Überblick
Mit AdGuard DNS können Sie Ihre privaten DNS-Server einrichten, um DNS-Anfragen aufzulösen und Werbung, Tracker und bösartige Domains zu sperren, bevor diese Ihr Gerät erreichen
Quick link: Try AdGuard DNS
Allgemein
Private AdGuard DNS offers all the advantages of a public AdGuard DNS server, including traffic encryption and domain blocklists. It also offers additional features such as flexible customization, DNS statistics, and Parental control. All these options are easily accessible and managed via a user-friendly dashboard.
Why you need private AdGuard DNS
Today, you can connect anything to the Internet: TVs, refrigerators, smart bulbs, or speakers. But along with the undeniable conveniences you get trackers and ads. A simple browser-based ad blocker will not protect you in this case, but AdGuard DNS, which you can set up to filter traffic, block content and trackers, has a system-wide effect.
At one time, the AdGuard product line included only public AdGuard DNS and AdGuard Home. These solutions work fine for some users, but for others, the public AdGuard DNS lacks the flexibility of configuration, while the AdGuard Home lacks simplicity. That's where private AdGuard DNS comes into play. Es bietet das Beste aus beiden Welten: Es bietet Anpassbarkeit, Kontrolle und Informationen - alles über eine einfache, leicht zu bedienende Übersichtsanzeige.
The difference between public and private AdGuard DNS
Here is a simple comparison of features available in public and private AdGuard DNS.
Public AdGuard DNS | Privater AdGuard DNS |
---|---|
DNS traffic encryption | DNS traffic encryption |
Pre-determined domain blocklists | Customizable domain blocklists |
- | Custom DNS filtering rules with import/export feature |
- | Request statistics (see where do your DNS requests go: which countries, which companies, etc.) |
- | Detailed query log |
- | Parental control |
How to set up private AdGuard DNS
For devices that support DoH, DoT, and DoQ
- Go to your AdGuard DNS dashboard (if not logged in, log in using your AdGuard account)
- Click Connect device and follow on-screen instructions
- Android
- iOS
- Windows
- Mac
- Linux
- Routers
- Gaming consoles
- Smart TVs
Every device that you add in the AdGuard DNS panel has its own unique address that can be used if the device supports modern encrypted DNS protocols (DoH, DoT, and DoQ).
For devices that do not support DoH, DoT, and DoQ
If the device does not support encrypted DNS and you have to use plain DNS, there are two more ways to allow AdGuard DNS to recognize the device — use dedicated IP addresses or link device's IP address.
Use plain DNS addresses only if you have no other options: this reduces the security of DNS requests. If you decide to use plain DNS, we recommend that you choose dedicated IP addresses.
Dedicated IP addresses
For every device that you connect to AdGuard DNS, you'll be offered two dedicated IPv6 addresses that you can enter in your device settings. Using both IPv6 addresses is not mandatory, but often devices might request you to enter two IPv6 addresses.
When you connect to them, AdGuard DNS will be able to determine which particular device is sending DNS requests and display statistics for it. And you'll be able to configure DNS rules specifically for this device.
Unfortunately, not all service providers offer IPv6 support, and not all devices allow you to configure IPv6 addresses. If this is your case, you may have to rely on the Linked IP method.
Linked IP
If you connect your device to AdGuard DNS via Linked IP, the service will count all plain DNS requests coming from that IP address towards that "device". With this connection method, you would have to reconnect manually or through a special program each time the device's IP changes, which happens after each reboot.
The only requirement for linking IP is that it must be a residential IP address.
A residential IP address is an IP address assigned to a device connected to a residential ISP. It is typically associated with a physical location and is allocated to individual homes or apartments. Residential IP addresses are used by regular Internet users for their everyday online activities, such as browsing the web, accessing social media platforms, sending emails, or streaming content.
Wenn Sie versuchen, eine private IP-Adresse zu verknüpfen und AdGuard DNS Ihnen dies nicht erlaubt, wenden Sie sich bitte an unser Support-Team unter support@adguard-dns.io.
