跳至內容

Quad9

本頁使用了標題或全文手工轉換
維基百科,自由的百科全書
Quad9
成立時間2016年5月11日,​9年前​(2016-05-11
創始人Packet Clearing House英語Packet Clearing House
IBM
Global Cyber Alliance
SWITCH英語SWITCH Information Technology Services
創始地伯克利
類型公益性非營利基金會
法律地位foundation[*]
總部蘇黎世 編輯維基數據
地址
服務地區全球
員工數12
目標互聯網隱私計算機安全
網站www.quad9.net 編輯維基數據鏈接

Quad9是一個全球公共遞歸DNS解析器,旨在保護用戶免受惡意軟件網絡釣魚的侵害。Quad9由Quad9基金會運營,該基金會是一個瑞士公益性非營利基金會,旨在改善互聯網用戶的隱私網絡安全,總部設在瑞士蘇黎世[1]Quad9完全受瑞士信息隱私法英語Information_privacy_law的約束,瑞士政府將其法律保護範圍擴展至全球的Quad9用戶,無論其公民身份或居住國。[2]

安全與隱私

[編輯]

多項獨立評估發現,Quad9在阻止惡意軟件和網絡釣魚域方面較為有效(達97%)。[3][4][5][6]截至2021年6月,Quad9每天阻止超過1億次惡意軟件感染和網絡釣魚攻擊。[7]

Quad9的惡意軟件過濾是用戶可選的選項。被過濾的域名並非由Quad9決定,而是由各種獨立的威脅情報分析師使用不同的方法提供給Quad9。Quad9使用信譽評分系統來聚合這些來源,並從過濾列表中移除「誤報」域名,但本身不向過濾列表中添加域名。[8][9][10]

Quad9是第一個使用基於標準的強加密技術來保護用戶DNS查詢隱私的服務,也是第一個使用DNSSEC加密驗證來保護用戶免受域名劫持的服務。[11][12][13][14]Quad9通過不保留或處理用戶IP地址來保護用戶隱私,因此符合歐盟《通用數據保護條例》規定。[15][16][17]

位置

[編輯]
截至2021年5月27日Quad9遞歸解析器位置地圖
截至2021年5月27日Quad9遞歸解析器位置地圖

截至2021年8月,Quad9遞歸解析器在六大洲106個國家的224個位置的服務器集群中運行。[18]

事件

[編輯]

索尼音樂禁令

[編輯]

2021年6月18日,Quad9接到漢堡地方法院的首例禁令通知,索尼音樂要求Quad9阻止解析一個域名,該域名本身不包含侵權材料,但包含指向其他侵權網站的鏈接。[19]這是版權所有者行業首次尋求強制遞歸DNS運營商阻止訪問互聯網域名,因此被認為是德國法律的一種新穎解釋,並被認為是一個具有深遠影響的先例案件。

Quad9總經理約翰·托德在新聞發布會上表示:「我們的捐助者支持我們保護公眾免受網絡威脅,而不是進一步豐富索尼」。德國互聯網協會eco的法律專家托馬斯·里克特(Thomas Rickert)評論道:「我無法想象一個提供商會比公共解析器運營商更遠離任何非法域名的責任。」 漢堡地方法院裁定,Quad9不符合互聯網服務提供商(ISP)和域名註冊商等其他第三方中介機構通常享有的責任豁免權。[20][21][22]如果Quad9不遵守禁令,將面臨每次「侵權」DNS查詢25萬歐元(或約298,356美元)的罰款,以及可能長達兩年的監禁。[23]Quad9立即宣布將對禁令提出異議,並於6月24日宣布已聘請德國律師並正在提交反對意見。[24][25]

法院發言人表示,「僅採納了申請方提出的陳述作為禁令的依據」,並且法院「相信申請方聲稱已發送的通知不僅已發送而且已送達接收方」。衝突第一周結束時,新聞注意到Quad9的捐款比前一周增長了900%。[26]

2021年8月31日,Quad9對禁令提出異議,指出索尼在法律論證中存在多處缺陷,但主要論點是互聯網服務提供商(ISP)(實際上與侵權方有業務關係)被豁免第三方責任,儘管他們也運營DNS遞歸解析器,而將獨立遞歸解析器排除在該豁免之外是對法律的誤讀。[27][28]

2023年12月5日,該訴訟被駁回,索尼被勒令支付法律糾紛的費用。[29]儘管法院裁決為終審判決,不可上訴,但索尼仍可通過對不予上訴許可提出申訴,之後他們將必須向德國聯邦法院上訴該案件本身。

服務

[編輯]

Quad9在以下十二個IP地址上運行公共遞歸名稱服務器。這些地址使用任播路由到最近的可用服務器。Quad9支持經由端口853的DNS over TLS[30]經由端口443的DNS over HTTPS[31]以及經由端口8443的DNSCrypt[32]

