FREE DNS SERVICE

xiaofan

High Supremacy Member
Joined
Sep 16, 2018
Messages
34,937
Reaction score
11,635

hairymonster

Senior Member
Joined
Jun 16, 2013
Messages
1,308
Reaction score
61
private DNS on android works fine for me. I dont get ads on wifi or on mobile network.

I am using AGH with quad dns DOT as the upstream for private DNS. Works fine.
 

xiaofan

High Supremacy Member
Joined
Sep 16, 2018
Messages
34,937
Reaction score
11,635
I do not use dns.adguard.com (Adguard DNS) or Adguard Home myself but I can try it.

Ads block testing site:
https://d3ward.github.io/toolz/adblock.html
I get 100% using either Pi-hole or pfBlockerNG. You can try it as well to see if Adguard DNS can get 100%

Just test the following and I can only get 72%.

even pointing the private dns to say "dns.adguard.com", you still get ads in chrome?

fLg7sev.jpg


Yv9skxf.jpg
 

xiaofan

High Supremacy Member
Joined
Sep 16, 2018
Messages
34,937
Reaction score
11,635
private DNS on android works fine for me. I dont get ads on wifi or on mobile network.

I am using AGH with quad dns DOT as the upstream for private DNS. Works fine.

Glad to hear that. AGH is indeed better than Adguard DNS. I am sure AGH with proper configuration can get 100% on the following test site. It is just I prefer to use Pi-hole (with my Asus router) or pfBlockerNG (under pfSense). I know there are many people who like to use Adguard Home even though I do not use it myself.
https://d3ward.github.io/toolz/adblock.html
 

xiaofan

High Supremacy Member
Joined
Sep 16, 2018
Messages
34,937
Reaction score
11,635
thank you for trying. Now we can share that private DNS on android can be used to block ads on chrome. A straighforward solution.

I think this is indeed a straightfoward solution if the user's requirement is not high -- 72% is not bad.

I personally would prefer above 90% or even 100%.
 
Last edited:

hairymonster

Senior Member
Joined
Jun 16, 2013
Messages
1,308
Reaction score
61
The above is if I disable "Secure DNS" in the Android Chrome browser (certain app may not have the option to disable).

If I enable "Secure DNS" in the Android Chrome browser (which is the default), then it is totally not working.

I think the problem could be how you configure your pfsense. I toggle secure DNS to "ON" and turn on private DNS. No ads coming through.

You may want to tinker with pfsense.
 

xiaofan

High Supremacy Member
Joined
Sep 16, 2018
Messages
34,937
Reaction score
11,635
I think the problem could be how you configure your pfsense. I toggle secure DNS to "ON" and turn on private DNS. No ads coming through.

You may want to tinker with pfsense.

The one I wrote was indeed not so correct. So I have edited my previous post.
The above is if I disable "Secure DNS" in the Android Chrome browser (certain app may not have the option to disable). If I enable "Secure DNS" in the Android Chrome browser (which is the default), then it is totally not working.

I changed my post to the following.
I think this is indeed a straightfoward solution if the user's requirement is not high -- 72% is not bad.
I personally would prefer above 90% or even 100%.


But I am not so sure what you mean by "no ads coming through". Have you tried to disable your Adguard Home, and juse use the private DNS and see if you can get 100% on the testing site? No doubt Adguard Home can get 100% with proper configuration. I am just saying that private adgurad DNS can not achieve 100% and may see some ads passing through.

As mentioned, my pfSense works fine with pfBlockerNG and the firewall rules. I do not need to use private DNS on my Android phones and I get 100% on the Ads blocking test site for all my devices connected to the router (Wndows, Linux, macOS, iOS and Android).

I have some difficulties with OpenWRT and Asus but I can still use less elegant methods (router plus client side settings) to block ads.

But yes I still use uBlock Origin on my PC browser as DNS based solution can not block Youtube ads.

Edit to add:
All in all, I agree with you for most of the users it is probably easier to use client side settings like private DNS for Android mobile phones (using Adguard DNS (or NextDNS) and browser add-ons like uBlock Origin to block ads.

Then for more advanced users, Pi-hole or Adguard Home or pfBlockerNG or Diversion (for Asus Merlin FW) can be considered.
 
Last edited:

xiaofan

High Supremacy Member
Joined
Sep 16, 2018
Messages
34,937
Reaction score
11,635
Note: the following is just for more advanced users who want more control on the ads, malicions and adult contents blocking.

For my Asus RT-AX82U router, I am using Pi-hole (with Unbound on a Debian 11 LXC container running on the PVE 7.1 host on a Intel J4105 mini PC). But it is not good enough for the Realme X50 5G phone to block ads as the phone has hard-coded Google DNS for some apps ike the mobile Android Chrome browser.