Private AdGuard DNS features
Statistics
In the Statistics tab you can see all the summarized statistics on DNS queries made by devices connected to your Private AdGuard DNS. It shows the total number and geography of requests, the number of blocked requests, the list of companies the requests were addressed to, requests types and top requested domains.
Traffic destination
This feature shows you where DNS requests sent by your devices go. On top of seeing the map of request destinations, you can filter the information by date, device and country.
Companies
This tab allows you to quickly check which companies send the most requests, and which companies have the most blocked requests.
Query log
This is a detailed log where you can check out the information on every single request and also sort requests by status, type, company, device, time, country.
Server settings
This section features a range of settings allowing you to customize the operation of private AdGuard DNS, ensuring the Internet functions exactly as you desire.
Blocklists management
The Blocklists feature allows you to specify which domains you want to block and which you don't. Choose from a variety of blocklists for different purposes.
Security settings
Even if you're aware of all the tricks online scammers use, there's always a risk you'll accidentally click a malicious link. To protect yourself from such accidents, go to the Security settings section and check the boxes next to the options listed there.
The Block malicious, phishing, and scam domains feature will block domains found in the dedicated database. And the Block newly registered domains will block all domains registered less than 30 days ago, which are often considered risky for your online privacy.
Parental control
To protect your child from online content you deem inappropriate, set up and activate the Parental control option. In addition to options such as "adult content" blocking and safe search, we've added the ability to manually specify domains for blocking and set a schedule for the Parental control to work accordingly.
User rules
For cases where pre-installed blocklists with thousands of rules are not enough, we have a handy feature called User rules. Here you can manually add custom rules to block/unblock a specific domain or import custom rule lists (see DNS filtering rules syntax). You can export the lists.
DNS-over-HTTPS with authentication
DNS-over-HTTPS with authentication provides a login and password to connect to the server. This can limit access to unauthorized users and increase security.
To enable this feature, go to Server settings → Devices → Settings and change the DNS server to the one with authentication. Select Deny other protocols to disable alternative protocol usage, ensuring exclusive DNS-over-HTTPS authentication and blocking third-party access.
Advanced
Here you can set the way AdGuard DNS must respond to blocked domains:
- Default — zero IP address
- NXDOMAIN — the domain does not exist
- REFUSED — the server has refused to process the request
- Custom IP — you can manually specify an IP address
Additionally, you can adjust the Time to live (TTL) setting. This parameter defines the time period (in seconds) that a client device caches the response to a DNS request. A higher TTL means that even if a previously blocked domain is unblocked, it may still appear as blocked for a while. A TTL of 0 indicates that the device does not cache responses.
In the Advanced section, there are three options that can be customized:
- Block access to iCloud Private Relay. Devices that use iCloud Private Relay may ignore DNS settings. Enabling this option ensures that AdGuard DNS can effectively protect your device.
- Block Firefox canary domain. This setting prevents Firefox from automatically switching to its DoH resolver when AdGuard DNS is set as the system-wide DNS service.
- Log IP addresses. If this option is enabled, IP addresses associated with incoming DNS requests will be recorded and displayed in the Query log.
Access settings
Here you can manage an access to your DNS server by configuring the following settings:
- Allowed clients. Specify which clients are permitted to use your DNS server. Please note that allowed clients are not counted in added access rules, only disallowed clients and domains
- Disallowed clients. List clients that are denied to use your DNS server
- Disallowed domains. Specify domain names that will be denied access to your DNS server. Wildcards and DNS filtering rules can also be listed here
If you only want to use DNS on certain AS numbers or IP addresses, you should block everything else in the Disallowed clients field. Simply allowing only the necessary numbers and addresses in the Allowed clients field won’t be enough.
By setting up these options, you can control who uses your DNS server and prevent potential DDoS attacks. Requests that are not allowed will not appear in your Query log, and they are free of charge.