Zum Hauptinhalt springen

Überblick

info

Mit AdGuard DNS können Sie Ihre privaten DNS-Server einrichten, um DNS-Anfragen aufzulösen und Werbung, Tracker und bösartige Domains zu sperren, bevor diese Ihr Gerät erreichen

Quick link: Try AdGuard DNS

Private AdGuard DNS dashboard main

Allgemein

Private AdGuard DNS offers all the advantages of a public AdGuard DNS server, including traffic encryption and domain blocklists. It also offers additional features such as flexible customization, DNS statistics, and Parental control. All these options are easily accessible and managed via a user-friendly dashboard.

Why you need private AdGuard DNS

Today, you can connect anything to the Internet: TVs, refrigerators, smart bulbs, or speakers. But along with the undeniable conveniences you get trackers and ads. A simple browser-based ad blocker will not protect you in this case, but AdGuard DNS, which you can set up to filter traffic, block content and trackers, has a system-wide effect.

At one time, the AdGuard product line included only public AdGuard DNS and AdGuard Home. These solutions work fine for some users, but for others, the public AdGuard DNS lacks the flexibility of configuration, while the AdGuard Home lacks simplicity. That's where private AdGuard DNS comes into play. It has the best of both worlds: it offers customizability, control and information - all through a simple easy-to-use dashboard.

The difference between public and private AdGuard DNS

Here is a simple comparison of features available in public and private AdGuard DNS.

Public AdGuard DNSPrivater AdGuard DNS
DNS traffic encryptionDNS traffic encryption
Pre-determined domain blocklistsCustomizable domain blocklists
-Custom DNS filtering rules with import/export feature
-Request statistics (see where do your DNS requests go: which countries, which companies, etc.)
-Detailed query log
-Parental control

How to set up private AdGuard DNS

For devices that support DoH, DoT, and DoQ

  1. Go to your AdGuard DNS dashboard (if not logged in, log in using your AdGuard account)
  2. Click Connect device and follow on-screen instructions
Supported platforms:
  • Android
  • iOS
  • Windows
  • Mac
  • Linux
  • Routers
  • Gaming consoles
  • Smart TVs

Every device that you add in the AdGuard DNS panel has its own unique address that can be used if the device supports modern encrypted DNS protocols (DoH, DoT, and DoQ).

For devices that do not support DoH, DoT, and DoQ

If the device does not support encrypted DNS and you have to use plain DNS, there are two more ways to allow AdGuard DNS to recognize the device — use dedicated IP addresses or link device's IP address.

note

Use plain DNS addresses only if you have no other options: this reduces the security of DNS requests. If you decide to use plain DNS, we recommend that you choose dedicated IP addresses.

Dedicated IP addresses

For every device that you connect to AdGuard DNS, you'll be offered two dedicated IPv6 addresses that you can enter in your device settings. Using both IPv6 addresses is not mandatory, but often devices might request you to enter two IPv6 addresses.

When you connect to them, AdGuard DNS will be able to determine which particular device is sending DNS requests and display statistics for it. And you'll be able to configure DNS rules specifically for this device.

Unfortunately, not all service providers offer IPv6 support, and not all devices allow you to configure IPv6 addresses. If this is your case, you may have to rely on the Linked IP method.

Linked IP

If you connect your device to AdGuard DNS via Linked IP, the service will count all plain DNS requests coming from that IP address towards that "device". With this connection method, you would have to reconnect manually or through a special program each time the device's IP changes, which happens after each reboot.

The only requirement for linking IP is that it must be a residential IP address.

note

A residential IP address is an IP address assigned to a device connected to a residential ISP. It is typically associated with a physical location and is allocated to individual homes or apartments. Residential IP addresses are used by regular Internet users for their everyday online activities, such as browsing the web, accessing social media platforms, sending emails, or streaming content.

If you're trying to link a residential IP address and AdGuard DNS does not allow you to do that, please contact our support team at support@adguard.com.