高安全 / 高隱私 高安全 / 中隱私 低安全 / 高隱私
域名過濾
DNSSEC驗證
ECS英語EDNS_Client_Subnet呈遞
經由DoH接入[33] https://dns.quad9.net/dns-query https://dns11.quad9.net/dns-query https://dns10.quad9.net/dns-query
經由DoT接入 dns.quad9.net dns11.quad9.net dns10.quad9.net
經由IPv4接入 9.9.9.9
149.112.112.112 		9.9.9.11
149.112.112.11 		9.9.9.10
149.112.112.10
經由IPv6接入 2620:fe::9
2620:fe::fe 		2620:fe::11
2620:fe::fe:11 		2620:fe::10
2620:fe::fe:10

參見

[編輯]

參考文獻

[編輯]
  1. ^ Quad9 moves to Switzerland. ncsc.admin.ch. Swiss National Cyber Security Centre. 2021-02-17 [2021-05-27]. (原始內容存檔於2023-06-27). Non-profit organisation Quad9 is relocating its headquarters to Zurich. 
  2. ^ Steiger, Martin. Quad9 Foundation – Recursive DNS Resolver in Switzerland / Applicability of Swiss and European Data Protection Law (PDF). steigerlegal.ch. Steiger Legal. 2021-02-18 [2021-05-27]. (原始內容 (PDF)存檔於2021-05-27). Quad9 is entirely and fully subject to Swiss data protection law including the Swiss Federal Act on Data Protection (FADP) and its corresponding ordinance with regard to all data subjects, i.e., for all persons worldwide whose data is being processed by Quad9. Compliance with Swiss data protection law is subject to the independent supervision of the Swiss Federal Data Protection and Information Commissioner (FDPIC). Data subjects may file a complaint with the FDPIC regardless of their citizenship or country of residence. 
  3. ^ Reda, Julia. Quad9 in Störerhaftung – neue Rechtsunsicherheit für DNS-Resolver. Heise Online. 2021-08-30 [1 September 2021]. (原始內容存檔於2024-01-06). Quad9 service is characterized by significantly increasing IT security compared to alternative, mostly commercial DNS services. Independent tests have determined that Quad9 filters over 97 percent of tested malware and phishing domains. 
  4. ^ Lawrence, Tom. DNS Malware Filtering Compared: Quad9 VS Cloudflare VS DNS Filter VS OpenDNS. lawrencesystems.com (Lawrence Systems). 2020-05-03 [2021-05-27]. Quad9: 97.16% effective, Cloudflare: 56.74% effective, OpenDNS: 9.22% effective 
  5. ^ Young, Andrew. Comparing Malware-blocking DNS Resolvers. andryou.com. Andryou. 2020-05-31 [2021-05-27]. (原始內容存檔於2021-06-19). Quad9: 97.08% effective, Cloudflare: 56.20% effective, OpenDNS: 2.19% effective 
  6. ^ Kod, Skadlig. Malicious Site Filters on DNS. skadligkod.se. Skadlig Kod. 2020-05-02 [2021-05-27]. (原始內容存檔於2024-08-02). Quad9: 96% effective, Cloudflare: 13% effective, OpenDNS: 46% effective 
  7. ^ Quad9: Witnesses Extensive Growth in Blocked DNS Strength. EaDnsKeep. 25 May 2021 [9 June 2021]. (原始內容存檔於9 June 2021). Quad9 is currently seeing a new record-setting rate of approximately 60 million of these blocking events per day, representing a 600% year-over-year growth rate. During heavy 「storms」 of cybercrime venture, this volume has increased to over 100M events per day. 
  8. ^ Quad9 Partners. [1 September 2021]. (原始內容存檔於2024-09-06). Quad9 partners with a large number of threat intelligence sources who provide up-to-the-minute data about domains that pose a threat because of malware, phishing, botnets, or other malicious activities. Quad9 uses vetted open-source threat data as well as donated information from commercial sources. 
  9. ^ Schmitt, Paul; Edmundson, Anne; Mankin, Allison; Feamster, Nick. Oblivious DNS: Practical Privacy for DNS Queries. Proceedings on Privacy Enhancing Technologies. 2019, 2019 (2): 228–244 [13 June 2021]. S2CID 44126163. arXiv:1806.00276可免費查閱. doi:10.2478/popets-2019-0028. (原始內容存檔於13 June 2021). Quad9 provides both security and privacy features for DNS. Quad9 uses threat intelligence data at the recursive resolver to prevent a client from accessing a malicious site. This recursive resolver does not store or distribute the DNS data passing through. 
  10. ^ Jackson, Mark. DNS Providers May Be Forced to Block Internet Piracy Websites. ISPreview. 2021-06-21 [21 June 2021]. (原始內容存檔於2023-02-03). The court also seemed to accept Sony’s argument that Quad9 already blocks problematic websites (e.g. those that contain malware – viruses, spyware etc.), despite that being a very different consideration. Quad9’s General Manager, John Todd, said: 'Quad9 derives its threat intelligence from qualified experts on malware and phishing, not from the claims of parties without relevant expertise. We would be unable to maintain our 98% success rate in blocking cyber-threats if we accepted input based on self-interested claims, rather than on forensics and expert analysis.' we could imagine that many more Rights Holders may rush to make use of this for similar websites. Naturally, Quad9 intends to appeal and so the battle is not yet over. 
