跳转到内容

Quad9

本页使用了标题或全文手工转换
维基百科,自由的百科全书
Quad9
成立时间2016年5月11日,​9年前​(2016-05-11
创始人Packet Clearing House英语Packet Clearing House
IBM
Global Cyber Alliance
SWITCH英语SWITCH Information Technology Services
创始地伯克利
类型公益性非营利基金会
法律地位foundation[*]
总部苏黎世 编辑维基数据
地址
服务地区全球
员工数12
目标互联网隐私计算机安全
网站www.quad9.net 编辑维基数据链接

Quad9是一个全球公共递归DNS解析器,旨在保护用户免受恶意软件网络钓鱼的侵害。Quad9由Quad9基金会运营,该基金会是一个瑞士公益性非营利基金会,旨在改善互联网用户的隐私网络安全,总部设在瑞士苏黎世[1]Quad9完全受瑞士信息隐私法英语Information_privacy_law的约束,瑞士政府将其法律保护范围扩展至全球的Quad9用户,无论其公民身份或居住国。[2]

安全与隐私

[编辑]

多项独立评估发现,Quad9在阻止恶意软件和网络钓鱼域方面较为有效(达97%)。[3][4][5][6]截至2021年6月,Quad9每天阻止超过1亿次恶意软件感染和网络钓鱼攻击。[7]

Quad9的恶意软件过滤是用户可选的选项。被过滤的域名并非由Quad9决定,而是由各种独立的威胁情报分析师使用不同的方法提供给Quad9。Quad9使用信誉评分系统来聚合这些来源,并从过滤列表中移除“误报”域名,但本身不向过滤列表中添加域名。[8][9][10]

Quad9是第一个使用基于标准的强加密技术来保护用户DNS查询隐私的服务,也是第一个使用DNSSEC加密验证来保护用户免受域名劫持的服务。[11][12][13][14]Quad9通过不保留或处理用户IP地址来保护用户隐私,因此符合欧盟《通用数据保护条例》规定。[15][16][17]

位置

[编辑]
截至2021年5月27日Quad9递归解析器位置地图
截至2021年5月27日Quad9递归解析器位置地图

截至2021年8月,Quad9递归解析器在六大洲106个国家的224个位置的服务器集群中运行。[18]

事件

[编辑]

索尼音乐禁令

[编辑]

2021年6月18日,Quad9接到汉堡地方法院的首例禁令通知,索尼音乐要求Quad9阻止解析一个域名,该域名本身不包含侵权材料,但包含指向其他侵权网站的链接。[19]这是版权所有者行业首次寻求强制递归DNS运营商阻止访问互联网域名,因此被认为是德国法律的一种新颖解释,并被认为是一个具有深远影响的先例案件。

Quad9总经理约翰·托德在新闻发布会上表示:“我们的捐助者支持我们保护公众免受网络威胁,而不是进一步丰富索尼”。德国互联网协会eco的法律专家托马斯·里克特(Thomas Rickert)评论道:“我无法想象一个提供商会比公共解析器运营商更远离任何非法域名的责任。” 汉堡地方法院裁定,Quad9不符合互联网服务提供商(ISP)和域名注册商等其他第三方中介机构通常享有的责任豁免权。[20][21][22]如果Quad9不遵守禁令,将面临每次“侵权”DNS查询25万欧元(或约298,356美元)的罚款,以及可能长达两年的监禁。[23]Quad9立即宣布将对禁令提出异议,并于6月24日宣布已聘请德国律师并正在提交反对意见。[24][25]

法院发言人表示,“仅采纳了申请方提出的陈述作为禁令的依据”,并且法院“相信申请方声称已发送的通知不仅已发送而且已送达接收方”。冲突第一周结束时,新闻注意到Quad9的捐款比前一周增长了900%。[26]

2021年8月31日,Quad9对禁令提出异议,指出索尼在法律论证中存在多处缺陷,但主要论点是互联网服务提供商(ISP)(实际上与侵权方有业务关系)被豁免第三方责任,尽管他们也运营DNS递归解析器,而将独立递归解析器排除在该豁免之外是对法律的误读。[27][28]

2023年12月5日,该诉讼被驳回,索尼被勒令支付法律纠纷的费用。[29]尽管法院裁决为终审判决,不可上诉,但索尼仍可通过对不予上诉许可提出申诉,之后他们将必须向德国联邦法院上诉该案件本身。

服务

[编辑]

Quad9在以下十二个IP地址上运行公共递归名称服务器。这些地址使用任播路由到最近的可用服务器。Quad9支持经由端口853的DNS over TLS[30]经由端口443的DNS over HTTPS[31]以及经由端口8443的DNSCrypt[32]

