timochan

timochan

HomeArchives

AdGuard Home adjustment

#AdGuard151
AI Translation
This post is translated from Chinese into English through AI.View Original
AI-generated summary
This passage discusses the selection of upstream DNS servers and the importance of supporting ECS (EDNS client subnet). It provides a list of recommended public DNS servers that support DoT, DoH, H3, and DoQ protocols. It also mentions the need for a bootstrap DNS server and the importance of enabling cache to improve DNS response speed. Additionally, it suggests using DNS rewrite to manage personal domains and mentions the need for rule adjustments to block unwanted domains.

Upstream DNS#

Upstream DNS Selection:

  • Foreign Public DNS
  • Support DoT / DoH / H3 / DoQ, otherwise traffic can be easily tampered with
  • Support ECS (EDNS client subnet)

Why is ECS support needed? If your Upstream DNS does not support it, then the IP address you receive will be the nearest IP address to the location of the Upstream DNS server. Of course, if the Upstream DNS is in China, it's fine, but if you choose a foreign DNS, you naturally need to consider this situation. Otherwise, it would be strange to access domestic websites but be directed to international websites. So what happens if ECS is supported? The DNS server will pass on the client's subnet information, so the DNS address you receive theoretically should be similar to the one requested by your local ISP DNS. In reality, at least domestic websites can resolve to domestic IP addresses, and the others don't matter much because the speed of accessing domestic websites from within China won't be much different.

Based on the above principles, the following Public DNS Servers can be selected:

DNSDoTDoHDoQH3Remarks
Google Public DNStls://dns.googlehttps://dns.google/dns-query/h3://dns.google/dns-queryGoogle has consistently performed well, and its support for ECS is quite nice; ECS takes the client IP address /24 to provide ECS support
OpenDNStls://dns.opendns.comhttps://doh.opendns.com/dns-query//OpenDNS's ECS support is relatively average, and some domain names may not have it, so it directly resolves to the nearest location; ECS support takes OpenDNS's own subnet mapping table based on IP location and returns the user's IP location's nearest CDN IP
Quad9 DNStls://dns11.quad9.nethttps://dns11.quad9.net/dns-query//Usage is not high, no evaluation
AdGuard DNStls://dns.adguard-dns.comhttps://dns.adguard-dns.com/dns-queryquic://dns.adguard-dns.comh3://dns.adguard-dns.com/dns-queryUsage is not high, no evaluation
Next DNStls://dns.nextdns.iohttps://dns.nextdns.io/dns-queryquic://dns.nextdns.ioh3://dns.nextdns.io/dns-queryPersonally, I feel that Next DNS's ECS support is better than OpenDNS's, but you need to register as a user to enable ECS support; ECS support takes NextDNS's own subnet mapping table based on IP location and returns the user's IP location's nearest CDN IP

Other Public DNS servers have not been observed to support the ECS feature, so they are not considered for now. What about CloudFlare? They promise privacy protection, so naturally they do not support the ECS feature.

To enable ECS (EDNS client subnet) support, it can be done in Adguard Home.

Bootstrap DNS#

Just write a DNS that can run, this DNS is only used to resolve the address of Upstream DNS.

Cache#

Since a foreign Public DNS is selected, caching is needed. The cache size is 64 MiB, and the maximum/minimum TTL values are set to one day (86400). The purpose of enabling cache is to speed up DNS response time. Otherwise, if the resolution results are pulled from Upstream DNS every time, the average response time data will not look good.

DNS Rewrite#

Use DNS to maintain your own domains, which is much more elegant than modifying the HOST file. Of course, add your own set of domains, as it is your own DNS server.

Rule Adjustment#

Because of Tencent NT QQ, a domain name tpstelemetry.tencent.com has been added, which, if named appropriately, is a telemetry service domain. I don't need it! I really dislike this thing, so I just block it.

In the DNS Query Log, a large number of queries related to tt.cn subdomains were found, and it was discovered that this domain is an advertising domain, so it was added to the Block List globally, as well as beizi.biz. The list for advertising and telemetry is as follows:

||tt.cn^
||beizi.biz^
||tpstelemetry.tencent.com^

As for the rest, the subscribed rule list already covers almost everything, so there is no need to tinker too much.

This article is synchronized and updated to xLog by Mix Space
The original link is https://www.timochan.cn/posts/any_pen/adguard_home_for_setting

Loading...
Ownership of this post data is guaranteed by blockchain and smart contracts to the creator alone.