Even after setting the private DNS (DoT) and Chrome Secure DNS (DoH) to be OFF on the device side, Pi-hole may still not work properly.

So in the end I have kept the above setting as Auto (Default) but then use the router settings to get the things done.

For my RT-AX82U running the gnuton Asus Merlin FW fork, I have also the following settings. Maybe some of them are not necessary.

1) LAN DNS server set to Pi-hole DNS (192.168.50.6 in my case), make sure Pi-hole has the static address.

2) LAN DNS server setting: say NO to "Advertise router's IP in addition to user-specified DNS".

3) WAN DNS server set to a customized DNS server, in my case a cloud instance of Pi-hole (this may not be necessary and you can use other DNS), say NO to "Connect to DNS Server automatically" which will point to ISP DNS server.

4) WAN DNS page: say YES to "Prevent client auto DoH" --> not necessary since we just need to block Google DNS

5) The following static route rule is really draconian but it seems to help as well to block Google DNS.

9xzbHMw.png
 
Last edited:

xiaofan

High Supremacy Member
Joined
Sep 16, 2018
Messages
34,937
Reaction score
11,635
More about Android Private DNS (DoT as of now) and DoH.

1) Android mobile phone Private DNS -- DoT as of now, global, for both WiFi and Mobile data connection
2) Chrome browser DoH setting -- DoH, for both WiFi and Mobile data connection
3) Wifi custom DNS settings when you select static IP option -- only for WiFi, maybe overwritten by the Private DNS or Chrome DoH settings

DoH vs DoT
https://www.xda-developers.com/android-13-native-private-dns-shelved/
For the unaware, DoT and DoH are private DNS standards that encrypt communications between your device and the Domain Name Server (DNS). Although both standards perform the same function, DoT uses TLS (also known as SSL) to encrypt DNS traffic, while DoH uses HTTP or HTTP/2 protocols to send queries and responses instead of directly over UDP (User Data Protocol).

Both standards also use different ports, with DoT using a dedicated port for DNS traffic and DoH using port 443 — the same port that all other HTTP traffic uses. This means that all your DNS traffic blends with other HTTPS traffic when using DoH, which makes monitoring and blocking DoH queries a lot more complex. These differences give DoH a slight advantage from a privacy standpoint.
 

xiaofan

High Supremacy Member
Joined
Sep 16, 2018
Messages
34,937
Reaction score
11,635
Reference for those who want to set Adguard DNS DoT (Android phone private DNS) and DoH (Android mobile Chrome browser) or other browsers. to block ads and trackers.

https://adguard-dns.io/en/public-dns.html
1) DoT --> dns.adguard.com (For Android phone, enable Private DNS and point to Adguard DNS)

2) DoH --> https://dns.adguard.com/dns-query (For Chome browser, enable Secure DNS and point to Adguard DNS)
Ref: https://forums.hardwarezone.com.sg/threads/apnic-blog-a-first-look-at-dns-over-quic.6728356/

3) Also the new DNS over QUIC --> quic://dns.adguard.com

The first and second one give me the same 72% results on the Ad blocking test site for my Realme Android phone, which is respectable.

Ad blocking test site:
https://d3ward.github.io/toolz/adblock.html
Yv9skxf.jpg
 
Last edited:

xiaofan

High Supremacy Member
Joined
Sep 16, 2018
Messages
34,937
Reaction score
11,635
Reference for those who want to set Adguard DNS DoT (Android phone private DNS) and DoH (Android mobile Chrome browser) or other browsers. to block ads and trackers.

https://adguard-dns.io/en/public-dns.html
1) DoT --> dns.adguard.com (For Android phone, enable Private DNS and point to Adguard DNS)

2) DoH --> https://dns.adguard.com/dns-query (For Chome browser, enable Secure DNS and point to Adguard DNS)
Ref: https://forums.hardwarezone.com.sg/threads/apnic-blog-a-first-look-at-dns-over-quic.6728356/

3) Also the new DNS over QUIC --> quic://dns.adguard.com

The first and second one give me the same 72% results on the Ad blocking test site for my Realme Android phone, which is respectable.

Ad blocking test site:
https://d3ward.github.io/toolz/adblock.html

Using DoH on my Windows 11 laptop Chrome browser will get 72% as well, which is not bad.

