AdGuard for iOS / DNS Servers

TechieFan

New Member
1) I have been a lifetime registered AdGuard Pro user on all my devices for many years. I have also setup my wife and kid's devices with AdGuard as well. I have been searching on this forum, and on GitHub, to try and understand how I need to setup my Windows computers, iOS phone (recently moved from Android), and iOS tablet if I want end-to-end encrypted DNS resolution..blocking my ISP from tracking/selling our computer/phone activity. Many threads are old, from 2018 or even 2017, and much has changed since then with both AdGuard's product(s) and Apple policies.

2) Does the AdGuard client currently use DnsCrypt end-to-end secured connections to encrypted AdGuard DNS servers on any device? It appears that with wi-fi enabled between my iOS phone and my home router my dnsresolver rotates between dnsresolver (Google, Cloudflare, OpenDNS) with no other changes except installing AdGuard. Does my ISP see all searches/sites?

3) When I make other changes, say setting my phone's (or PC’s) DNS setting to manual, with Adguard Server IP's, and/or also setting AdGuard Server IP's as my default DNS servers in my home router, I can't ever get myreslover.net (or others) to show Adguard as my resolver only the three listed which rotate each search.

4) If I then turn on NordVPN, and turn AdGuard off, my ISP is masked, and my DNS resolver is the NordVPN leased server I am connected to. For testing, I stick with the same leased server connection. The DNS resolver never changes with only NordVPN running.

5) If I turn AdGuard back on, with NordVPN still running, and AdGuard is told to connect to AdGuard encrypted servers, here again the resolver rotates between (Google, Cloudflare, OpenDNS).

6) If I add 1.1.1.1. or Uncloak (which you reference on GitHub) apps, both setup their own VPN configurations (and both turn off AdGuard as a VPN). iOS (unlike Android) does allow for both VPNs and Personal VPN’s to run concurrently as I’m sure you’re aware.

7) With 1.1.1.1 running the resolver stays Cloudflare, whether NordVPN is running or not.

8) With Uncloak running, and me picking AdGuard (or Cloudflare) as the server, the dnsresolver still rotates between (Google, Cloudflare, OpenDNS).

9) If the NordVPN with CyberSec adblocker was as good as AdGuard (it is not), it appears to me you may not need anything else if you always run their VPN client.

Problem is, if you use Office/OneDrive/AutoSave on a Windows machine, they don’t work with CyberSec enabled. Thus, I always run AdGuard on Windows, whether I have NordVPN on or not (and when Nord is on CyberSec is off). I have yet to get AdGuard to accept NordVPN as a proxy (which worked fine on Android), so I generally just run both clients concurrently on Windows.

10) Before AdGuard 3.0 comes out, I have currently removed both 1.1.1.1 and DNSCloak on my iOS phone, removed AdGuard servers as a manual override on the wi-fi DNS (as well as in my router settings) and run AdGuard concurrently with NordVPN all times. Know I want NordVPN, not sure if I need AdGuard or not (on the phone), and where (if any) I get DNS resolution hidden from my ISP.


Is this correct? Open to feedback.
 

TechieFan

New Member
For #5, I just happened to turn OFF the Privacy Toggle in AdGuard on iOS, with NordVPN turned on, and then I see that the resolver does NOT change. It stays the server NordVPN connects you to. Does that mean that NordVPN with CyberSec turned on is masking my true IP, blocking ad's where it can across all apps, showing my ISP/Carrier that my data traffic is all to NordVPN, and AdGuard is blocking the ad's in Safari that NordVPN misses? If so, it may all be working and I do not need Privacy in AdGuard or need to worry about DNSCrypt.
 

TechieFan

New Member
NordVPN on, AdGuard on, AdGuard Privacy Toggle On, but AdGuard DNS Settings left at System Default, Privacy Settings updated to include 'popular' subscription rules. Resolver stays the proxy server, ads are blocked that CyberSec does not catch, in apps not just Safari. Now my question is, since I use NordVPN (which I chose because Adguard shows it as being compatible (for TCP traffic anyway in Android), is my connection to a true VPN allowing my ISP/Carrier to see the details of our DNS resolutions or not?

Anyone?
 

Bruno

Member
I cannot be sure at 100% but I will say yes. Your ISP could see your requests like anybody.

If you use a VPN but activate Adguard DNS, then you hide your IP, but you are also outside of the VPN tunnel regarding your DNS requests.
Just do a DNS Leak test if you will see you have a DNS Leak. IP would be NordVPN and DNS would be Adguard. Then NordVPN cannot guarantee your anonymity.
Leak means there are packets which could be intercept by anyone.
 

