Adguard Pro IOS / DNS issue and conflicting privacy policies

Discussion in 'Technical Support (AdGuard for iOS)' started by ceadarOk, Jan 31, 2018.

  1. ceadarOk

    ceadarOk New Member

    Joined:
    Jan 31, 2018
    Messages:
    10
    I have a few questions about Adguard pro specifically the DNS function.

    (the screenshots to the problem can be found here https://imgur.com/a/hqDpp and they are in the order that I am mentioning them)

    1. After installing Adguard pro (which is supposed to block ads trackers and phishing with its dns feature) I opened the DNS settings page and found it didn't contain a setting for the "Adguard DNS" but rather the first entry is OpenDNS (this is already confusing to me and maybe you could explain why that is ?

    2. And this is the big problem. I manually added the Adguard DNS as per your websites instruction (screenshot 2), then activated it, checked on your website which said "yes I'm running your DNS", ads also were being blocked, but when i looked at the DNS actually being used it showed it to be OpenDNS as well (screenshot 4)
    --> Now this is where it gets a bit iffy, because your privacy policy concerning the Adguard DNS states "We, in our turn, do not log or save any information. Since no information is being saved, nothing is sent to third parties." But a quick look at OpenDNS's privacy policy shows they to safe all of the information.

    --> so which one to trust ? Which one is applicable here and why is the adguard dns showing as OpenDNS?

    3. I thought maybe its all just a mix up and tried running adguard with the OpenDNS profile
    --> strangely enough your Adguard DNS website ALSO said I am running YOUR "adguard DNS", how can this be? Ad's werent blocked or at least didn't show up in the "DNS request log" either --> Again now it also showed that in fact OpenDNS was being used when testing it albeit another location. --> why does your website say it is in fact "Adguard DNS" that is running when it is labeled "Open DNS" and per fact also is open DNS as can be seen in the screenshots?

    For all these problems there is probably a good reason, but for me as a user who bought the pro version because they liked the usability and transparency of the original app I'm just really confused by this and the seeming conflicting Privacy policies. Maybe somebody could help and explain it to me.

    It would also be nice to have a help page that explains the strong suits of all the different DNS servers listed as it might make it easier to settle for one (I really like the Adguard help pages and found them very helpful) Also there was no tutorial concerning the DNS function.
     
  2. zebrum

    zebrum Administrator Staff Member Administrator

    Joined:
    Nov 21, 2016
    Messages:
    524
    Hello @ceadarOk !

    1. I honestly don't know why! :) but after recent the changes in Apple policy ( https://blog.adguard.com/en/adguard-ios-1-3-0/ ) AdGuard DNS servers were not listed in settings. In new AdGuard v2.0 our servers will appear in regular DNS server's list.

    2. The answer to this question you can read here: https://github.com/AdguardTeam/AdguardDNS/issues/110#issuecomment-272860066

    3.This is strange! What happens if you change DNS servers, then flush DNS by turning on and off flight mode and check DNS test page?
     
  3. ceadarOk

    ceadarOk New Member

    Joined:
    Jan 31, 2018
    Messages:
    10
    Hello @zebrum !

    1. Oh yeah that makes sense. As a first time user it was just really confusing because one expected Adguard DNS to be there ;) Good to hear it will be back in 2.0 :)!

    2. Ahh I feel here lies to answer to my biggest gripe I had. It is just very technical maybe you can see if I got it right. All my information such as IP and DNS request is only seen by the Adguard DNS server, This Adguard DNS server then employs a range of other DNS servers for example Open DNS to get the job done. These "employed" DNS servers, dont have any other data about my request like Ip address / or at least cant identify the information relayed by Adguard DNS as information coming from me/ or deletes the information just like Adguard DNS after the request has been fulfilled ? At least so that in the end no third party has the data ?
    ---> I even read teh article linked there but it was quite hard to understand, It would be very kind if you could clarify :)

    3. You're a genius! Flushing the DNS by turning airplane mode on and off worked. I can confirm that only the Adguard DNS server now gets recognized as an Adguard DNS server by the DNS test page (https://adguard.com/en/adguard-dns/overview.html)
     
  4. zebrum

    zebrum Administrator Staff Member Administrator

    Joined:
    Nov 21, 2016
    Messages:
    524
  5. ceadarOk

    ceadarOk New Member

    Joined:
    Jan 31, 2018
    Messages:
    10
    Yes, I have. The things I mentioned at point 2 is my understanding gleamed from the whole thread plus links to other pages referenced in that article :oops:
    As I said it was a bit too technical for me which is why I probably didnt fully understand.

    This:
    Is the closest I came to unraveling the mystery.

    Do I have kind of the right idea ?
     
  6. avatar

    avatar Administrator Staff Member Administrator

    Joined:
    Oct 26, 2010
    Messages:
    13,144
    Yes, absolutely.

    There're some more tech details, though. Usually, AdGuard DNS already has the information you need in the cache, so it does not need to ask upstream DNS servers about it and sends the response right away.
     
  7. ceadarOk

    ceadarOk New Member

    Joined:
    Jan 31, 2018
    Messages:
    10
    Thank you @avatar!

    That's great news!

    So the way I understood it is that these upstream DNS servers cant link the information forwarded by Adguard DNS to a user.
    But does that mean they don't receive the IP of the user or store the DNS request made to the Adguard DNS server? Or does it mean they receive that information too but also delete it in correspondence to the Adguard privacy policy :)?

    Also I just want to quickly say that I'm completely blown away by the support and sense of community here. I'm really glad and feel very lucky I found Adguard and have since replaced any other adblockers on my pc and smartphones because of it. Your dedication towards your users and privacy is admirable :)!
     
  8. avatar

    avatar Administrator Staff Member Administrator

    Joined:
    Oct 26, 2010
    Messages:
    13,144
    For the upstream DNS server it looks as if AdGuard DNS server is the user.

    Sure, they don't receive anything.

    Uh, and here I am, delaying response for a day :(

    Thank you!
     
  9. ceadarOk

    ceadarOk New Member

    Joined:
    Jan 31, 2018
    Messages:
    10
    But wouldn't that mean that the DNS request originally send to Adguard DNS is now actually send to a third party still?

    (I have no doubt in that they wouldn't receive anything vital and that it cant be tracked to the user. I understand little of recursive DNS servers)

    It's just from the way the privacy policy is phrased I had the impression they would receive nothing at all (so also no forwarded DNS query) because wouldn't that mean a third party is involved ?.
    Your response is phenomenal. I don't know a single company that is replying to questions at 11pm :D
     
  10. avatar

    avatar Administrator Staff Member Administrator

    Joined:
    Oct 26, 2010
    Messages:
    13,144
    This is an interesting question.

    Technically, almost all DNS requests are forwarded up to the root or authoritative DNS servers, that's just how DNS is designed.
    So, just being a DNS server already implies there will be requests to the upstream servers.

    We may need to change the wording of the privacy policy a bit to make it clear.