Security Via DNS

Article DNS security filtering

Quad9 is a free offering from an IBM led group of security organizations. OpenDNS made this type of service popular and Quad9 builds on that by making the service faster using AnyCast and a fleet of world-wide distributed DNS servers.
This method makes it easy to protect your entire Home/Enterprise from KNOWN bad/phishing sites by replacing your ISP’s DNS server entries with Quad9’s DNS servers. IBM has given us a very easy to remember address (hence the name Quad9)
Add a few DNS servers for redundancy. Following order based on speed Quad9 WorldWide ThreatFilter (IBM, PCH, GCA) OpenDNS US ThreatFilter OpenDNS US ThreatFilter Fortinet US ThreatFilter Cira (Canadian) Cira (Canadian)

The Good
easy to implement
protects an entire network
auto updating
supports DNSSEC (not to be confused with DNS over TLS)
can prevent IoT relay attacks (Chromecast, Alexa etc)
easy to troubleshoot ( has a search function)
The Bad
only mitigates KNOWN threats
DNS caching hinders fast updates
Easy to circumvent by querying specific DNS server

Single Computer/Testing
use NirSoft’s Quickset DNS
Home Network
set DNS in router/Firewall
set DNS in M$ Domain Controller integrated DNS server

Blocking Test surf to
Dns Benchmark