New Update AdGuard DNS v2.11: Filtering preloaded pages in Chrome

silversurfer

Super Moderator
Thread author
Verified
Top Poster
Staff Member
Malware Hunter
Aug 17, 2014
11,264
Browsers are constantly striving to improve their performance. It’s understandable: the faster pages load, the fewer unhappy users they have to deal with. However, the methods they use sometimes interfere with filtering.

Chrome offers a page preloading feature that can be found in browser settings → Performance. If it’s enabled, Chrome will preload pages it thinks you might visit next.

For example, when you’re reading an article, the browser analyzes all links on the page and predicts which ones you might want to click. To make sure the next page opens immediately, Chrome preloads its content. To prevent the target website from seeing your IP address, Chrome uses a so-called private prefetch proxy. The content is loaded through this proxy server, so the website sees the proxy’s IP address instead of yours. And here’s the problem: if the website is loaded through the proxy, AdGuard DNS doesn’t see the request. As a result, it can’t filter it.

However, Chrome provides a workaround — a signal that lets the browser know that the user or system administrator wants DNS requests to be transparent. Here’s how it works: when you start Chrome or switch networks, the browser sends a DNS request to dns-tunnel-check.googlezip.net. If no IP address is returned (e.g., the response is NXDOMAIN), Chrome activates the preflight mode. In this mode, when the user is about to visit a preloaded page, Chrome makes an additional DNS request — this time to the server configured in the system. In our case, it’s AdGuard DNS. If the website is on the blocklist, the browser will prevent access, and the preloaded content will not be used.

How is this achieved? We’ve added a feature called Force preflight mode for prefetching in Chrome. You can find it in Server settings. Technically, this feature uses a dnsrewrite rule:
|dns-tunnel-check.googlezip.net^$dnsrewrite=NXDOMAIN

This rule returns an NXDOMAIN response for dns-tunnel-check.googlezip.net, signaling Chrome that all requests, even for the preloaded pages, should go through AdGuard DNS.

Please note: this setting does not disable page preloading or prevent the browser from analyzing your behavior on websites. If you want to turn off preloading, you can do so manually: Settings → Performance → Preload pages.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top