高安全 / 高隐私 高安全 / 中隐私 低安全 / 高隐私
域名过滤
DNSSEC验证
ECS英语EDNS_Client_Subnet呈递
经由DoH接入[33] https://dns.quad9.net/dns-query https://dns11.quad9.net/dns-query https://dns10.quad9.net/dns-query
经由DoT接入 dns.quad9.net dns11.quad9.net dns10.quad9.net
经由IPv4接入 9.9.9.9
149.112.112.112 		9.9.9.11
149.112.112.11 		9.9.9.10
149.112.112.10
经由IPv6接入 2620:fe::9
2620:fe::fe 		2620:fe::11
2620:fe::fe:11 		2620:fe::10
2620:fe::fe:10

参见

[编辑]

参考文献

[编辑]
  1. ^ Quad9 moves to Switzerland. ncsc.admin.ch. Swiss National Cyber Security Centre. 2021-02-17 [2021-05-27]. (原始内容存档于2023-06-27). Non-profit organisation Quad9 is relocating its headquarters to Zurich. 
  2. ^ Steiger, Martin. Quad9 Foundation – Recursive DNS Resolver in Switzerland / Applicability of Swiss and European Data Protection Law (PDF). steigerlegal.ch. Steiger Legal. 2021-02-18 [2021-05-27]. (原始内容 (PDF)存档于2021-05-27). Quad9 is entirely and fully subject to Swiss data protection law including the Swiss Federal Act on Data Protection (FADP) and its corresponding ordinance with regard to all data subjects, i.e., for all persons worldwide whose data is being processed by Quad9. Compliance with Swiss data protection law is subject to the independent supervision of the Swiss Federal Data Protection and Information Commissioner (FDPIC). Data subjects may file a complaint with the FDPIC regardless of their citizenship or country of residence. 
  3. ^ Reda, Julia. Quad9 in Störerhaftung – neue Rechtsunsicherheit für DNS-Resolver. Heise Online. 2021-08-30 [1 September 2021]. (原始内容存档于2024-01-06). Quad9 service is characterized by significantly increasing IT security compared to alternative, mostly commercial DNS services. Independent tests have determined that Quad9 filters over 97 percent of tested malware and phishing domains. 
  4. ^ Lawrence, Tom. DNS Malware Filtering Compared: Quad9 VS Cloudflare VS DNS Filter VS OpenDNS. lawrencesystems.com (Lawrence Systems). 2020-05-03 [2021-05-27]. Quad9: 97.16% effective, Cloudflare: 56.74% effective, OpenDNS: 9.22% effective 
  5. ^ Young, Andrew. Comparing Malware-blocking DNS Resolvers. andryou.com. Andryou. 2020-05-31 [2021-05-27]. (原始内容存档于2021-06-19). Quad9: 97.08% effective, Cloudflare: 56.20% effective, OpenDNS: 2.19% effective 
  6. ^ Kod, Skadlig. Malicious Site Filters on DNS. skadligkod.se. Skadlig Kod. 2020-05-02 [2021-05-27]. (原始内容存档于2024-08-02). Quad9: 96% effective, Cloudflare: 13% effective, OpenDNS: 46% effective 
  7. ^ Quad9: Witnesses Extensive Growth in Blocked DNS Strength. EaDnsKeep. 25 May 2021 [9 June 2021]. (原始内容存档于9 June 2021). Quad9 is currently seeing a new record-setting rate of approximately 60 million of these blocking events per day, representing a 600% year-over-year growth rate. During heavy “storms” of cybercrime venture, this volume has increased to over 100M events per day. 
  8. ^ Quad9 Partners. [1 September 2021]. (原始内容存档于2024-09-06). Quad9 partners with a large number of threat intelligence sources who provide up-to-the-minute data about domains that pose a threat because of malware, phishing, botnets, or other malicious activities. Quad9 uses vetted open-source threat data as well as donated information from commercial sources. 
  9. ^ Schmitt, Paul; Edmundson, Anne; Mankin, Allison; Feamster, Nick. Oblivious DNS: Practical Privacy for DNS Queries. Proceedings on Privacy Enhancing Technologies. 2019, 2019 (2): 228–244 [13 June 2021]. S2CID 44126163. arXiv:1806.00276可免费查阅. doi:10.2478/popets-2019-0028. (原始内容存档于13 June 2021). Quad9 provides both security and privacy features for DNS. Quad9 uses threat intelligence data at the recursive resolver to prevent a client from accessing a malicious site. This recursive resolver does not store or distribute the DNS data passing through. 
  10. ^ Jackson, Mark. DNS Providers May Be Forced to Block Internet Piracy Websites. ISPreview. 2021-06-21 [21 June 2021]. (原始内容存档于2023-02-03). The court also seemed to accept Sony’s argument that Quad9 already blocks problematic websites (e.g. those that contain malware – viruses, spyware etc.), despite that being a very different consideration. Quad9’s General Manager, John Todd, said: 'Quad9 derives its threat intelligence from qualified experts on malware and phishing, not from the claims of parties without relevant expertise. We would be unable to maintain our 98% success rate in blocking cyber-threats if we accepted input based on self-interested claims, rather than on forensics and expert analysis.' we could imagine that many more Rights Holders may rush to make use of this for similar websites. Naturally, Quad9 intends to appeal and so the battle is not yet over. 
