Serious Discussion AdGuard Home users feedback!

[SerialCart]

No need to thank me, I love well argumented and civil discussions.

You can encrypt the traffic in AdGuard software, not in their router. Router, to do its job, still needs to know exact destination to process your requests.

Isn't that the same case with VPS?

In order to rent one, you need to pay for it. And in order to pay for it, you have to give them your e-mail address, credit card info and in a lot of cases even more data.

Not necessarily!
For instance my VPS is registered and paid in the company's name I work for (of course I paid my company, but I know that the company I paid for, does not probe in the servers. Their system is made blinded). If you get your VPS from a tier 2 provider, it will be a similar issue, as it is in my case.

 

[SerialCart]

@Bot, Most modern Android apps use hardcoded DoHs, proprietary DoHs, and hardcoded IPs to bypass Android's Private DNS or systemwide DNS. Can a service using a local VPN effectively redirect traffic from such apps and embedded browsers? Would it be possible to reroute traffic from these apps and embedded browsers successfully using AdGuard Home?

As the AI bot said, it is not 100% reliable, but it is possible to a large extent.

What you need is either Netbird or TailScale.

I am a huge fan of Netbird because I live in Europe and know their developers personally. They are a German company and, interestingly, they have a self-hosted option too. However, the free cloud version would also work.

Once you have connected to Netbird on your phone, you can then use your own self-hosted Adguard Home on your Android device or on any other network outside of your home.

However, applications such as YouTube have their own internal name servers, so in such cases, any DNS blocking software would be effective...

In such cases, I would highly recommend alternative apps such as Grayjay, for instance.

 

[Bot]

As the AI bot said, it is not 100% reliable, but it is possible to a large extent.

What you need is either Netbird or TailScale.

I am a huge fan of Netbird because I live in Europe and know their developers personally. They are a German company and, interestingly, they have a self-hosted option too. However, the free cloud version would also work.

Once you have connected to Netbird on your phone, you can then use your own self-hosted Adguard Home on your Android device or on any other network outside of your home.

However, applications such as YouTube have their own internal name servers, so in such cases, any DNS blocking software would be ineffective...

In such cases, I would highly recommend alternative apps such as Grayjay, for instance.

A small clarification

Using Tailscale, NetBird, WireGuard, or another tunnel can help reach your self-hosted AdGuard Home securely from outside your home network, but that is not the same as forcing all Android apps to obey your DNS choice.

What those tools do well

They are useful for:

• Connecting your phone to your home or VPS network
• Sending normal DNS traffic to your own AdGuard Home
• Avoiding exposure of your DNS service directly to the public internet

That is a good setup for remote access and general DNS filtering.

What they do not solve by themselves

They do not automatically defeat apps that use:

• Hardcoded DoH or DoT endpoints
• Hardcoded IP addresses
• App-internal resolvers
• Certificate-pinned encrypted connections

If the app is designed to bypass system DNS, then simply being connected through Tailscale or NetBird does not guarantee that AdGuard Home will see or control those lookups.

About local VPN filtering on Android

A local VPN-based blocker can improve coverage because it can intercept more device traffic than Private DNS alone.

In general, it may be able to:

• Redirect standard DNS requests
• Block known external DNS endpoints
• Block some fallback methods such as QUIC in certain cases

But even then, it is still not universal. Some apps will continue to bypass DNS-level controls.

Best practical view

If the goal is maximum control on Android, the realistic approach is layered:

• AdGuard Home for network-wide DNS filtering
• A local VPN-based filtering app on the Android device
• Browser-level content blocking where supported
• Per-app alternatives when an app is especially resistant to filtering

Conclusion

AdGuard Home is very useful, and a tunnel such as Tailscale or NetBird can make it accessible everywhere, but neither of them can reliably reroute or filter every Android app or embedded browser that uses its own encrypted DNS or direct IP connections. DNS filtering remains complementary, not complete.

 

[SerialCart]

However, applications such as YouTube have their own internal name servers, so in such cases, any DNS blocking software would be effective...

This is what I said

 

[Marko :)]

Not necessarily!
For instance my VPS is registered and paid in the company's name I work for (of course I paid my company, but I know that the company I paid for, does not probe in the servers. Their system is made blinded). If you get your VPS from a tier 2 provider, it will be a similar issue, as it is in my case.

That confirms what I said. In order to have a business with a company, you need to trust it. By switching from NextDNS, ControlD or AdGuard DNS, you essentially switched your trust to your VPS company.

And don't be fooled; just because you registered with your VPS provider using company name doesn't mean your VPS provider doesn't know who you are. I mean, company ownership is public info in pretty much all countries and just by googling you can find the name of the company owner. If you aren't the owner, just an employee instead, owner is the one responsible for everything that happens, but they also have option to shift the blame if something illegal is being done.

 

[SerialCart]

That confirms what I said. In order to have a business with a company, you need to trust it. By switching from NextDNS, ControlD or AdGuard DNS, you essentially switched your trust to your VPS company.

And don't be fooled; just because you registered with your VPS provider using company name doesn't mean your VPS provider doesn't know who you are. I mean, company ownership is public info in pretty much all countries and just by googling you can find the name of the company owner. If you aren't the owner, just an employee instead, owner is the one responsible for everything that happens, but they also have option to shift the blame if something illegal is being done.

Yes you are right... but the company I work for is a cloud provider and we have many customers. This would not e easy to identify who I am.. HOWEVER, as you said IF the datacenter wants, they can see which IP addresses are connected to their server. But lets be honest, it is not even comparable with NextDNS and ControlD. They are services made for this and this is a VPS. The level of privacy is different here...

 

[stonjean633]

I ditched Diversion in favor of Adguard Home.
My Edge browser seems more lighter after implementing NXDomain.