The instructions to use adguard DNS on their website doesn't contain how to use adguard DNS over TLS with Android.<p>For anyone running on Android 9 (edit) or later, navigate to<p>Settings -> WiFi and Internet -> Private DNS<p>Select Private DNS provider hostname<p>Add dns.adguard.org (DNS over TLS)<p>Click save.<p>Visit <a href="https://googleads.g.doubleclick.net/" rel="nofollow">https://googleads.g.doubleclick.net/</a> and you should see browser's 'Server not found' instead of Google's (disable existing ad-blockers or they might jump in and block the URL anyway)<p>---<p>For anyone on Android 4.0 or later, consider using Google's Intra [0] to use adguard DNS over HTTPS, if you prefer it over cloudflare's or google's.<p>Install Intra.<p>Open the app, click on Settings.<p>Choose customer URL and paste: <a href="https://dns.adguard.com/dns-query" rel="nofollow">https://dns.adguard.com/dns-query</a><p>Be sure to 'lock the app' to prevent it from being killed in the background.<p>[0] <a href="https://getintra.org" rel="nofollow">https://getintra.org</a>
I’ve been using Pi-Hole on my home network and it’s amazing. Routinely 18-20%% of DNS requests are blocked. When my wife goes out onto another network she says she is shocked at how ugly her web browsing becomes (ads on nytimes, huffpo, etc). I highly recommend it. Am using it with cloudfare’s encrypted DNS just as one more middle finger to my ISP.
There's lots of "privacy" improving DNS servers, but none of them mention trying to remove unintentional DNS queries.<p>It turns out lots of things will resolve anything that looks vaguely like a hostname to see if, in fact, they are a hostname. eg, "untitled.pdf". These queries get passed to your ISP, and then on towards the root name servers. So if you run a large nameserver, you quickly find that most of your DNS queries are very obviously rubbish.<p>With DNSSEC there are two new records (NSEC, NSEC3), that let you say "between these two names, I guarantee there is no valid records". Thus if your nameserver supports this, it can say "there are no valid names between .pccw and .pe, and thus anything that ends with .pdf is invalid". NSEC and NSEC3 records can both be cached and your resolver can synthesise NXDOMAIN records for them. (See RFC8198 for details).<p>So, instead of spraying queries for "untitled.pdf" across the internet, you can quickly, and efficiently return NXDOMAIN.<p>Another cause of these is search paths, when you look up "news.ycombinator.net", if that resolution fails, it will try adding the search path, eg: "news.ycombinator.net.example.org", again, leaking typos, and filenames to everyone in your search path.<p>If you actually value your privacy, this is the first step that you should take.
Pi hole (free) is good for this kind of thing if you are at home <a href="https://pi-hole.net/" rel="nofollow">https://pi-hole.net/</a><p>I found that pihole did too much so wrote my own. I dont think it has any users, except in my house but it seems to work<p><a href="https://github.com/time4tea-net/py-hole/blob/master/README.md" rel="nofollow">https://github.com/time4tea-net/py-hole/blob/master/README.m...</a>
You might want to checkout AdGuard Home if you want to run it on your own server or in your own network:
<a href="https://github.com/AdguardTeam/AdGuardHome" rel="nofollow">https://github.com/AdguardTeam/AdGuardHome</a><p>Notable differences between it and Pi-Hole:<p>1. Easy to set up and use. It's just a single binary, everything you need is inside.<p>2. Supports every DNS encryption protocol out-of-the-box: DNS-over-HTTPS, DNS-over-TLS, DNSCrypt.<p>3. Can run on any platform (even on Windows since today).
I never liked the idea of using DNS services for filtering web content.<p>For one, it seems like the wrong tool for the job. Filtered content can simply switch to identifying content by IP address instead of DNS, correct? Or change DNS constantly.<p>And for two, of course there are concerns with handing someone your DNS queries in return for filtering...
On one hand, it looks pretty cool and convenient. On the other, using a DNS server requires a lot of trust.<p>Giving some unknown company the ability to trivially man-in-the-middle your connection or sell your browsing history is pretty scary. The fact that their code is open source helps a bit, but there's no way to tell whether the code running on their servers is the same as on github.<p>I'll stick with my pihole/hostsman [0]<p>[0]: <a href="http://www.abelhadigital.com/hostsman/" rel="nofollow">http://www.abelhadigital.com/hostsman/</a>
This is really groundbreaking but it got less noise than I thought it would.