  11. ^ New "Quad9" DNS service blocks malicious domains for everyone. Ars Technica. 16 November 2017 [2018-04-08]. (原始内容存档于2017-11-16). 
  12. ^ Bortzmeyer, Stéphane. Quad9, a Public DNS Resolver - with Security. labs.ripe.net. RIPE Labs. 2017-11-21 [2021-05-27]. (原始内容存档于2024-04-13). Last week, the new DNS resolver Quad9 has been announced. It is a public DNS resolver with the additional benefit that it is accessible in a secure way. There are other public DNS resolvers, but the link to them is not secure. This allows hijackings as well as third-party monitoring. The new Quad9 service on the other hand is operated by the not-for-profit Packet Clearing House (PCH), which manages large parts of the DNS infrastructure, and it allows access to the DNS over TLS. This makes it very difficult for third parties to listen in. And it makes it possible to authenticate the resolver. 
  13. ^ Woodcock, Bill. Statement by Bill Woodcock, chairman of Quad9's board. Reddit. 2021-02-09 [2021-05-27]. (原始内容存档于2023-06-27). 
  14. ^ Dickinson, Sara. DNS Privacy Public Resolvers. DNS Privacy Project. 2019-11-28 [2021-05-27]. (原始内容存档于2024-03-26). 
  15. ^ Quad9 Data and Privacy Policy. Quad9. [2021-05-27]. (原始内容存档于2021-07-17). The Reply To Address is purged from RAM as soon as we have transmitted the reply to the user's Reply To Address. The Reply To Address (or any representation of, or proxy for, it) is not copied to permanent storage, nor is it transmitted across the network to any destination other than the user. It leaves the machine on which we received it only in the form of a reply to the user – to no other destination, in no other form, for no other purpose. 
  16. ^ A Deeper Dive Into Public DNS Resolver Quad9. Internet Society. [2018-04-08]. (原始内容存档于2024-07-16). 
  17. ^ Brennan, Jim. New Quad9 DNS Service Makes the Internet Safer and More Private. securityintelligence.com. Security Intelligence. 2017-11-16 [2021-05-27]. (原始内容存档于2017-11-20). Quad9 goes far beyond standard DNS name resolution. Unlike many other DNS services, Quad9 does not store, correlate or otherwise employ any personally identifiable information (PII). 
  18. ^ Internet Exchange Points Quad9 is Present In. pch.net. Packet Clearing House. 2021-05-27 [2021-05-27]. (原始内容存档于2019-08-14). 
  19. ^ Huston, Geoff. Opinion: DNS4EU. APNIC. 11 February 2022 [2025-06-03]. (原始内容存档于2023-12-11). Sony Music Germany bought a suit against the DNS open resolver provider Quad9 in a German court. The court ruled that Quad9 must block the resolution of a domain name of a website in Ukraine that itself does not hold copyright-infringing material, but instead contains pointers to another website that is reported to hold alleged copyright infringements. Quad9’s interpretation of this ruling is that queries received from IP addresses that can be geolocated to Germany must generate a SERVFAIL response from Quad9’s recursive resolvers. 
  20. ^ Van der Sar, Ernesto. Sony Wins Pirate Site Blocking Order Against DNS-Resolver Quad9. TorrentFreak. 2021-06-21 [21 June 2021]. (原始内容存档于2024-09-10). Sony Music has obtained an injunction that requires the freely available DNS-resolver Quad9 to block a popular pirate site. The order, issued by the District Court in Hamburg, Germany, is the first of its kind. The Quad9 foundation has already announced that it will protest the judgment, which could have far-reaching consequences. The Hamburg court found that the DNS service is not eligible for the liability protections that other third-party intermediaries such as ISPs and domain registrars typically enjoy. And if Quad9 fails to comply with the injunction, it will have to pay a fine of 250,000 euros per ‘infringing’ DNS query plus potentially two years in prison. 
  21. ^ Ermert, Monika. Copyright infringement: Sony obtains injunction against DNS resolvers. Heise Online. 2021-06-19 [21 June 2021]. (原始内容存档于2024-09-10). Sony wants to ban the DNS resolution of domains by injunction. 