  11. ^ New "Quad9" DNS service blocks malicious domains for everyone. Ars Technica. 16 November 2017 [2018-04-08]. (原始內容存檔於2017-11-16). 
  12. ^ Bortzmeyer, Stéphane. Quad9, a Public DNS Resolver - with Security. labs.ripe.net. RIPE Labs. 2017-11-21 [2021-05-27]. (原始內容存檔於2024-04-13). Last week, the new DNS resolver Quad9 has been announced. It is a public DNS resolver with the additional benefit that it is accessible in a secure way. There are other public DNS resolvers, but the link to them is not secure. This allows hijackings as well as third-party monitoring. The new Quad9 service on the other hand is operated by the not-for-profit Packet Clearing House (PCH), which manages large parts of the DNS infrastructure, and it allows access to the DNS over TLS. This makes it very difficult for third parties to listen in. And it makes it possible to authenticate the resolver. 
  13. ^ Woodcock, Bill. Statement by Bill Woodcock, chairman of Quad9's board. Reddit. 2021-02-09 [2021-05-27]. (原始內容存檔於2023-06-27). 
  14. ^ Dickinson, Sara. DNS Privacy Public Resolvers. DNS Privacy Project. 2019-11-28 [2021-05-27]. (原始內容存檔於2024-03-26). 
  15. ^ Quad9 Data and Privacy Policy. Quad9. [2021-05-27]. (原始內容存檔於2021-07-17). The Reply To Address is purged from RAM as soon as we have transmitted the reply to the user's Reply To Address. The Reply To Address (or any representation of, or proxy for, it) is not copied to permanent storage, nor is it transmitted across the network to any destination other than the user. It leaves the machine on which we received it only in the form of a reply to the user – to no other destination, in no other form, for no other purpose. 
  16. ^ A Deeper Dive Into Public DNS Resolver Quad9. Internet Society. [2018-04-08]. (原始內容存檔於2024-07-16). 
  17. ^ Brennan, Jim. New Quad9 DNS Service Makes the Internet Safer and More Private. securityintelligence.com. Security Intelligence. 2017-11-16 [2021-05-27]. (原始內容存檔於2017-11-20). Quad9 goes far beyond standard DNS name resolution. Unlike many other DNS services, Quad9 does not store, correlate or otherwise employ any personally identifiable information (PII). 
  18. ^ Internet Exchange Points Quad9 is Present In. pch.net. Packet Clearing House. 2021-05-27 [2021-05-27]. (原始內容存檔於2019-08-14). 
  19. ^ Huston, Geoff. Opinion: DNS4EU. APNIC. 11 February 2022 [2025-06-03]. (原始內容存檔於2023-12-11). Sony Music Germany bought a suit against the DNS open resolver provider Quad9 in a German court. The court ruled that Quad9 must block the resolution of a domain name of a website in Ukraine that itself does not hold copyright-infringing material, but instead contains pointers to another website that is reported to hold alleged copyright infringements. Quad9’s interpretation of this ruling is that queries received from IP addresses that can be geolocated to Germany must generate a SERVFAIL response from Quad9’s recursive resolvers. 
  20. ^ Van der Sar, Ernesto. Sony Wins Pirate Site Blocking Order Against DNS-Resolver Quad9. TorrentFreak. 2021-06-21 [21 June 2021]. (原始內容存檔於2024-09-10). Sony Music has obtained an injunction that requires the freely available DNS-resolver Quad9 to block a popular pirate site. The order, issued by the District Court in Hamburg, Germany, is the first of its kind. The Quad9 foundation has already announced that it will protest the judgment, which could have far-reaching consequences. The Hamburg court found that the DNS service is not eligible for the liability protections that other third-party intermediaries such as ISPs and domain registrars typically enjoy. And if Quad9 fails to comply with the injunction, it will have to pay a fine of 250,000 euros per 『infringing』 DNS query plus potentially two years in prison. 
  21. ^ Ermert, Monika. Copyright infringement: Sony obtains injunction against DNS resolvers. Heise Online. 2021-06-19 [21 June 2021]. (原始內容存檔於2024-09-10). Sony wants to ban the DNS resolution of domains by injunction. 
