By John Todd
What have we done so far?
The pilot project had around 700 thousand users, mostly state and local governments who were communicating with us during the start-up. We’ve grown considerably since then, seeing an approximate 13-fold increase in traffic, and our growth curve for queries is looking great. This is the exciting time during which a project starts to get traction, and every day the usage graphs look better and better. It’s also a time when edge case problems get discovered and worked on, so that’s keeping us busy as well.
Our target was to launch in 70 locations, and we exceeded that number and went public with 100 anycast resolvers distributed worldwide in November. We’ve since grown by another 6 locations, and we have many more in the pipeline for the next few months.
One of our primary goals is to provide security against malware and phishing by implementing a blocklist in our 184.108.40.206 resolver. When a client sends a query about a domain that is in that blocklist, we currently provide a negative answer, meaning that the connection fails. On just one day last week we provided 1.4 million blocks for clients, from users in more than 150 countries. Given the billions of queries we serve every day, this doesn’t sound like a lot, but each of those blocked queries represents some malicious Website or phishing destination that was prevented from performing their goal. This is a significant monetary loss and time loss prevention for our end users – it’s clear that we’re helping decrease cyber security risks.
We have several other variations of our resolver which will include different features that can be chosen based on which IP address set is used for your systems. For instance, we will shortly have a variation of the resolver which implements Extended Client Subnet (ECS) data and which also supports our blocklist. This will allow Content Delivery Networks (CDNs) to provide better results to end users who wish to compromise with the slightly lowered privacy that ECS implies. Some people may find this tradeoff useful, so we will be providing this option.
The network is growing quickly – we’ll be continuing to push deployments into areas where we don’t have low-latency coverage. Brazil, India, and other parts of Asia have higher latency than we’d like, so those areas are on our target list, as well as expanding the equipment footprint in areas that are highest in current query counts. We rolled a truckload of servers into the warehouse just a week or two ago, and they’re rolling out just as quickly destined for our heaviest-use locations. Frankfurt, Palo Alto, London, Amsterdam, Chicago, and Singapore are our standout cities right now as they have the highest density of interconnections. So those will receive upgrades first.
We’re also continuing to increase peering (interconnection with other networks) in areas where we have equipment but where some users are not getting the best performance. Even though we have multiple locations in-continent, Australia is notably poorly-covered due to a few large local providers in that area not peering with our transit network. This often is a matter of business policy at those providers that we can’t influence, though we would encourage any customer seeing slow performance to ask their ISP why they can’t get to 220.127.116.11 quickly.
There are thousands of interconnections that are maintained with other networks, but we don’t connect with everyone yet – more work will be done on that project in the coming months. We’re working on concepts of building a web page that will allow end users to send a link to their ISP that includes the relevant information needed to persuade ISPs to peer with us at the most local point possible. You can be part of the effort to make the Internet a more well-connected place – more on that soon.
We’re working on extending the Website for explanations of the project, documenting our transparency and privacy guidelines, publishing more information about how to configure various home and office routers to use the project, and generally expanding the Website to include more data that would be useful to service providers, end users, and enterprises who want to learn more about Quad9.
Quad9 is a 501(c)(3) not-for-profit corporation whose goals are to improve the security, performance, and privacy of all users of the Internet by delivering free and open DNS recursive resolution. We’re happy to have the continuing sponsorship of Global Cyber Alliance, IBM, and Packet Clearing House, and their contributions have made the success of the project possible. To continue our growth in 2018, we are seeking to expand our sponsorship portfolio in the coming year with additional partners who have a significant stake in Internet security and end-user privacy. Contact us for more details at firstname.lastname@example.org.
John Todd is the Executive Director of Quad9. You can follow Quad9 on Twitter @Quad9DNS.