Adguard Pro IOS / DNS issue and conflicting privacy policies

[ceadarOk]

I have a few questions about Adguard pro specifically the DNS function.

(the screenshots to the problem can be found here https://imgur.com/a/hqDpp and they are in the order that I am mentioning them)

1. After installing Adguard pro (which is supposed to block ads trackers and phishing with its dns feature) I opened the DNS settings page and found it didn't contain a setting for the "Adguard DNS" but rather the first entry is OpenDNS (this is already confusing to me and maybe you could explain why that is ?
   
   
2. And this is the big problem. I manually added the Adguard DNS as per your websites instruction (screenshot 2), then activated it, checked on your website which said "yes I'm running your DNS", ads also were being blocked, but when i looked at the DNS actually being used it showed it to be OpenDNS as well (screenshot 4)
   

--> Now this is where it gets a bit iffy, because your privacy policy concerning the Adguard DNS states "We, in our turn, do not log or save any information. Since no information is being saved, nothing is sent to third parties." But a quick look at OpenDNS's privacy policy shows they to safe all of the information.

--> so which one to trust ? Which one is applicable here and why is the adguard dns showing as OpenDNS?

3. I thought maybe its all just a mix up and tried running adguard with the OpenDNS profile
--> strangely enough your Adguard DNS website ALSO said I am running YOUR "adguard DNS", how can this be? Ad's werent blocked or at least didn't show up in the "DNS request log" either --> Again now it also showed that in fact OpenDNS was being used when testing it albeit another location. --> why does your website say it is in fact "Adguard DNS" that is running when it is labeled "Open DNS" and per fact also is open DNS as can be seen in the screenshots?

For all these problems there is probably a good reason, but for me as a user who bought the pro version because they liked the usability and transparency of the original app I'm just really confused by this and the seeming conflicting Privacy policies. Maybe somebody could help and explain it to me.

It would also be nice to have a help page that explains the strong suits of all the different DNS servers listed as it might make it easier to settle for one (I really like the Adguard help pages and found them very helpful) Also there was no tutorial concerning the DNS function.

 

[zebrum]

Hello @ceadarOk !

1. I honestly don't know why! but after recent the changes in Apple policy ( https://blog.adguard.com/en/adguard-ios-1-3-0/ ) AdGuard DNS servers were not listed in settings. In new AdGuard v2.0 our servers will appear in regular DNS server's list.

2. The answer to this question you can read here: https://github.com/AdguardTeam/AdguardDNS/issues/110#issuecomment-272860066

3.This is strange! What happens if you change DNS servers, then flush DNS by turning on and off flight mode and check DNS test page?

 

[ceadarOk]

Hello @zebrum !

1. Oh yeah that makes sense. As a first time user it was just really confusing because one expected Adguard DNS to be there Good to hear it will be back in 2.0 !

2. Ahh I feel here lies to answer to my biggest gripe I had. It is just very technical maybe you can see if I got it right. All my information such as IP and DNS request is only seen by the Adguard DNS server, This Adguard DNS server then employs a range of other DNS servers for example Open DNS to get the job done. These "employed" DNS servers, dont have any other data about my request like Ip address / or at least cant identify the information relayed by Adguard DNS as information coming from me/ or deletes the information just like Adguard DNS after the request has been fulfilled ? At least so that in the end no third party has the data ?
---> I even read teh article linked there but it was quite hard to understand, It would be very kind if you could clarify

3. You're a genius! Flushing the DNS by turning airplane mode on and off worked. I can confirm that only the Adguard DNS server now gets recognized as an Adguard DNS server by the DNS test page (https://adguard.com/en/adguard-dns/overview.html)

 

[zebrum]

2. Maybe this answer may clarify something: https://github.com/AdguardTeam/AdguardDNS/issues/110#issuecomment-275330500 ? Have you read the whole thread?

 

[ceadarOk]

Yes, I have. The things I mentioned at point 2 is my understanding gleamed from the whole thread plus links to other pages referenced in that article
As I said it was a bit too technical for me which is why I probably didnt fully understand.

This:

It is just very technical maybe you can see if I got it right. All my information such as IP and DNS request is only seen by the Adguard DNS server, This Adguard DNS server then employs a range of other DNS servers for example Open DNS to get the job done. These "employed" DNS servers, dont have any other data about my request like Ip address / or at least cant identify the information relayed by Adguard DNS as information coming from me/ or deletes the information just like Adguard DNS after the request has been fulfilled ? At least so that in the end no third party has the data ?
---> I even read the article linked there but it was quite hard to understand, It would be very kind if you could clarify

Is the closest I came to unraveling the mystery.

Do I have kind of the right idea ?

 

[avatar]

Do I have kind of the right idea ?

Yes, absolutely.

There're some more tech details, though. Usually, AdGuard DNS already has the information you need in the cache, so it does not need to ask upstream DNS servers about it and sends the response right away.

 

[ceadarOk]

Thank you @avatar!

AdGuard DNS already has the information you need in the cache

That's great news!

so it does not need to ask upstream DNS servers about it and sends the response right away.

So the way I understood it is that these upstream DNS servers cant link the information forwarded by Adguard DNS to a user.
But does that mean they don't receive the IP of the user or store the DNS request made to the Adguard DNS server? Or does it mean they receive that information too but also delete it in correspondence to the Adguard privacy policy ?

Also I just want to quickly say that I'm completely blown away by the support and sense of community here. I'm really glad and feel very lucky I found Adguard and have since replaced any other adblockers on my pc and smartphones because of it. Your dedication towards your users and privacy is admirable !

 

[avatar]

So the way I understood it is that these upstream DNS servers cant link the information forwarded by Adguard DNS to a user.

For the upstream DNS server it looks as if AdGuard DNS server is the user.

But does that mean they don't receive the IP of the user or store the DNS request made to the Adguard DNS server? Or does it mean they receive that information too but also delete it in correspondence to the Adguard privacy policy ?

Sure, they don't receive anything.

Also I just want to quickly say that I'm completely blown away by the support and sense of community here. I'm really glad and feel very lucky I found Adguard and have since replaced any other adblockers on my pc and smartphones because of it. Your dedication towards your users and privacy is admirable !

Uh, and here I am, delaying response for a day

Thank you!

 

[ceadarOk]

For the upstream DNS server it looks as if AdGuard DNS server is the user.

But wouldn't that mean that the DNS request originally send to Adguard DNS is now actually send to a third party still?

(I have no doubt in that they wouldn't receive anything vital and that it cant be tracked to the user. I understand little of recursive DNS servers)

It's just from the way the privacy policy is phrased I had the impression they would receive nothing at all (so also no forwarded DNS query) because wouldn't that mean a third party is involved ?.

AdGuard DNS, it sees the following information: Your IP-address.... DNS request which contains domain name..... Since no information is being saved, nothing is sent to third parties.

Uh, and here I am, delaying response for a day

Your response is phenomenal. I don't know a single company that is replying to questions at 11pm

 

[avatar]

But wouldn't that mean that the DNS request originally send to Adguard DNS is now actually send to a third party still?

It's just from the way the privacy policy is phrased I had the impression they would receive nothing at all (so also no forwarded DNS query) because wouldn't that mean a third party is involved ?.

This is an interesting question.

Technically, almost all DNS requests are forwarded up to the root or authoritative DNS servers, that's just how DNS is designed.
So, just being a DNS server already implies there will be requests to the upstream servers.

We may need to change the wording of the privacy policy a bit to make it clear.