[Update 2019-04-07: While Quad9 is still a good option, you should check out Cloudflare’s 1.1.1.1 service which will come with a new free VPN service called Warp.]
Evading malware can be difficult these days. The bad guys are very clever and surfing the Internet involves several complicated technologies. Software is rife with bugs and traps are ready and waiting for any slip-up you might make. I posted a detailed article on choosing the most secure web browser setup recently that you should have a look at, but today I’m going to talk about something much simpler and more fundamental: choosing your Domain Name Service, or DNS.
Brief Overview of Internet Routing
Whenever you type in a web address like “google.com” or “amazon.com”, you are giving your web browser a domain name. Domain names are easy for humans to remember, but the Internet actually routes traffic based on IP addresses. So the very first thing your web browser does is convert that domain name to an IP address using a Domain Name Service. Your DNS provider is usually just given to you by your Internet Service Provider (ISP) like Comcast, Spectrum, or Verizon. Though you can choose whatever service you want, most people never change the default.
Enter Quad9
A new DNS provider called Quad9 has been created by a consortium of concerned companies, including law enforcement, in an effort to stem the tide of malware and botnets. This non-profit organization was founded not only to enhance security but also to protect privacy. (There’s still a long way to go before it’s totally private, though). Quad9 will actively block your web browser, your apps, and even Internet-connected devices from talking to known-bad servers, using a list that is updated multiple times per day. This can save you from phishing sites, malvertising, and botnet control servers. It’s important to note that this service will not perform any other filtering. That is, it’s specifically avoiding censorship issues and focusing solely on evading malware.
Evading Malware using DNS
To use the Quad9 service, you just need to change a simple setting on your computer, and the Quad9 web site has two videos to help you do it (one for Mac, one for Windows). If you want to kick it up a notch, you can set your DNS service right on your home’s router to use 9.9.9.9 (four 9’s, or “quad” 9). Most devices will defer to the router’s choice of DNS provider by default. But you can effectively change this setting for every device on your home network in one fell swoop.
Need practical security tips?
Sign up to receive Carey's favorite security tips + the first chapter of his book, Firewalls Don't Stop Dragons.
Don't get caught with your drawbridge down!