So this is indeed a straightforward solution for people to block ads and do not mind a bit slower DNS resolution from Adguard DNS.
XEPgs6T.png


DNS leak test result is good.
zHFFssU.png


Ad blocking test is also not bad at 72%.
DFIzXR7.png
 

firesong

Supremacy Member
Deluxe Member
Joined
Jan 17, 2001
Messages
8,815
Reaction score
4,834
Just one thing about Adguard - their DNS Probe times are quite slow for us in Singapore, which is why I switched to ControlD Ad protection. 240ms resolution, compared to Cloudflare (20ms) and ControlD (40ms). DNS Probe times = Ping + roundtrip DNS resolution time, meaning the total time it takes for your request to get to the server, be resolved, and come back. So Ping alone is insufficient to test resolution time. You could have a fast connection to a very slow server and your total DNS will still be slower, or in this case you could have a very slow ping to a fast server, but it's connecting to the server that slows down your internet. 1/4 of a second for each DNS request is very noticeable when stacked up - 4 requests will take almost 1 second, so you can imagine how it affects how you feel your internet speed is.

It all adds up - say you load HWZ forums, and users start linking files and links and images from multiple sources - all those require DNS lookups. So the first time you load those pages the site will take pretty long to resolve all those queries before loading.

Yes there is caching, but caching isn't foolproof and long caches can be a problem if you deal with services behind dynamic IPs.

chrome_ie5kkYQJZm.png
 

xiaofan

High Supremacy Member
Joined
Sep 16, 2018
Messages
34,937
Reaction score
11,635
I use dig tool to compare diffierent DNS server. You need to run a few times to get the average to compare.
Ref: https://help.dyn.com/how-to-use-binds-dig-tool/

Example run of dig from my Asus RT-AX82U router to resolve www.zaobao.com.

Local Pi-hole DNS with Unbound -- 1ms (first run may be slow as it needs to query the root DNS servers)
Google 8.8.8.8 DNS -- 18ms
Cloudflare 1.1.1.1 DNS -- 53ms
Adguard DNS 94.140.14.14 -- 241ms

Code:
1) Local Pi-hole DNS (with Unbound)
/tmp/home/root# dig @192.168.50.6 www.zaobao.com

; <<>> DiG 9.17.20 <<>> @192.168.50.6 www.zaobao.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 55726
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;www.zaobao.com.                        IN      A

;; ANSWER SECTION:
www.zaobao.com.         87      IN      CNAME   fp275d.adn.62b21.gammacdn.net.
fp275d.adn.62b21.gammacdn.net. 3387 IN  CNAME   fp275d.adn.gammacdn.net.
fp275d.adn.gammacdn.net. 3387   IN      A       152.195.221.42

;; Query time: 1 msec
;; SERVER: 192.168.50.6#53(192.168.50.6) (UDP)
;; WHEN: Sun Apr 10 11:42:51 MYT 2022
;; MSG SIZE  rcvd: 139

2) Adguard DNS 94.140.14.14
/tmp/home/root# dig @94.140.14.14 www.zaobao.com

; <<>> DiG 9.17.20 <<>> @94.140.14.14 www.zaobao.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 20177
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;www.zaobao.com.                        IN      A

;; ANSWER SECTION:
www.zaobao.com.         30      IN      CNAME   fp275d.adn.62b21.gammacdn.net.
fp275d.adn.62b21.gammacdn.net. 1621 IN  CNAME   fp275d.adn.gammacdn.net.
fp275d.adn.gammacdn.net. 1621   IN      A       152.199.1.124

;; Query time: 241 msec
;; SERVER: 94.140.14.14#53(94.140.14.14) (UDP)
;; WHEN: Sun Apr 10 11:41:29 MYT 2022
;; MSG SIZE  rcvd: 205

3) Cloudflare DNS 1.1.1.1

/tmp/home/root# dig @1.1.1.1 www.zaobao.com

; <<>> DiG 9.17.20 <<>> @1.1.1.1 www.zaobao.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 24142
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;www.zaobao.com.                        IN      A

;; ANSWER SECTION:
www.zaobao.com.         41      IN      CNAME   fp275d.adn.62b21.gammacdn.net.
fp275d.adn.62b21.gammacdn.net. 3341 IN  CNAME   fp275d.adn.gammacdn.net.
fp275d.adn.gammacdn.net. 3341   IN      A       152.195.221.42

;; Query time: 53 msec
;; SERVER: 1.1.1.1#53(1.1.1.1) (UDP)
;; WHEN: Sun Apr 10 11:43:37 MYT 2022
;; MSG SIZE  rcvd: 127

4) Google DNS 8.8.8.8

/tmp/home/root# dig @8.8.8.8 www.zaobao.com

; <<>> DiG 9.17.20 <<>> @8.8.8.8 www.zaobao.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 14830
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;www.zaobao.com.                        IN      A

;; ANSWER SECTION:
www.zaobao.com.         10      IN      CNAME   fp275d.adn.62b21.gammacdn.net.
fp275d.adn.62b21.gammacdn.net. 259 IN   CNAME   fp275d.adn.gammacdn.net.
fp275d.adn.gammacdn.net. 1152   IN      A       152.195.221.42

