PDA

View Full Version : change DNS settings for a safer more secure mac and pc



macgig
12-03-2017, 02:32 PM
https://quad9.net/#/

I asked my cyber security instructor/expert if this quad 9 is a good idea and is safe. he said yes.

Just wanted to share this info. :)

mrplow
12-04-2017, 05:02 AM
It's certainly a sound idea.

There's a good article on it here:
https://arstechnica.com/information-technology/2017/11/new-quad9-dns-service-blocks-malicious-domains-for-everyone/?comments=1

I'd like to see a little me info on the service and a little more clarification around privacy and data retention but it looks promising.

chscag
12-04-2017, 05:22 PM
As I pointed out in another post regarding Quad 9.... it's easy enough to change over to it and try it out. Google's 8.8.8.8 does not provide the same safety net as Quad 9 does, privacy or no privacy.

As "mrplow" points out, more information on privacy (tracking) and keeping your data in the cloud would be helpful. I'm rather doubtful though that any DNS service can keep your privacy "private" along with your data. Maybe I'm being pessimistic. :\

Cr00zng
12-05-2017, 09:44 AM
It's certainly a sound idea.

There's a good article on it here:
https://arstechnica.com/information-technology/2017/11/new-quad9-dns-service-blocks-malicious-domains-for-everyone/?comments=1

I'd like to see a little me info on the service and a little more clarification around privacy and data retention but it looks promising.
Agreed, it looks promising, but...

I'd like to see more clarification about the "gold list"... Quote from the ArsTech article:


There's also a "gold list"—domains that should never be blocked, such as major Internet service sites like Microsoft's Azure cloud, Google, and Amazon Web Services. "We do realize that docs.google.com is hosting phishing attacks," Baykal said. "But because this is DNS filtering, we cannot block that URL specifically. And we don't ever want to completely block Google."
So, it's a OK for companies on the gold-list spreading malware, but it's not OK for others?:Smirk: If I am a hacker, guess where I'll have my malware distributed from? :Angry:

And if you think about this a bit, the Quad9 DNS service is the same as the AV protection in some respect. Both of them will protect you against known exploits, but it does nothing against new ones.

</tinfoil-hat on>
What if the Quad9 DNS server blocks access to legitimate sites, such as foreign news companies sites, "alt-right"/"alt-left" sites, religious sites, etc.,? Or worse, it redirects to other websites...
</tinfoil-hat off>

There are questions, but I give them credit for doing something about malware, or at least they try...