Menu

TechTok #4. Learning the basics about DNS filtering and DNS privacy

We’re continuing our TechTok series, where we answer your questions about ad blocking, VPNs, and technology in general. We’ve already covered several VPN- and ad blocking-related topics, so today let’s tackle some of your questions about DNS filtering and DNS privacy. It seems logical to kick things off with this question from Lenny:

How does AdGuard DNS work? What are some of the pros and cons of DNS filtering compared to the regular ad blocking and when is it best to use each of them?

DNS filtering is a very important tool in privacy protection and ad blocking, and to better understand it we should first brush up on what DNS is and how it works.

Let’s say you type something into your browser’s address bar or click on a link. How does the browser know where to take you? It only understands the language of IP addresses, and not human words like google.com. So in order to learn the website’s IP address the browser reaches a DNS server. DNS stands for “Domain Name System,” and this system exists to translate domain names (e. g. google.com) into IP addresses (e. g. 74.125.139.139). There are many DNS servers that can serve as translators, and you can use any one of them. Your Internet Service Provider (ISP) will provide you with a default DNS server, but you can go ahead and switch to any one that you prefer.

How DNS works
How DNS works

A ‘normal’ DNS server will simply return the IP address of the website you want to visit, without any ifs and buts. There are, however, DNS servers that under certain circumstances instead of giving the browser the correct IP address return 0.0.0.0, effectively pointing it to a ‘black hole.’ This is precisely how ad-blocking DNS servers, including AdGuard DNS, work.

How DNS filtering works
The basic principle behind DNS filtering

Different servers may have different lists of domains they block — in case of AdGuard DNS it’s a long list of ad, tracking, and malicious domains.

💡
AdGuard DNS Family also blocks domains associated with adult content.

Now let’s compare DNS filtering with regular filtering. Its main drawback is apparent — with DNS filtering, you can only block entire domains. It lacks the finesse of the more nuanced web filtering, where you would be able to block specific requests, apply ‘cosmetic’ rules to make the page look better after blocking the ad, and do many more things. Nearly all other drawbacks of DNS blocking stem from this inability one way or another and can be described altogether as “much less flexible filtering.” But what about the advantages?

First and foremost, it’s the ability to easily set it up on virtually any device connected to the Internet — phones and tablets, smart TVs, even smart home appliances. While in order to do web filtering you’d need a browser extension or a standalone ad-blocking app, with DNS filtering you can literally change one line of text in your router’s settings, and all devices connected to your home Wi-Fi will be protected from ads and trackers.

💡
Some routers even come with pre-installed DNS solutions. For example, all ASUS Wi-Fi 7-compatible routers come integrated with AdGuard DNS out of the box.

Another distinct advantage of DNS filtering is that it is being applied at the earliest possible stage, so in a sense it’s the most efficient way to block ads and prevent tracking, especially on mobile devices where battery and traffic consumption may be of concern.

To sum it up and to answer the last part of Lenny’s question, ideally you would want to supplement network filtering with DNS filtering on all devices that support both. They complement each other, especially in terms of protecting you against tracking. If you have to choose, and if your device allows it, opt for regular web filtering — it is more flexible and will give you a better overall experience. And on devices like routers and smart TVs go for DNS protection, as it might be the only option available there.

💡
For more details on how DNS in general and DNS filtering in particular work, visit our Knowledge base.

Now that we know how DNS and DNS filtering work, it’s time to talk about how to keep your DNS connection safe and private. This simple question from xiulou will help us kickstart the conversation:

What do you think of the DNScrypt protocol?

Just like your regular web traffic needs to be secured to prevent bad actors from spoofing and tampering with it, your DNS traffic needs that too. DNSCrypt was one of the earliest attempts at encrypting DNS queries to protect them from surveillance. At the time, it was a serious breakthrough in DNS privacy, but mostly because the alternatives were virtually non-existent. DNSCrypt is still around today (and AdGuard DNS supports it to this day), but it’s been long surpassed and overshadowed by more modern protocols like DNS-over-HTTPS and DNS-over-TLS.

Speaking of those, Dmitry inquires:

Please explain “for dummies” how DNS-over-TLS and DNS-over-HTTPS work.

DNSCrypt, despite being the pioneer of DNS encryption protocols, is only responsible for less than 10% of all encrypted DNS requests today. Much more popular protocols are DNS-over-TLS (DoT) and especially DNS-over-HTTPS (DoH), which together take up close to 90% of all encrypted DNS traffic. Let’s try to dip a little into how they work.

With unencrypted DNS, when your browser requests the IP address of the website you’re connecting to, it sends the request with the domain name of that website to the DNS server in plain text. This means that anyone who ‘listens’ to your DNS traffic faces no hurdles and can easily see every single website that you’re trying to visit — this is not private at all.

