Login
Menu

9.9.9.9 DNS Explained: How Quad9’s Secure Resolver Blocks Threats

Every time you open a website, your device first asks a DNS resolver to translate the human-readable domain name into the numeric IP address your computer actually connects to. Most people never think about which resolver answers that question. 9.9.9.9 DNS is worth thinking about, because it does something most resolvers do not: it refuses to look up domains it knows to be dangerous.

The address `9.9.9.9` belongs to Quad9, a free public DNS resolver operated by a nonprofit foundation. Its defining feature is security. When your device queries Quad9 for a domain that appears on a threat-intelligence blocklist (known phishing, malware, or command-and-control sites), Quad9 simply does not return an answer. Your browser never gets the address, so the connection never happens.

This guide explains what `9.9.9.9` is, how its malware blocking actually works, how it compares to other public resolvers, and how to point your device or router at it in a few minutes.

Key Takeaways
9.9.9.9 is Quad9, a free public DNS resolver run by a nonprofit, focused on security and privacy.
• It blocks known-malicious domains at the DNS layer using threat intelligence, so phishing and malware sites fail to resolve before your browser connects.
• It does not log personal data that could identify you, which is its privacy stance.
• The secondary address is 149.112.112.112; both are free and require no account.
• It is a strong default for security-conscious users, families, and anyone wanting network-wide protection with near-zero effort.

What is 9.9.9.9 DNS?

`9.9.9.9` is the primary IP address of Quad9, a free public DNS resolver. A public DNS resolver is a service anyone on the internet can configure their device or router to use instead of the default resolver supplied by their internet provider. You point your settings at the resolver’s IP, and from then on it answers your DNS lookups.

Quad9 is run by the Quad9 Foundation, a Swiss-based nonprofit. That structure matters: the resolver is not funded by selling advertising or user data, which shapes both its privacy posture and its mission. The two pillars Quad9 emphasizes are security (blocking malicious domains) and privacy (not logging data that identifies you).

If you want a refresher on how name resolution works end to end before going deeper, the explainer covers the full lookup path.

What makes Quad9 different from a normal resolver?

A typical resolver, including the one your internet provider runs by default, is neutral. It will look up any domain you ask for, including one that hosts a phishing kit or distributes malware. It does the translation and stays out of your way.

Quad9 adds a security filter to that process. Before returning an answer, it checks the requested domain against threat-intelligence feeds. If the domain is flagged as malicious, Quad9 returns no answer (technically, an `NXDOMAIN`-style “this does not exist” response). The practical effect is that your device cannot reach the dangerous site, because it never receives the IP address it needs.

This is the part that surprises people: the protection is invisible and automatic. You do not install software, you do not change how you browse, and you do not see a warning screen. The threat is stopped one step earlier than antivirus or browser warnings typically catch it.

Here is the insight most “DNS is just a phonebook” explanations miss: a security resolver like `9.9.9.9` turns that phonebook into a bouncer. Because *every* connection your device makes begins with a DNS lookup, a resolver that refuses to look up known-malicious domains stops an entire class of threats, phishing, malware command-and-control, scam sites, at the very first step, before your browser ever opens a connection. You do not need to install anything or learn new habits. Just by pointing a device or router at a security-filtering resolver, you get malicious-domain blocking network-wide and automatically. It is one of the highest-leverage, lowest-effort security upgrades available, and it costs nothing. The phonebook simply will not hand you the address of a place known to be dangerous.

How does Quad9’s malware blocking actually work?

The mechanism is straightforward once you see the layers involved.

  1. Threat intelligence is collected. Quad9 partners with multiple cybersecurity threat-intelligence providers who maintain continuously updated lists of domains associated with malware, phishing, botnets, and other attacks.
  2. The blocklist is applied at the resolver. Those domains are loaded into Quad9’s resolver infrastructure. This is a DNS-layer block, not a browser plugin or an endpoint agent.
  3. Your query is checked in real time. When your device asks `9.9.9.9` to resolve a domain, the resolver checks it against the blocklist before responding.
  4. Malicious lookups are refused. If the domain is on the list, the resolver withholds the answer. Your device interprets the non-answer as “site unreachable,” and the connection attempt stops.

Because this happens at the DNS layer, the protection covers *every* application on the device, not just the web browser. An email client following a malicious link, a background process reaching out to a command-and-control server, a smart TV app, they all rely on DNS, so they all get filtered.

This is a different kind of protection than encryption or authentication. For more on hardening the lookup path itself, see .

How does 9.9.9.9 compare to other public DNS resolvers?

Several well-known public resolvers exist, and each emphasizes a slightly different priority. None is universally “best”; the right choice depends on what you value most. The table below summarizes how the major public resolvers position themselves.

Public resolver Primary IP Main emphasis What it is known for
Quad9 9.9.9.9 Security + privacy Blocks known-malicious domains via threat intelligence; nonprofit; no personal-data logging
Google Public DNS 8.8.8.8 Speed + reliability Large global infrastructure, consistent uptime, broad reach
Cloudflare 1.1.1.1 Speed + privacy Fast resolution and a strong privacy stance; optional filtering variants

The key distinction: Quad9 is the one that filters for security by default. The others prioritize raw performance and, in some cases, privacy, but they resolve malicious domains just like any neutral resolver unless you opt into a specialized filtering variant. If your goal is to add a security checkpoint without changing anything else about your setup, `9.9.9.9` is the resolver built around that goal.