Adhell (an app that is capable of doing system wide ad blocking along with many other things thanks to Knox which is Samsung-only capability) was the main reason I stayed with Samsung for years. Now every phone with Android Pie will be to use dns based ad blocking in all networks without running an annoying app in the background.
I've been looking for something like this for quite some time. I was hoping Cloudflare will offer it but they haven't<p>My main questions are
How do we know if we can trust them with our data?
How fast are they compared to Cloudflare ?<p>I wish there was something like Signal but for DNS. Similar in the way that you don't have to trust them to know they are not doing nefarious things with your dns queries.<p>I know I can install Pihole in my home network, but I want something that works on every network
update: They say they do not log anything, and pass no information upstream to the authoritative DNS server.<p>------<p>I didn't see anything in the announcement about logging or other privacy related questions. The FAQ also didn't list this information.<p>The only thing they mention about privacy is how a dns request to them is protected, but not what they do with the data.<p>Did I miss something?<p>-------<p>Reading their privacy policy:<p>>We do not collect anything for tracking purposes and take all necessary technical, administrative and physical measures to protect the information we get.<p>>When AdGuard DNS user tries to visit a page, our server receives following information:
User’s IP-address;
DNS request which contains domain name.<p>>The DNS request will be forwarded to a root or authoritative DNS server, but for the upstream server it looks as if this request is originated from AdGuard DNS server, there is absolutely no way for them to identify the original user. We, in our turn, do not log or save any of this information.<p><a href="https://adguard.com/en/privacy/dns.html" rel="nofollow">https://adguard.com/en/privacy/dns.html</a>
How is it being monetized? I have become more and more suspicious of “free” privacy services. Unless there is an exchange of money for a service, it is highly likely that eventually the company will either fold, or decide to sell the previously private information.
Has/Is anyone here tried/using <a href="https://zenz-solutions.de/personaldnsfilter/" rel="nofollow">https://zenz-solutions.de/personaldnsfilter/</a> for filtering Ads/Tracking?
Misleading claim: any external DNS server is not private. Your requests are directed to a third-party. I suspect data-mining you is how they pay their server bills.<p>The correct technical solution for privacy is running your own DNS server locally.
So they would like you to please use their own DNS servers... no thanks, I'll just keep using my own, on-premise, private DNS infrastructure at home.<p>Private infrastructure for the win.
I believe Cisco umbrella(opendns) public resolver does similar filtering,although not sure if they have one for AD filtering.<p>Some mentioned trust,for me support for dns ovet https is much more important since I'd be using it over a VPN anyways. And for those thst dont,NAT and inability to correlate DNS lookups with actual (especially encrypted) traffic makes privacy a less significant concern for me.
If you want to track AdGuard DNS users with Google Analytics see: <a href="https://medium.freecodecamp.org/save-your-analytics-from-content-blockers-7ee08c6ec7ee" rel="nofollow">https://medium.freecodecamp.org/save-your-analytics-from-con...</a>
Love this service and wrote a blog post about it with some of my blacklist and whitelist entries:
<a href="https://calebyers.com/blog/dns-ad-blocking" rel="nofollow">https://calebyers.com/blog/dns-ad-blocking</a>
You can use hololo DNS changer on the Play store to point to a permanent DNS server. I did this and built my own version of pi hole... The stats are at opens3.net and so is the DNS service. Blocks 140000 domains
I tried this a while ago, and it broke one of my sites. No idea how or why. There are no ads on the site or problems with any ad-blockers. Put a bad taste in my mouth.<p>Edited to add: But I like the idea.
Another great solution is Pihole: <a href="https://pi-hole.net/" rel="nofollow">https://pi-hole.net/</a><p>It does not just protects your privacy, but improves your bandwidth too.<p>Troy Hunt wrote about it a couple of months ago: <a href="https://www.troyhunt.com/mmm-pi-hole/" rel="nofollow">https://www.troyhunt.com/mmm-pi-hole/</a>