How to Improve Network Experience with a Self-Hosted DNS Service

Tags:
Categories:

Network Quality vs. Network Experience

Do nothing, and you’ll already enjoy the best network experience.

First, note that “network quality” and “network experience” are two different concepts. Communication is a process involving many devices. The upload/download performance of a single device can be termed network quality, while the end-to-end behavior of the entire communication path is what we call network experience.

Measuring Network Quality

Evaluating network quality usually involves several metrics and methods. Common ones include:

  1. Bandwidth – the capacity to transfer data, conventionally expressed in bits-per-second. Higher bandwidth generally indicates better quality.
  2. Latency – the time a packet takes to travel from sender to receiver. Lower latency means faster response.
  3. Packet-loss rate – the proportion of packets lost en route. A lower rate suggests higher quality.
  4. Jitter – variability in packet arrival times. Smaller jitter means a more stable network.
  5. Throughput – the actual data volume successfully transported in a given period.
  6. Network topology – the physical or logical arrangement of network nodes; good design improves quality.
  7. Quality-of-Service (QoS) – techniques such as traffic shaping and priority queues that ensure acceptable service levels.
  8. Protocol analysis – examining traffic with tools like Wireshark to diagnose bottlenecks or errors.

Combined, these indicators give a complete picture of network performance and improvement opportunities. Carriers need these details, but ordinary users often need only a decently priced modern router—today’s devices auto-tune most of these knobs.

Measuring Network Experience

The first factor is reachability—being able to connect at all. A DNS service must therefore be:

  • Comprehensive: its upstream resolvers should be authoritative and able to resolve the largest possible set of names.
  • Accurate: results must be correct and free from hijacking or pollution returning advertisement pages.
  • Timely: when an IP changes, the resolver must return the fresh address, not a stale record.

Next comes the network quality of the resolved IP itself.

Because service quality varies strongly with region, servers geographically closer to the client often offer better performance.

Most paid DNS providers support Geo-aware records. For example, Alibaba Cloud allows:

(1) Carrier lines: Unicom, Telecom, Mobile, CERNet, Great Wall Broadband, Cable WAN—down to province level.
(2) Overseas regions: down to continent and country.
(3) Alibaba cloud lines: down to individual regions.
(4) Custom lines: define any IP range for smart resolution.

“(distribution-map-placeholder)”

By resolving IPs based on location, distant users reach nearby servers automatically—boosting experience without them lifting a finger.

In practice, service providers optimize UX based on the client’s real address. For most users, doing nothing gives the best network experience.

Choosing Upstream Resolvers for Self-Hosted DNS

Nearly every Chinese-language guide tells you to pick large authoritative resolvers—Alibaba, Tencent, Cloudflare, Google—because they score high on reachability (comprehensive, accurate, timely). Yet they do not guarantee you the nearest server.

There’s historical context: Chinese ISPs once hijacked DNS plus plaintext HTTP to inject ads. Today, with HTTPS prevalent, this is far less common, though some last-mile ISPs may still try it. Simply switching resolvers to random IPs won’t save you from hijacks directed at UDP 53.

Another user niche cares about content filtering; some providers return bogus IPs for “special” sites. Authoritative resolvers rarely exhibit this behavior.

So three problems arise:

  1. IP contamination
  2. DNS hijacking
  3. Optimal service experience

Authoritative resolvers fix (1); encrypted transports (DoT/DoH/QUIC) mitigate (2).

For (3) you must go back to your carrier’s default DNS. As we said: “Do nothing, and you’ll already enjoy the best network experience.”

But if you’re a perfectionist or a special user, the sections below show how to configure AdGuard Home and Clash to satisfy all three concerns at once.

Authoritative yet “Smart” DNS

AdGuard Home Configuration

AdGuard Home (ADG) is an ad-blocking, privacy-centric DNS server. It supports custom upstream resolvers and custom rules.

ADG’s default mode is load-balancing: you list several upstreams; ADG weights them by historical response speed and chooses the fastest. In simple terms, it will favor the quickest upstream more often.

Pick the third option instead: “Fastest IP address”.

“(ui-screenshot-placeholder)”

Result: ADG tests the IPs returned by each upstream and replies with whichever has the lowest latency. Below are ordinary results for bilibili.com:

“(ordinary-results-screenshot-placeholder)”

Without this option, ADG would hand every IP back to the client: some apps pick the first, others the last, others pick at random—possibly far from optimal.

With “Fastest IP address” enabled:

“(optimized-results-screenshot-placeholder)”

That alone improves network experience.

Why isn’t “Fastest IP address” the default?
Because waiting for all upstream answers means query time equals the slowest upstream. If you mix a 50 ms Ali server with a 500 ms Google one, your upstream delay becomes ~500 ms.

So users must balance quality vs. quantity. I suggest keeping two upstreams only: one authoritative (https://dns.alidns.com/dns-query) plus your local carrier’s DNS.

Carrier DNS IPs differ by city; look yours up here or read them from your router’s status page:

“(router-dns-screenshot-placeholder)”

Clash Configuration

Users with special needs who still want optimal routing can delegate DNS handling to Clash’s dns section.

nameserver-policy lets you assign different domains to different resolvers. Example:

dns:
  default-nameserver:
    - tls://223.5.5.5:853
    - tls://1.12.12.12:853
  nameserver:
    - https://dns.alidns.com/dns-query
    - https://one.one.one.one/dns-query
    - https://dns.google/dns-query
  nameserver-policy:
    "geosite:cn,private,apple":
      - 202.103.24.68 # your local carrier DNS
      - https://dns.alidns.com/dns-query
    "geosite:geolocation-!cn":
      - https://one.one.one.one/dns-query
      - https://dns.google/dns-query

Meaning:

  • default-nameserver – used solely to resolve hostnames of DNS services in the nameserver list.
  • nameserver – standard resolvers for ordinary queries.
  • nameserver-policy – overrides above resolvers for specific groups of domains.

Thanks for Reading

If this post helped you, consider giving it a thumbs-up. Comments and discussion are always welcome!