Two new DNSSEC-validating DNS services launched

In recent weeks, two new DNS services for the general public have been launched, and both support DNSSEC validation.

The first is Quad9Link opens in new tab, an industry consortium established by IBM, PCHLink opens in new tab and a long list of ICT security companiesLink opens in new tab. Given the consortium's membership, it's no surprise that the service places particular emphasis on blocking referrals to domain names associated with abuse. Quad9 says that all query/response information will be retained classified not by IP address but on the basis of geolocationLink opens in new tab and shared with participantsLink opens in new tab.

The second new DNS service is 1.1.1.1Link opens in new tab, an initiativeLink opens in new tab by CDNLink opens in new tab provider CloudflareLink opens in new tab and APNICLink opens in new tab, the IP address administrator for the APAC region. The service is aimed explicitly at end users, with privacy protection as its central featureLink opens in new tab.

Manuals are available here [1Link opens in new tab, 2Link opens in new tab] for configuring a resolver running UnboundLink opens in new tab and configuring the 1.1.1.1 service on, respectively, Raspberry PiLink opens in new tab and the OpenWrt platformLink opens in new tab. Those mini-systems are therefore now part of the same family as the Valibox, a device that lets end users immediately enable end-to-end DNSSEC validation on their wireless home/office networks.

Google's Public DNS and OpenDNS

With the new DNS services up and running, there are now two DNSSEC-validating alternatives to Google's Public DNSLink opens in new tab, which (temporarily) logs users' IP addressesLink opens in new tab, for example.

The fourth major public DNS service is OpenDNSLink opens in new tab, a commercial service now under the Cisco umbrella, which doesn't support DNSSEC validation.