Advice Request Adguard vs NextDNS. Need help understanding the testresults.

Please provide comments and solutions that are helpful to the author of this topic.
Brahman

Brahman

Level 18
Verified
Top Poster
Well-known
Aug 22, 2013
897
Freki123 said:
I copy the more elegant explanation from @JoyousBudweiser
3. You can also use New desktop adguard (Version7.5) and use nextdns as a doh/Dot resolver. (Go to Settings> Dns> Add a custom dns "https://dns.nextdns.io/xxxxxx" Replace "xxxxxx" with your configuration id which you can find in your nextdns account).

For chosing the AdguardDNS I just had to select the AdguardDNS server (inside the Adguard Desktop APP) instead of the freshly created NextDNS Server. Thats the way I did my testing.
To be honest I forgot to flush the DNS cache as kindly pointed out. But even after doing it I get the same results.
Click to expand...
Please set the dns in ipv4 setting ( in windows) to next dns and also set the dns in your router to nextdns, flush dns cache in windows and do a retest to see whether you get your desired results. If you get what you are looking for after using the above mentioned settings it would mean that the adguard in your system has some issues in using an external DOH server. you can then try uninstalling adguard completely and reinstall it to see whether the issue is solved or not.
 
  • Thanks
  • Like
Reactions: ForgottenSeer 85179 and Freki123
F

Freki123

Level 16
Thread author
Verified
Top Poster
Aug 10, 2013
753
@JoyousBudweiser I set the IP4 adresses in windows, (Router got no changeable settings), did a flushdns and a reboot.
1)NextDNS enabled (within Adguard) and the NextDNS IP4 inside windows> Working ok // NextDNS servers and cloudblock IP shown
Did a flushdns and a reboot
2)Only NextDNS enabled (within Adguard) > Not ok // NextDNS servers, cloudblock IP and ISP Server shown

So if I understand it right if after a new Adguard install the problems continous it's time to let them (Adguard) know something maybe wrong?
 
  • Like
Reactions: Brahman
Brahman

Brahman

Level 18
Verified
Top Poster
Well-known
Aug 22, 2013
897
Freki123 said:
@JoyousBudweiser I set the IP4 adresses in windows, (Router got no changeable settings), did a flushdns and a reboot.
1)NextDNS enabled (within Adguard) and the NextDNS IP4 inside windows> Working ok // NextDNS servers and cloudblock IP shown
Did a flushdns and a reboot
2)Only NextDNS enabled (within Adguard) > Not ok // NextDNS servers, cloudblock IP and ISP Server shown

So if I understand it right if after a new Adguard install the problems continous it's time to let them (Adguard) know something maybe wrong?
Click to expand...
Reinstall Adguard and see if that resolves it. If not get in touch with Adguard.
 
F

Freki123

Level 16
Thread author
Verified
Top Poster
Aug 10, 2013
753
JoyousBudweiser said:
Reinstall Adguard and see if that resolves it. If not get in touch with Adguard.
Click to expand...
Did a reinstall, same problem. So I will have to talk with the Adguard Team about it.
I would never have thought that Adguard could be the problem and not the DNS.

I wanted to say a big "Thank You" to all who helped me to find the problem and the good suggestions.
Thanks :)
 
  • Like
Reactions: Gandalf_The_Grey and Brahman
valvaris

valvaris

Level 6
Verified
Well-known
Jul 26, 2015
263
Ohhh... now I get it.... so the Router can not be edited!

DNS is set at the Windows PC Client.

Then the issues starts:
- Windows 10 by default tries to go over IPv6 (That has been disabled.) = OK
- Windows 10 by default has mDNS enabled for Local Network hence LAN - Port 5353 - LeakPotential
- Application Controlled DNS over HTTPS / TLS is a Proxy on Windows Client that can.. Depends on config not work coz of Certificates.
- Windows 10 UWP Apps can have a Static DNS Entries...- Use Software Firewall to Block it!
- If a Switch is used in the Network for Example a "Cisco SG250" they can break DNS and Leak....