  22. ^ Grüner, Sebastian. Sony will DNS-Sperre bei Quad9 durchsetzen. Golem. 2021-06-21 [21 June 2021]. (原始內容存檔於2023-02-22). The DNS provider Quad9, which is now officially located in Switzerland, is held liable as a "Stoerer" (interferer) in this case, because the DNS resolution of the service enables copyright infringement. The "Stoererhaftung" (Breach of Duty of Care), its effects on copyright law, and any associated warnings against private individuals or even companies have been a point of contention in the law-making process of politics and the judiciary for decades. What is surprising about the current case is that Internet providers and registrars are actually exempt from "Stoererhaftung" (Breach of Duty of Care) under the so-called provider privilege. However, the Hamburg Regional Court apparently sees things differently. 
  23. ^ King, Ashley. Sony Music Wins Injunction Requiring DNS Resolver to Block Pirate Site. Digital Music News. 2021-06-24 [25 June 2021]. (原始內容存檔於2024-05-29). Sony Music has won an injunction requiring a DNS resolver to block a popular piracy site. The ruling is the first of its kind and may signal a new direction in tackling music piracy. 
  24. ^ Quad9 and Sony Music: German Injunction Status. Quad9. 2021-06-24 [25 June 2021]. (原始內容存檔於2021-06-24). Quad9 was notified last Friday that Sony Music had obtained an injunction against Quad9 in the lower court of Hamburg, Germany, seeking to block DNS resolution of domains used to host music content files on the grounds that such resolution contributes to infringement upon Sony’s copyrights. Quad9 has no relationship with any of the parties to the alleged infringement. Our systems resolve domain names, conveying public information on the public Internet, as any other recursive resolver would do, and there is no allegation that the domain names themselves, or any information that Quad9 has handled, infringe upon Sony’s copyrights. We have retained counsel, and we are in the process of filing an objection to the injunction. 
  25. ^ Resolution in the case Sony Music Entertainment Germany GmbH versus Quad9 Foundation (PDF). Hamburg Lower Court. 2021-05-21 [25 June 2021]. (原始內容 (PDF)存檔於2021-06-24). By way of interim injunction - for reasons of urgency without oral proceedings - the defendant is ordered to avoid a Tine to be determined by the court for each case of culpable infringement and, in the event that this cannot be recovered, to serve a term of imprisonment of up to six months (fine in individual cases not exceeding 250,000.00, imprisonment for a total of not more than two years) prohibited to enable third parties in the territory of the Federal Republic of Germany the music album "Evanescence – The Bitter Truth" to be made publicly available. 
  26. ^ Ermert, Monika. Sony vs. Quad9: a wave of donations for the DNS resolver. Heise Online. 2021-06-27 [27 June 2021]. (原始內容存檔於2021-12-06). 
  27. ^ Stegeman, Koen. Quad9 Files Appeal Against Copyright Lawsuit from Sony Music Germany. Hosting Journalist. 2021-09-02 [3 September 2021]. (原始內容存檔於2023-06-27). 
  28. ^ Carnesi, Ken. DNSFilter CEO Responds to Quad9 Injunction: "DNS resolvers should not police the Internet for copyright violations". DNSfilter. 2021-07-27 [3 September 2021]. (原始內容存檔於2024-04-23). 
  29. ^ Sony zieht gegen Schweizer NPO Quad9 vor Gericht (PDF). Higher Regional Court Dresden. 2023-12-05 [6 Dec 2023]. (原始內容存檔 (PDF)於2023-12-06). On appeal by the defendant, the judgment of the Regional Court of Leipzig dated March 1, 2023, case no. 05 O 807/22, is amended and the action dismissed. 
  30. ^ Dickinson, Sara. DNS Privacy Public Resolvers: DNS-over-TLS (DoT). DNS Privacy Project. 2019-11-28 [2021-05-27]. (原始內容存檔於2024-03-26). 
  31. ^ Dickinson, Sara. DNS Privacy Public Resolvers: DNS-over-HTTPS (DoH). DNS Privacy Project. 2019-11-28 [2021-05-27]. (原始內容存檔於2024-03-26). 
  32. ^ Kumar, Arvind. DNScrypt Resolvers. github.com. EnKrypt. 2021-05-27 [2021-05-27]. (原始內容存檔於2024-01-10). quad9-dnscrypt-ip4-filter-pri Quad9 (anycast) dnssec/no-log/filter 9.9.9.9 / 149.112.112.9 
  33. ^ Service Addresses & Features. Quad9. [2021-10-05]. (原始內容存檔於2021-09-15). 

外部連結

[編輯]
取自「https://zh.wikipedia.org/w/index.php?title=Quad9&oldid=87616066