As the name implies, our Secure service provides a variety of security and privacy options for our users. Our Secure service is currently the same as our Recommended service in every way other than their configuration details. The existence of this service allows us to roll out new features to our recommended service but preserves a service with only the following features for users who do not wish to have the new features:
Quad9's Blocklist - At Quad9, we block “malicious” domains, which in some way, are intended to directly lead to behavior or results that a reasonable end user would consider detrimental (e.g. malware, phishing, spyware, and botnets). Users will receive an “NXDOMAIN” response if a site is blocked; the end user system acts as if the domain does not exist.
DNSSEC - DNSSEC secures DNS by making sure that the authorized name server that is providing answers is indeed the server that is designated and allowed to provide answers for that domain. For more information on what DNSSEC is and why it is important, we recommend reading the following post from ICANN: https://www.icann.org/resources/pages/dnssec-what-is-it-why-important-2019-03-05-en
Encryption - At Quad9 we believe user privacy is of the utmost importance so all services support the use of the following encrypted protocols: DNS over TLS (DoT), DNS over HTTPS (DoH), and DNSCrypt.
Configuration details for Quad9's Secure service are below:
IPv4 Primary - 220.127.116.11
IPv4 Secondary - 18.104.22.168
IPv6 Primary - 2620:fe::9
IPv6 Secondary - 2620:fe::fe:9
DoT - dns9.quad9.net
DNSCrypt - quad9-doh-ip4-filter-pri & quad9-doh-ip6-filter-pri