Algo VPN is an open source project from computer security firm Trail of Bits. It facilitates the creation of a non-logging (and optionally ad-blocking) virtual private network (VPN) on a virtual private server (VPS). I’ve been using Algo VPN for a couple months and am pleased with it’s performance, particularly on Apple devices, which natively support the IKEv2 protocol implemented by Algo VPN.

By default, Algo VPN uses Google’s domain name resolution (DNS) servers (8.8.8.8 and 8.8.4.4). Recently, I heard about an alternative, non-profit DNS service called Quad9 (9.9.9.9) that has some attractive features. In particular, Quad9 blocks known malicious domains, collects no personally-identifiable information, and does not store the IP addresses of end users to disk. Steve Gibson spoke about Quad9 in episode 638 of his weekly Security Now podcast.

Perhaps in the future, Algo VPN will offer Quad9 as an alternative to Google’s DNS servers. But until such time, and for already existing installations, here’s how you can point your Algo VPN server to Quad9’s DNS servers:

1. SSH to your Algo server via your terminal app:

ssh root@ip -i ~/.ssh/algo.pem

2. Open /etc/dnsmasq.conf for editing:

nano /etc/dnsmasq.conf

3. Find the lines:

server=8.8.8.8
server=8.8.4.4

4. Replace with (the second line, not originally included here, is Quad9’s secondary IPv4 address; thanks to commenter “c.” for noting this):

server=9.9.9.9
server=149.112.112.112

5. Hit Control-X to exit, choosing Y to save and keeping the same file name.

6. Type reboot at the command line to reboot.

That’s all! Your Algo VPN server will now use Quad9 for DNS resolution.