;; Query time: 18 msec
;; SERVER: 8.8.8.8#53(8.8.8.8) (UDP)
;; WHEN: Sun Apr 10 11:45:02 MYT 2022
;; MSG SIZE  rcvd: 127
 
Last edited:

xiaofan

High Supremacy Member
Joined
Sep 16, 2018
Messages
34,937
Reaction score
11,635
An alternative and faster DNS than Adguard DNS is NextDNS. I can get 80% in the Ad blocking test site.
Ref: https://my.nextdns.io/12fb2d/setup
Note: this is just a trial account for 7 days and you need to set up an account.
DoH --> 12fb2d.dns.nextdns.io
DoT --> https://dns.nextdns.io/12fb2d

Code:
/tmp/home/root# dig @45.90.28.194  www.zaobao.com

; <<>> DiG 9.17.20 <<>> @45.90.28.194 www.zaobao.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 7828
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;www.zaobao.com.                        IN      A

;; ANSWER SECTION:
www.zaobao.com.         295     IN      CNAME   fp275d.adn.62b21.gammacdn.net.
fp275d.adn.62b21.gammacdn.net. 3595 IN  CNAME   fp275d.adn.gammacdn.net.
fp275d.adn.gammacdn.net. 3595   IN      A       152.195.221.42

;; Query time: 52 msec
;; SERVER: 45.90.28.194#53(45.90.28.194) (UDP)
;; WHEN: Sun Apr 10 12:37:23 MYT 2022
;; MSG SIZE  rcvd: 127
 

xiaofan

High Supremacy Member
Joined
Sep 16, 2018
Messages
34,937
Reaction score
11,635
Just one thing about Adguard - their DNS Probe times are quite slow for us in Singapore, which is why I switched to ControlD Ad protection.

I have also seen people mentioning ControlD in the VPN thread. So it seems to be getting more and more popular.

So I just read about it and it turns out that ControlD comes from the same people who made Windscribe VPN. They have both paid and free services. The free ControlD services seem to be pretty good and kind of customizable to some extent (you can select the categories).

Ref:
https://controld.com/free-dns
With the p2 tier (block ads, malware and tracking), I can already get 99% from the Ad blocking test site with the private DNS setting for my Realme Android phone (DoT: p2.freedns.controld.com) when on Wifi and 100% when on mobile data.

And I get 100% if using WIndows 11 Chrome browser (DoH: https://freedns.controld.com/p2) when on WiFi.

The DNS resolution speed is indeed pretty decent as well at around 20-30ms.

Code:
/tmp/home/root# dig @76.76.2.2 www.zaobao.com

; <<>> DiG 9.17.20 <<>> @76.76.2.2 www.zaobao.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 63907
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
; COOKIE: d287335a290145440100000062526b05211b69fd8287162b (good)
;; QUESTION SECTION:
;www.zaobao.com.                        IN      A

;; ANSWER SECTION:
www.zaobao.com.         300     IN      CNAME   fp275d.adn.62b21.gammacdn.net.
fp275d.adn.62b21.gammacdn.net. 2826 IN  CNAME   fp275d.adn.gammacdn.net.
fp275d.adn.gammacdn.net. 2826   IN      A       152.199.1.124

;; Query time: 28 msec
;; SERVER: 76.76.2.2#53(76.76.2.2) (UDP)
;; WHEN: Sun Apr 10 13:28:37 MYT 2022
;; MSG SIZE  rcvd: 155
 

xiaofan

High Supremacy Member
Joined
Sep 16, 2018
Messages
34,937
Reaction score
11,635
Just a summary, there are so many free public DNS.
https://kb.adguard.com/en/general/dns-providers
1) If you just need go for speed, go for Google DNS or CloudFlare DNS or Cisco OpenDNS

2) If you need some level of blocking, go for Cloudflare Family protection (1.1.1.2 or 1.1.1.3), OpenDNS Home or Quad 9 or things like that.

3) If you need more blocking and yet free services, go for Adguard DNS, ControlD free DNS and NextDNS free tier.

4) If you need more control and yet free services and do not mind setting them up, go for Pi-hole, Adguard Home and pfBlockerNG (for pfSense) or Diversion (if you use Asus Merlin FW).

5) If you want more control and more features and do not want to spend time to go for No 4, you may choose to pay for ControlD paid plan, NextDNS paid plan or maybe Adguard Personal/Family plan (not the free Adguard DNS) or maybe similar paid services.
 
Important Forum Advisory Note
This forum is moderated by volunteer moderators who will react only to members' feedback on posts. Moderators are not employees or representatives of HWZ Forums. Forum members and moderators are responsible for their own posts. Please refer to our Community Guidelines and Standards and Terms and Conditions for more information.
Top