Now to the LeakTests:
- Take it with a grain of salt! -> Not all LeakTest are equal and are very Browser dependent! - Some Browsers use alternative DNS Address Settings others can forward the traffic to other DNS Servers if things are in use like DoH or DoT.

Known DNS Ports:
DNS Port 53 TCP/UDP - DoH (DNS over HTTPS)
DNS over TLS Port 853 TCP/UDP - DoH (DNS over HTTPS)
mDNS Port 5353 UDP

Known Browsers with build in DNS Services:
Firefox - DoH - Options/Preferences > General > Network Settings.
Edge Chromium - DoH - at edge://settings/privacy on feature versions current canary build.
Chromium = I don't know...

Sincerely
Val.
 
Last edited:
  • Like
Reactions: Brahman and Freki123
Brahman

Brahman

Level 18
Verified
Top Poster
Well-known
Aug 22, 2013
897
valvaris said:
Ohhh... now I get it.... so the Router can not be edited!

DNS is set at the Windows PC Client.

Then the issues starts:
- Windows 10 by default tries to go over IPv6 (That has been disabled.) = OK
- Windows 10 by default has mDNS enabled for Local Network hence LAN - Port 5353 - LeakPotential
- Application Controlled DNS over HTTPS / TLS is a Proxy on Windows Client that can.. Depends on config not work coz of Certificates.
- Windows 10 UWP Apps can have a Static DNS Entries...- Use Software Firewall to Block it!
- If a Switch is used in the Network for Example a "Cisco SG250" they can break DNS and Leak....

Now to the LeakTests:
- Take it with a grain of salt! -> Not all LeakTest are equal and are very Browser dependent! - Some Browsers use alternative DNS Address Settings others can forward the traffic to other DNS Servers if things are in use like DoH or DoT.

Known DNS Ports:
DNS Port 53 TCP/UDP - DoH (DNS over HTTPS)
DNS over TLS Port 853 TCP/UDP - DoH (DNS over HTTPS)
mDNS Port 5353 UDP

Known Browsers with build in DNS Services:
Firefox - DoH - Options/Preferences > General > Network Settings.
Edge Chromium - DoH - at edge://settings/privacy on feature versions current canary build.
Chromium = I don't know...

Sincerely
Val.
Click to expand...
The only sureshot fix to all those dns leaks is to use doh or dot in router and crate a dst nat rule to forward all port 53 and 5353 traffic to router dns. For that you might need edge/ mikrotic/ pfsense ( or it's iterations)/ddwrt/open wrt routers where you can configure firewall rules and a proper dns leak test would be to sniff port53 traffic on wan port ( if you have enabled doh or dot, than wan port should not show port 53 traffic.) (Mikrotic routers have a tool called "torch" by which you can see the traffic going through its ports.)
 
Last edited:
  • Like
Reactions: Ville and valvaris
porkpiehat

porkpiehat

Level 7
Verified
Well-known
May 30, 2015
301
It appears that I'm having a similar problem... when using Web-based DNS Randomness Test | DNS-OARC test.. both the system (network) DNS , and the browser based (DoH) DNS show up.. if you have your system (network) DNS set for Quad9, and browser set for Cloudflare, both will show up, but if you do a DNS leaktest, only the browser DNS will show... somehow, the DNS Randomness Test is managing to test both the system, and the browser based DNS.
 

Similar threads

Morro
    • Like
    • Wow
Serious Discussion Does anyone else get this at times with NextDNS?
Replies
18
Views
912
VPN and DNS
brambedkar59
brambedkar59
Moonhorse
    • Like
    • Wow
  • Solved
Solved DNS wont change at all
Replies
8
Views
1,057
Software Troubleshooting
Moonhorse
Moonhorse
SpyNetGirl
    • Like
    • +Reputation
    • Thanks
Serious Discussion Cloudflare is now powering Microsoft Edge Secure Network
Replies
16
Views
2,056
VPN and DNS
SeriousHoax
SeriousHoax

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top