Our Secure with ECS Support service is similar to our Recommended service but with added support for EDNS Client Subnet (ECS). This service protects our users using the following features:
Quad9's Blocklist - At Quad9, we block “malicious” domains, which in some way, are intended to directly lead to behavior or results that a reasonable end user would consider detrimental (e.g. malware, phishing, spyware, and botnets). Users will receive an “NXDOMAIN” response if a site is blocked; the end user system acts as if the domain does not exist.
DNSSEC - DNSSEC secures DNS by making sure that the authorized name server that is providing answers is indeed the server that is designated and allowed to provide answers for that domain. For more information on what DNSSEC is and why it is important, we recommend reading the following post from ICANN: https://www.icann.org/resources/pages/dnssec-what-is-it-why-important-2019-03-05-en
EDNS Client Subnet (ECS) - Allows Quad9 to send a portion of your IP address to the authoritative name server of the domain you are attempting to reach and enables the delivery of content based on your geolocation. More information on ECS can be found here.
Encryption - At Quad9 we believe user privacy is of the utmost importance so all services support the use of the following encrypted protocols: DNS over TLS (DoT), DNS over HTTPS (DoH), and DNSCrypt.
Configuration details for Quad9's Secure with ECS Support service are below:
IPv4 Primary - 220.127.116.11
IPv4 Secondary - 18.104.22.168
IPv6 Primary - 2620:fe::11
IPv6 Secondary - 2620:fe::fe:11
DoT - dns11.quad9.net
DNSCrypt - TBA