Q&A AdGuard Blog: DNS: Content Blocking at Scale

Gandalf_The_Grey

Level 59
Thread author
Verified
Helper
Top poster
Content Creator
Well-known
Apr 24, 2016
4,863
This article was written based on a talk given by Adguard's CTO and co-founder Andrey Meshkov at Ad Blocker Dev Summit 2021.
So you can either watch the video or read this text to learn about content blocking at scale.

Absolutely everything is connected to the Internet these days, from TV to smart light bulbs, from mobile devices to smart auto. Given that ads and ad trackers are everywhere the Internet is, a browser-based ad blocker seems to be not enough. It provides just a tiny window into the "better Internet" without aggressive and intrusive banners vying for your attention. But what if you want to widen this "window" and have it all?

Then buckle up and get ready for a fascinating journey through the past, present, and future of DNS filtering. Why? Because DNS is the answer!

Pros​

  • Does not require installing additional software.
  • Does not depend on the browser or OS vendor.
  • No performance cost.
  • Running a public DNS server allows you to observe the whole Internet. This is very useful if you maintain a blocklist. You can get rid of unused rules and promptly learn about new threats. DNS has no blind spots since it observes all devices and not just the browsers.
  • Centralized solution is better at dealing with some issues.

Cons​

  • Cannot deal with first-party ads. For instance, you can’t block YouTube video ads because they are hosted on the same domain as legitimate videos.
  • No cosmetic filtering. With DNS blocking alone you may not have most of the ads, but you have rather ugly web pages with broken frames and ad placeholders.
  • Higher chance of breakage. For instance, some apps or websites may be broken due to blocked Google Analytics, and you can do nothing with that.
  • Easier to circumvent. An app may simply choose to use a different DNS server.
Full article:
YouTube video:
 

The_King

Level 12
Verified
Top poster
Well-known
Aug 2, 2020
560
The major con is that its easily bypassed with DOH which is avaible in almost all browsers today.
If you dont want your kids to go on Facebook or social media and use DNS blocking.
It would be a waste of time in this case if they enable DOH.
 

Nightwalker

Level 23
Verified
Helper
Top poster
Content Creator
Well-known
May 26, 2014
1,271
The major con is that its easily bypassed with DOH which is avaible in almost all browsers today.
If you dont want your kids to go on Facebook or social media and use DNS blocking.
It would be a waste of time in this case if they enable DOH.

That is not the focus of AdGuard DNS (I know you are talking about the DNS technology in general), it is mainly used to deal with ads and ad trackers, so DOH isnt an issue it is a benefit in that scenario usage.
 

The_King

Level 12
Verified
Top poster
Well-known
Aug 2, 2020
560
That is not the focus of AdGuard DNS (I know you are talking about the DNS technology in general), it is mainly used to deal with ads and ad trackers, so DOH isnt a issue it is a benefit.
Yes, It depends on what you want to use it for. I use a system wide DNS filter to block some M$ services like bing etc.
 
  • Like
Reactions: Nevi and oldschool