Amazon, Netflix, Microsoft, Google, and pals join internet routing security effort

Filtering, anti-spoofing, coordination, validation to prevent crooks, spies hijacking victims' connections

Dear hackers: If you try to pwn a website for phishing, make sure it's not the personal domain of a senior Akamai security researcher

Exclusive Crooks fail to hijack infosec bloke's site to dress it up as a legit Euro bank login page

Euro ISP club: Sure, weaken encryption. It'll only undermine security for everyone, morons

UK, Oz and US pleas to Facebook given short shrift

'Unfixable' boot ROM security flaw in millions of Intel chips could spell 'utter chaos' for DRM, file encryption, etc

Although exploitation is like shooting a lone fish in a tiny barrel 1,000 miles away

Fake docs rock real docs: Ex-Wall St guy accused of conning medics out of £27m for bogus cryptocurrency fund using faked paperwork

He spent the dosh on himself rather than invest it as promised, prosecutors claim

Biting the hand that feeds IT © 1998–2020