Quad9 Enables DNSSEC on All Service Endpoints
18 hours ago
- #Cybersecurity
- #DNSSEC
- #DNS
- Quad9 will enable DNSSEC validation on all service endpoints starting June 15, 2026, including the previously non-validating resolver at 9.9.9.10.
- This change means all Quad9 resolver options will now perform strict DNSSEC validation by default, enhancing DNS data integrity and security against spoofing.
- Users of 9.9.9.10 will see SERVFAIL responses for DNSSEC failures, aligning it with other Quad9 addresses, while threat protection and ECS options remain unchanged.
- Quad9 views DNSSEC validation as essential for security-focused resolvers and has removed the insecure exemption due to improved DNSSEC stability over the past decade.
- After this update, users needing a non-validating resolver for testing must use services outside Quad9, as all internal endpoints will enforce DNSSEC validation.