The official release of AdGuard DNS — a new unique approach to privacy-oriented DNS

We at AdGuard put a lot of our effort into protecting people's privacy, and many AdGuard users value our products exactly for this reason. One of the biggest challenges has always been not just providing good protection, but doing it for everyone, no matter where the person is and what device do they use.

This is where AdGuard DNS comes into play: a privacy-oriented DNS service that blocks trackers and ads anywhere, from your PC and mobile devices to smart TV and IoT. Today, after honing it for more than two years (wow, time flies!), we proudly announce the official release of AdGuard DNS!

Now, what exactly is DNS?

DNS is the "address book" of the Internet. Whenever you open a website, send an email or share a cat picture with your friend, an app or browser that you are using needs to match the domain name (e.g. yahoo.com, that's easy for you to remember but makes no sense to computer) with an IP address that computers actually use. For that purpose, it sends a special DNS request to a DNS resolver. The resolver converts the domain name into an IP address and sends it back.

Schematically, this is how DNS works

In reality, the DNS system is more complicated, but this is enough to get a basic understanding. Normally, your ISP will decide which DNS resolver to use (or, generally, the network operator of whatever network you are using at the time).

The DNS privacy concern

Do you see any problem with the scheme described above? Yes, exactly, some random guy who provides you with Internet access knows every single domain that you visited and when. One quick example: a study shows that behavioral pattern obtained by analyzing only DNS data allowed to correctly identify 86% of the users.

It doesn't sound very good, especially considering how much effort a lot of people are putting into protecting their privacy: using HTTPS, VPNs, ad blockers etc. All this only to be tracked via DNS and monetized by ISPs? Don’t have any illusions, they will sell this information, had they gotten a reasonable opportunity.

DNS traffic is vulnerable to intruders

Thankfully, you can prevent it. Nearly all devices that allow you to access the Internet also give an option to select a custom DNS resolver. But which one to use? There is no shortage of choices here, but not all of them have your privacy as a top priority. We offer a service that not only will keep your online activity a secret, but also will take a few steps beyond.

Let's look inside AdGuard DNS and see why it is one of the most privacy-friendly choices you can make.

A bumpy road to safety

Choosing an alternative resolver is the first step, but it may not be enough. Granted, no one should be able to access your DNS traffic now, it doesn't mean no one could. DNS protocol is not exactly new, and back at the time when it was designed, privacy standards were virtually non-existent. As a result, today there is a high risk that your DNS requests will be eavesdropped on or even altered by malefactors. To oppose them, we took several measures.

DNSCrypt

DNSCrypt was the first attempt at making DNS traffic safe from intruders. It is a special protocol that encrypts communication between your device and a DNS server, thus protecting it from tampering and man-in-the-middle attacks. Those of you who are no strangers to AdGuard DNS know that we support this technology for quite some time.

With AdGuard DNS, your traffic is protected

The problem with DNSCrypt is that it never officially became a standard or received an RFC (a document listing technical specifications) unlike its alternatives: DNS-over-HTTPS and DNS-over-TLS. This leads us to believe that it will become less popular over time and will not receive much support on the OS level. Luckily, there are other modern tools available, which may be not as widespread yet, but they reach much higher security and will be the new DNS privacy standard for the foreseeable future.

DNS-over-TLS

Also referred to as DoT, this protocol encrypts DNS queries and wraps them via TLS protocol. Don't worry if you didn't understand a word — what's important is that DoT is more reliable than DNSCrypt. More and more DNS providers support it, and AdGuard proudly joins their ranks.

Worth noting that starting with Android 9, Android devices have built-in support for DNS-over-TLS. You can configure your smartphone or tablet to use this protocol in a few taps without having to install any additional software.

DNS-over-HTTPS

Akin to DoT, DNS-over-HTTPS protocol is often contracted to DoH. It performs a remote DNS resolution via the HTTPS protocol — again, the gist is that it is another safe way to secure your DNS traffic from eavesdropping and hijacking. Is there any difference between DoT and DoH? For a casual user — not really. And if there is a difference for you, you probably know the answer anyway :)

AdGuard DNS recently added DoH support, which brings our service to the forefront of privacy protection. Sadly, this protocol is still relatively new and there are simply not so many ways to employ it on your device. Luckily (what a coincidence!), the next version of AdGuard for Android will have this option (you can already try it out with the Nightly build!).

It's not all about DNS

Now that you have your DNS privacy covered, it is time to think about other potential threats. It is not a secret to anybody that the web is swarmed with thousands of trackers that watch your every click and then use this information to target you with ads and build your personal profile. How to fight that? AdGuard DNS is not just a regular DNS resolver, it also filters traffic. Whenever your device sends a "bad" request, be it an ad or a tracker, instead of the correct IP-address AdGuard DNS server will return nothing. Simple, yet effective.

AdGuard DNS blocks requests to ad and tracking domains

And finally, don't forget that AdGuard actually provides two DNS services — the "Default" and the "Family protection" one. The only difference between them is that the latter, in addition to other features, also blocks access to any content inappropriate for kids and enforces the "Safe search" option in browsers that have it.

Summing up

So, how do you set it all up? This link leads to the detailed guide, but here is the required information if you already know what to do:

Our DNS servers:

176.103.130.130 or 176.103.130.131 for "Default";

176.103.130.132 or 176.103.130.134 for "Family protection".

DNS-over-TLS:

Use dns.adguard.com string for "Default" or dns-family.adguard.com for "Family protection".

DNS-over-HTTPS:

Use https://dns.adguard.com/dns-query for "Default" and https://dns-family.adguard.com/dns-query for "Family protection" mode.

We'd like to emphasize that AdGuard DNS is open source, as all our free products are. We find it extremely important that services and products which you trust with your privacy are as transparent and trustworthy as possible. To view the source code, learn everything about AdGuard DNS or even leave a suggestion, visit our GitHub repository.

We hope that you will enjoy AdGuard DNS. The project will only grow bigger from now on. We already added multiple server locations across the world, and will add more in the future — of course, along with more features! See you soon in the next year!

Comments are powered by Disqus
by downloading the comments you agree the terms and policies of Disqus

Vasily Bagirov

Vasily is working in Adguard since 2014 and started as a helpdesk engineer. Old habits are still alive and kick in sometimes, so he is always ready to chat with users!

Subscribe to AdGuard Blog

Get the latest posts delivered right to your inbox.

or subscribe via RSS with Feedly! *by clicking on “Subscribe” you accept the terms and conditions