  22. ^ Grüner, Sebastian. Sony will DNS-Sperre bei Quad9 durchsetzen. Golem. 2021-06-21 [21 June 2021]. (原始内容存档于2023-02-22). The DNS provider Quad9, which is now officially located in Switzerland, is held liable as a "Stoerer" (interferer) in this case, because the DNS resolution of the service enables copyright infringement. The "Stoererhaftung" (Breach of Duty of Care), its effects on copyright law, and any associated warnings against private individuals or even companies have been a point of contention in the law-making process of politics and the judiciary for decades. What is surprising about the current case is that Internet providers and registrars are actually exempt from "Stoererhaftung" (Breach of Duty of Care) under the so-called provider privilege. However, the Hamburg Regional Court apparently sees things differently. 
  23. ^ King, Ashley. Sony Music Wins Injunction Requiring DNS Resolver to Block Pirate Site. Digital Music News. 2021-06-24 [25 June 2021]. (原始内容存档于2024-05-29). Sony Music has won an injunction requiring a DNS resolver to block a popular piracy site. The ruling is the first of its kind and may signal a new direction in tackling music piracy. 
  24. ^ Quad9 and Sony Music: German Injunction Status. Quad9. 2021-06-24 [25 June 2021]. (原始内容存档于2021-06-24). Quad9 was notified last Friday that Sony Music had obtained an injunction against Quad9 in the lower court of Hamburg, Germany, seeking to block DNS resolution of domains used to host music content files on the grounds that such resolution contributes to infringement upon Sony’s copyrights. Quad9 has no relationship with any of the parties to the alleged infringement. Our systems resolve domain names, conveying public information on the public Internet, as any other recursive resolver would do, and there is no allegation that the domain names themselves, or any information that Quad9 has handled, infringe upon Sony’s copyrights. We have retained counsel, and we are in the process of filing an objection to the injunction. 
  25. ^ Resolution in the case Sony Music Entertainment Germany GmbH versus Quad9 Foundation (PDF). Hamburg Lower Court. 2021-05-21 [25 June 2021]. (原始内容 (PDF)存档于2021-06-24). By way of interim injunction - for reasons of urgency without oral proceedings - the defendant is ordered to avoid a Tine to be determined by the court for each case of culpable infringement and, in the event that this cannot be recovered, to serve a term of imprisonment of up to six months (fine in individual cases not exceeding 250,000.00, imprisonment for a total of not more than two years) prohibited to enable third parties in the territory of the Federal Republic of Germany the music album "Evanescence – The Bitter Truth" to be made publicly available. 
  26. ^ Ermert, Monika. Sony vs. Quad9: a wave of donations for the DNS resolver. Heise Online. 2021-06-27 [27 June 2021]. (原始内容存档于2021-12-06). 
  27. ^ Stegeman, Koen. Quad9 Files Appeal Against Copyright Lawsuit from Sony Music Germany. Hosting Journalist. 2021-09-02 [3 September 2021]. (原始内容存档于2023-06-27). 
  28. ^ Carnesi, Ken. DNSFilter CEO Responds to Quad9 Injunction: "DNS resolvers should not police the Internet for copyright violations". DNSfilter. 2021-07-27 [3 September 2021]. (原始内容存档于2024-04-23). 
  29. ^ Sony zieht gegen Schweizer NPO Quad9 vor Gericht (PDF). Higher Regional Court Dresden. 2023-12-05 [6 Dec 2023]. (原始内容存档 (PDF)于2023-12-06). On appeal by the defendant, the judgment of the Regional Court of Leipzig dated March 1, 2023, case no. 05 O 807/22, is amended and the action dismissed. 
  30. ^ Dickinson, Sara. DNS Privacy Public Resolvers: DNS-over-TLS (DoT). DNS Privacy Project. 2019-11-28 [2021-05-27]. (原始内容存档于2024-03-26). 
  31. ^ Dickinson, Sara. DNS Privacy Public Resolvers: DNS-over-HTTPS (DoH). DNS Privacy Project. 2019-11-28 [2021-05-27]. (原始内容存档于2024-03-26). 
  32. ^ Kumar, Arvind. DNScrypt Resolvers. github.com. EnKrypt. 2021-05-27 [2021-05-27]. (原始内容存档于2024-01-10). quad9-dnscrypt-ip4-filter-pri Quad9 (anycast) dnssec/no-log/filter 9.9.9.9 / 149.112.112.9 
  33. ^ Service Addresses & Features. Quad9. [2021-10-05]. (原始内容存档于2021-09-15). 

外部链接

[编辑]
检索自“https://zh.wikipedia.org/w/index.php?title=Quad9&oldid=87616066