With DoH, your DNS communication is encrypted with HTTPS — the known, go-to secure protocol that you see everywhere on the web (think green lock icons next to the address bar in your browser). Every DNS query your browser sends over DoH is encrypted by being ‘wrapped’ inside an HTTPS request. This not only provides protection in and of itself, but also makes your DNS traffic look like regular HTTPS traffic to outside observers. This way they might not even realize what they see is a DNS query, let alone look inside it.

DoT operates in a slightly different way to DoH. It uses TLS security protocol to create a direct, secure tunnel between your browser and the DNS server, over which the DNS queries can travel both ways. This makes your DNS traffic safe, but also much more trivial to detect for anyone watching, as it’s easily distinguished from regular HTTPS traffic. All in all, both protocols provide security but do it differently and each has its own uses.

There are more DNS-related questions left, but it’s impossible to pack all the answers in just one article. We will definitely get back to DNS filtering and DNS privacy later — send us more of your questions about DNS and on other topics over through this form, and you might see the answers already in the next TechTok edition!

Liked this post?
9,332 9332 user reviews
Excellent!

AdGuard VPN
for Windows

Use any browser or app and never worry about your anonymity again. The entire world is at your fingertips with AdGuard VPN.
Learn more
Download
By downloading the program you accept the terms of the License agreement
9,332 9332 user reviews
Excellent!

AdGuard VPN
for Mac

In just two clicks, select a city from anywhere in the world — we have 70+ locations — and your data is invisible to prying eyes.
Learn more
Download
By downloading the program you accept the terms of the License agreement
9,332 9332 user reviews
Excellent!

AdGuard VPN
for Android

Remain anonymous wherever you go with AdGuard VPN! Dozens of locations, fast and reliable connection — all in your pocket.
Learn more
Google Play
By downloading the program you accept the terms of the License agreement
Download
By downloading the program you accept the terms of the License agreement
9,332 9332 user reviews
Excellent!

AdGuard VPN
for iOS

Boost your online protection by taking it with you wherever you go. Use AdGuard VPN to enjoy your favorite movies and shows!
Learn more
App Store
By downloading the program you accept the terms of the License agreement
9,332 9332 user reviews
Excellent!

AdGuard VPN
for Android TV

Discover AdGuard VPN for Android TV! Enjoy seamless streaming, enhanced security, and easy setup.
Learn more
Google Play
By downloading the program you accept the terms of the License agreement
Download
By downloading the program you accept the terms of the License agreement
9,332 9332 user reviews
Excellent!

AdGuard VPN
for Chrome

Hide your true location and emerge from another place in the world — access any content without speed limits and preserve your web anonymity.
Learn more
Install
By downloading the program you accept the terms of the License agreement

AdGuard VPN
for Edge

Get to a different location in one click, hide your IP, and make your web surfing safe and anonymous.
Learn more
Install
By downloading the program you accept the terms of the License agreement

AdGuard VPN
for Firefox

Protect your privacy, hide your real location, and decide to where you need the VPN and where you don't!
Learn more
Install
By downloading the program you accept the terms of the License agreement

AdGuard VPN
for Opera

Be a ninja in your Opera browser: move quickly to any part of the world and remain unnoticed.
Learn more
Install
By downloading the program you accept the terms of the License agreement
9,332 9332 user reviews
Excellent!

AdGuard VPN
for routers

Install AdGuard VPN on your router to secure your entire network. Decide which devices to protect and when This option is only available with an AdGuard VPN subscription
Learn more
9,332 9332 user reviews
Excellent!

AdGuard VPN
for Linux

Get the best free VPN for Linux and enjoy seamless web browsing, enhanced security, Internet traffic encryption, and DNS leak protection. Choose from multiple VPN servers and access the locations you want
9,332 9332 user reviews
Excellent!

AdGuard VPN
for Apple TV

Discover AdGuard VPN for Apple TV! Enjoy seamless streaming, enhanced security, and easy setup This option is only available with an AdGuard VPN subscription
Learn more
9,332 9332 user reviews
Excellent!

AdGuard VPN for Xbox

Protect your Xbox with AdGuard VPN and enjoy seamless online gaming, enhanced security, and easy setup This option is only available with an AdGuard VPN subscription
Learn more
9,332 9332 user reviews
Excellent!

AdGuard VPN
for PS4/PS5

Protect your PlayStation with AdGuard VPN and enjoy seamless online gaming, enhanced security, and easy setup. Choose from multiple VPN servers and access the locations you want
This feature is only available with an AdGuard VPN subscription
Learn more
9,332 9332 user reviews
Excellent!

AdGuard VPN
for Chromecast

Install AdGuard VPN on your Google TV (Chromecast Gen 4) or on your network router (Chromecast Gen 3) and enjoy streaming content with Chromecast while staying anonymous online and accessing content from anywhere. For Chromecast Gen 3, you need an AdGuard VPN subscription
Learn more
AdGuard VPN
download has started
Click the button indicated by the arrow to start the installation.
Scan to install AdGuard VPN on your mobile device