A second comparison worth keeping in mind is the security-versus-neutrality trade-off:

Approach Resolves malicious domains? Best for
Security-filtering resolver (9.9.9.9) No, blocks them Default protection for households and security-conscious users
Neutral resolver Yes, resolves everything Users who want zero filtering and maximum reach

Is 9.9.9.9 free, and what are the addresses?

Yes, Quad9 is completely free, with no account, subscription, or sign-up required. It is funded as a public-benefit service by its nonprofit foundation and partner organizations.

You configure it using these addresses:

  • Primary (IPv4): `9.9.9.9`
  • Secondary (IPv4): `149.112.112.112`

The secondary address points to the same service and provides redundancy. Configuring both is recommended so that if one path is unreachable, your device automatically falls back to the other.

How do you set 9.9.9.9 on a device or router?

You can apply Quad9 to a single device or to your entire network through your router. Setting it on the router is the higher-leverage option, because every device that connects to that network, including phones, laptops, and smart-home gadgets, inherits the protection automatically.

On a single device (general steps):

  1. Open your network settings (Wi-Fi or Ethernet adapter properties).
  2. Find the DNS server configuration and switch it from “automatic” to manual.
  3. Enter `9.9.9.9` as the preferred DNS server and `149.112.112.112` as the alternate.
  4. Save and reconnect. The new resolver takes effect for that device.

On your router (network-wide):

  1. Log in to your router’s admin interface (usually a local address printed on the device).
  2. Locate the DNS settings, often under WAN, Internet, or DHCP configuration.
  3. Replace the existing DNS servers with `9.9.9.9` and `149.112.112.112`.
  4. Save and reboot the router if prompted.

The exact menu names vary by manufacturer; if you need the navigation specifics for your hardware, the walkthrough covers the common interfaces.

After switching, it is good practice to clear your device’s cached DNS entries so old lookups do not linger. The guide explains how on each operating system.

What are the trade-offs of using 9.9.9.9?

No resolver is perfect, and security filtering involves an honest trade-off worth understanding.

  • Occasional false positives. Threat-intelligence lists are accurate but not infallible. Very rarely, a legitimate site may be flagged, in which case it will fail to resolve until the listing is corrected. This is uncommon, but it is the cost of filtering anything at all.
  • Regional speed variation. Resolution speed depends on how close you are to a resolver’s nearest server location. In some regions `9.9.9.9` will be marginally faster or slower than an alternative. For most users the difference is imperceptible, but performance-obsessed users sometimes benchmark resolvers from their own location.
  • Not a complete security solution. DNS-layer blocking stops a large class of threats, but it does not replace endpoint protection, software updates, or careful judgment. It is a strong layer, not the only layer.

For the overwhelming majority of users, the trade is heavily favorable: a small, rare chance of a blocked legitimate site in exchange for automatic, network-wide blocking of malicious ones.

Who should use 9.9.9.9?

`9.9.9.9` is a particularly good fit for:

  • Security-conscious individuals who want a low-effort layer of protection on top of their existing tools.
  • Families and households where not everyone is equally cautious about links; the filtering protects every device without supervision.
  • Anyone who wants sensible defaults. If you do not want to think about DNS at all, pointing your router at a security-filtering resolver is a reasonable “set it and forget it” decision.

If you want absolute zero filtering, for example, you do security research and need to resolve malicious domains deliberately, a neutral resolver fits better. But for everyday browsing on home and family networks, the security default is the safer choice.

DarazHost and the other side of DNS. Choosing `9.9.9.9` is about the *resolver* your visitors use to find websites. There is a second side to DNS that matters if you run a site of your own: the authoritative DNS that answers when anyone, on any resolver, looks up *your* domain. DarazHost runs fast, reliable authoritative DNS for your hosted domains, the server side that responds to every lookup for your site, no matter which resolver the visitor is using. Our 24/7 support team can help you understand the difference between the resolver your visitors choose (like Quad9’s `9.9.9.9`) and the DNS that serves your domain, and make sure your hosting includes reliable, well-configured DNS from day one. To see how resolvers and authoritative DNS fit together across the whole lookup path, read our complete guide to networking and DNS for hosting.

Frequently asked questions

Is 9.9.9.9 safe to use? Yes. `9.9.9.9` is Quad9, a resolver operated by a nonprofit foundation specifically to improve safety. It blocks known-malicious domains and does not log data that identifies you. It is widely used as a security-focused default.

Does Quad9 slow down my internet? For most users, no noticeable difference. DNS resolution is a tiny part of the connection process, and Quad9 maintains servers in many regions. Speed varies slightly by location, but the security checking does not meaningfully delay normal browsing.

Will 9.9.9.9 block legitimate websites? Very rarely. The blocklist targets domains tied to malware, phishing, and similar threats. False positives are uncommon, and if a legitimate site is mistakenly flagged, the listing can be corrected. The benefit of blocking real threats outweighs the rare inconvenience for most people.

What is the difference between 9.9.9.9 and 8.8.8.8? `9.9.9.9` is Quad9, which emphasizes security by blocking malicious domains and protecting privacy. `8.8.8.8` is Google Public DNS, which emphasizes speed and reliability and resolves all domains without security filtering by default.

Do I need an account or to pay for Quad9? No. Quad9 is free and requires no account or sign-up. You simply set `9.9.9.9` and `149.112.112.112` as your DNS servers on a device or router.

About the Author
Ravi Subramanian

Leave a Reply