TechieFan

New Member
Thank you for replying Bruno. I was starting to think nobody reads these forum posts anymore, including the AdGuard developers.

AdGuard has many settings. If I turn Privacy on, but use the default DNS server (NordVPN) my browser is suddenly very slow. Turn AdGuard off, it's immediately fast again. If I change it so AdGuard is on, and connecting to AdGuards encrypted servers, then it's fast but very well may not be encrypted between my phone and AdGuard. Hard to say.

But if I remove AdGuard and just use NordVPN then not only is my connection fast, MyResolver (and various DNS leak test sites) show the ISP and DNS dont change.

And that is on iOS. Windows is a whole other matter, and I eventually tired of changing Router DNS servers, Windows network DNS adapter settings, TAP adapter settings, and such. Remove AdGuard and NordVPN has no DNS leak, it's own native ad blocking works, and OneDrive also works fine.

Shame, I liked AdGuard, and always wished they had not just adblocking but also VPN....if they did I'd likely not have ever bought NordVPN. But even if dnscrypt is indeed in place as AdGuard talks to AdGuard's own DNS servers, I'm no longer seeing what benefit that provides if NordVPN also provides encrypted connections to their own DNS servers.
 

Bruno

Member
If I turn Privacy on, but use the default DNS server (NordVPN) my browser is suddenly very slow.
Privacy cannot be turned on or off in Adguard. You can or cannot subscribe to a list only. I guess you mean AdGuard DNS, correct? However, you are saying you use NordVPN DNS.
What I understood from Adguard running with NordVPN, you will go through AdGuard DNS and not NordVPN.
Anyway, it is easy to test. Go there
Code:
https://www.perfect-privacy.com/en/tests/dns-leaktest
with NordVPN activated only. Memorise the result. Then, activate AdGuard DNS and do the test again. If the result is different, it means you are going through Adguard DNS Servers. But it also means you have obviously a DNS leak.

reBut if I remove AdGuard and just use NordVPN then not only is my connection fast, MyResolver (and various DNS leak test sites) show the ISP and DNS dont change.
Regarding the speed it is hard to tell. Because I am not using NordVPN that I find pretty slow (I using PerfectPrivacy) I can't tell you why it's fast or slow. However, I did a test with only AdGuard DNS (my VPN was not activated) and the spreed was the same than with my ISP. Below 2 screen shots with Wi-Fi results on my iPhone. As you can see Adguard does not slow down the speed.


And that is on iOS. Windows is a whole other matter, and I eventually tired of changing Router DNS servers, Windows network DNS adapter settings, TAP adapter settings, and such. Remove AdGuard and NordVPN has no DNS leak, it's own native ad blocking works, and OneDrive also works fine.
I am a Mac user so I have no clue how Windows works. On my side I am using IKEv2 configuration file with macOS and iOS to setup my VPN (Always VPN mode).

Shame, I liked AdGuard, and always wished they had not just adblocking but also VPN....
I understand however NordVPN and their Cybersec feature gives you that choice: VPN and adblocking.

But even if dnscrypt is indeed in place as AdGuard talks to AdGuard's own DNS servers, I'm no longer seeing what benefit that provides if NordVPN also provides encrypted connections to their own DNS servers.
If I am not mistaken, your request is crypted on their DNS (DNSCrypted option) but not the request itself (from your phone to their DNS) vs NordVPN where the information is crypted inside the VPN tunnel. Then, you remark is correct. It is why I am using only my VPN which also provides an Adblock features and more
Code:
https://www.perfect-privacy.com/en/features/trackstop
However Adguard is still activated as a second layer of security thanks to Stevan Black Host file to which I subscribe within Adguard Privacy settings


I hope I could be of any help.
Cheers
Bruno
 

TechieFan

New Member
Thank you for your response Bruno. I think you mostly got what I was asking for help with, though it's a bit tough to compare Windows and MacOS. Your comment about using Adguard even with your own VPN service, and specifically how/why, piqued my interest and cause me to re-install and re-test. I found that if I turn the Privacy Status toggle back on, but do NOT alter DNS Settings from System Default it does not slow down my browser UNLESS I also got to Privacy Settings >, and add AdGuard SDN filter. That is what I had always done, but had always thought it was the fact I was not changing the DNS setting to a crypted server that was making it slow. It was not. When I remove AdGuard SDN Filter, and instead only use the suggested hpHosts - Ad and Tracking servers subscription my speed does not go down.

Just as you are doing with Perfect-Privacy as your VPN and Adguard Privacy with a hosts list as a backup that is working for me on iOS. My speed is unaffected, and there is no 'dns leak'.

I'll have to play with Windows version, but your suggestion for how to use Adguard with a VPN on iOS does work if you pick the right settings.
 
Top