Private AdGuard DNS features

Statistics

In the Statistics tab you can see all the summarized statistics on DNS queries made by devices connected to your Private AdGuard DNS. It shows the total number and geography of requests, the number of blocked requests, the list of companies the requests were addressed to, requests types and top requested domains.

Private AdGuard DNS dashboard statistics

Traffic destination

This feature shows you where DNS requests sent by your devices go. On top of seeing the map of request destinations, you can filter the information by date, device and country.

Private AdGuard DNS dashboard traffic

Companies

This tab allows you to quickly check which companies send the most requests, and which companies have the most blocked requests.

Private AdGuard DNS dashboard companies

Query log

This is a detailed log where you can check out the information on every single request and also sort requests by status, type, company, device, time, country.

Private AdGuard DNS dashboard query log

Server settings

This section features a range of settings allowing you to customize the operation of private AdGuard DNS, ensuring the Internet functions exactly as you desire.

Blocklists management

The Blocklists feature allows you to specify which domains you want to block and which you don't. Choose from a variety of blocklists for different purposes.

Private AdGuard DNS dashboard blocklists

Security settings

Even if you're aware of all the tricks online scammers use, there's always a risk you'll accidentally click a malicious link. To protect yourself from such accidents, go to the Security settings section and check the boxes next to the options listed there.

The Block malicious, phishing, and scam domains feature will block domains found in the dedicated database. And the Block newly registered domains will block all domains registered less than 30 days ago, which are often considered risky for your online privacy.

Parental control

To protect your child from online content you deem inappropriate, set up and activate the Parental control option. In addition to options such as "adult content" blocking and safe search, we've added the ability to manually specify domains for blocking and set a schedule for the Parental control to work accordingly.

Parental control

User rules

For cases where pre-installed blocklists with thousands of rules are not enough, we have a handy feature called User rules. Here you can manually add custom rules to block/unblock a specific domain or import custom rule lists (see DNS filtering rules syntax). You can export the lists.

Private AdGuard DNS dashboard user rules

DNS-over-HTTPS with authentication

DNS-over-HTTPS with authentication provides a login and password to connect to the server. This can limit access to unauthorized users and increase security.

To enable this feature, go to Server settingsDevicesSettings and change the DNS server to the one with authentication. Select Deny other protocols to disable alternative protocol usage, ensuring exclusive DNS-over-HTTPS authentication and blocking third-party access.

DNS-over-HTTPS with authentication

Advanced

Here you can set the way AdGuard DNS must respond to blocked domains:

  • Default — zero IP address
  • NXDOMAIN — the domain does not exist
  • REFUSED — the server has refused to process the request
  • Custom IP — you can manually specify an IP address

Additionally, you can adjust the Time to live (TTL) setting. This parameter defines the time period (in seconds) that a client device caches the response to a DNS request. A higher TTL means that even if a previously blocked domain is unblocked, it may still appear as blocked for a while. A TTL of 0 indicates that the device does not cache responses.

In the Advanced section, there are three options that can be customized:

  • Block access to iCloud Private Relay. Devices that use iCloud Private Relay may ignore DNS settings. Enabling this option ensures that AdGuard DNS can effectively protect your device.
  • Block Firefox canary domain. This setting prevents Firefox from automatically switching to its DoH resolver when AdGuard DNS is set as the system-wide DNS service.
  • Log IP addresses. If this option is enabled, IP addresses associated with incoming DNS requests will be recorded and displayed in the Query log.

Access settings

Here you can manage an access to your DNS server by configuring the following settings:

  • Allowed clients. Specify which clients are permitted to use your DNS server
  • Disallowed clients. List clients that are denied to use your DNS server
  • Disallowed domains. Specify domain names that will be denied access to your DNS server. Wildcards and DNS filtering rules can also be listed here

By setting up these options, you can control who uses your DNS server and prevent potential DDoS attacks. Requests that are not allowed will not appear in your Query log, and they are free of charge.