Possible DNS leaks
本文适用于 Windows 版的 AdGuard,它是一种多功能广告拦截器,可在系统级别保护用户的设备。 To see how it works, download the AdGuard app
AdGuard for Windows allows users to specify a DNS server address to resolve queries instead of system DNS server, which is provided by your ISP if not overridden in the system settings. Using a non-default DNS server can safeguard your DNS traffic from the ISP’s interception. Moreover, by choosing an encrypted and/or filtering DNS server, you get another layer of protection against bad actors and annoying ads.
Many AdGuard for Windows users appreciate the DNS protection feature. But some of them encounter the following issue: a check on a website like https://ipleak.net/ shows that requests are handled by default DNS server instead of the selected one. In this article we will tell you why this happens and how to avoid it.
Bootstrap DNS address
The DNS server addresses could be written as IPs or as domain names. In the case of IP addresses there are no difficulties: AdGuard forwards the DNS request directly to the server specified in the DNS protection module. However, encrypted DNS server addresses, like DoT or DoH, are most often written as domain names. In this case, to first resolve the encrypted DNS server address, AdGuard sends a DNS query to the bootstrap address, which is by default a system DNS server. This connection is what check services perceive as a leak.
To eliminate this leak:
- go to the Advanced settings
- scroll down to the List of custom bootstrap addresses section
- enter the custom bootstrap address in IP address format (you may use the list of known DNS providers)
- click Save
Fallback DNS server
It could happen that AdGuard cannot reach the specified server because of a weak internet connection, an expiration of timeout set by default or some server related issues. In this case, it will connect to the fallback server, which is by default a system DNS server. This connection will also be considered by the check service as a leak.
To eliminate this leak:
- go to the Advanced settings
- scroll down to the Fallback servers section
- check the Use custom servers option
- then find the List of custom fallback servers section and enter custom fallback servers one per line
or
- go to the Advanced settings
- scroll down to the Fallback servers section
- check the Don’t use fallback servers option
or
- go to the Advanced settings
- scroll down to the DNS server timeout period section
- enter an arbitrary large number