This is the multi-page printable view of this section. Click here to print.

Return to the regular view of this page.

Tools

Adding Split-Routing Support to AdGuardHome

Open-source repo: https://github.com/AdGuardPrivate/AdGuardPrivate

Out of the box, AdGuardHome has no built-in split-routing rules—you either hand-write them or configure an upstream file, which is one of its pain points.

It took quite a while to develop and thoroughly test the split-routing feature, but it’s now running stably.

With split-routing in place, you no longer need to put SmartDNS in front of AdGuardHome; the single AdGuardPrivate binary handles everything.

At the moment the feature only supports splitting traffic into two upstream pools: A and B—part of your traffic goes to pool A, the rest to pool B. Enabling more flexible routing would require significantly more work, as the routing logic spans both AdGuardHome and dnsproxy. If two pools aren’t enough, feel free to fork the project and experiment yourself.

Issues or suggestions are welcome; the current version focuses on quality-of-life improvements for users in specific regions.

A New Choice for Ad Blocking—AdGuardPrivate

AdGuardPrivate is a DNS–based service focused on protecting network privacy and blocking ads. Built atop the open-source project AdGuard Home, it uses intelligent traffic analysis and filtration to deliver a secure, high-performance browsing experience. Below are its key features and characteristics:

Core Functionality: Ad Blocking & Privacy Protection

  • Ad Blocking: Intercepts web advertisements (banners, pop-ups, video ads, etc.) and in-app ads at the DNS level, speeding up page loads and improving device performance.
  • Privacy Protection: Prevents tracking scripts, social-media widgets, and privacy-breaching requests from collecting behavioral data; blocks malicious sites, phishing links, and malware.
  • DNS Anti-Hijacking: Ensures accurate and secure domain resolution through encrypted DNS (DoT, DoH, HTTP/3), guarding against traffic tampering.

Advanced Features: Customization & Optimization

  • Custom Rules: Allow users to import third-party allow/deny lists or create personalized filtering rules, granting fine control over access to specific apps, sites, or games.
  • Smart Resolution: Supports friendly domain resolution for LAN devices (e.g., NAS or corporate servers), simplifying network management.
  • Statistics & Analytics: Provides detailed request logs, blocking statistics, and 72-hour query history, giving users visibility into their network usage.

Family & Enterprise Scenarios

  • Parental Controls: Blocks adult sites and games; helps manage household internet time and protect minors.
  • Enterprise Deployment: Offers distributed server load balancing and optimized China-mainland access speed, backed by stable Alibaba Cloud nodes.

Platform Compatibility & Service Tiers

  • Cross-Platform: Works on multiple operating systems with no extra software required—just configure encrypted DNS and go.
  • Service Models:
    • Free Public Service: Core ad-blocking and security rules; may trigger occasional false positives.
    • Paid Private Service: Adds custom resolution, authoritative DNS, per-device ID tracking for usage history, and more—ideal for users needing advanced personalization.

Technical Strengths & Limitations

  • Strengths: Works across all devices, adds zero overhead, reduces unnecessary data loads—great for mobile battery life.

  • Limitations: Less granular than browser extensions; cannot perform deep HTTPS content filtering (e.g., MITM-based filters).

  • Example Use Cases

    • Individual Users: Block in-app ads on mobile devices to enhance the user experience.
    • Family Users: Deploy on a home router to block ads on every household device and restrict kids from inappropriate content.
    • Enterprise Networks: Combine with custom rules to bar entertainment sites, boost employee productivity, and safeguard internal data.

Using curl to Fetch DNS Results

Introduces two ways to use the curl command to obtain DNS query results.

This article presents two methods to retrieve DNS query results using curl:

  1. DNS JSON format
  2. DNS Wire Format

1. DNS JSON Format Queries

Returns DNS responses in JSON, making them easy to parse.

Google

curl -H 'accept: application/dns-json' "https://dns.google/resolve?name=baidu.com&type=A" | jq .

Cloudflare

curl -H 'accept: application/dns-json' 'https://cloudflare-dns.com/dns-query?name=baidu.com&type=A' | jq .

Aliyun

curl -H "accept: application/dns-json" "https://223.5.5.5/resolve?name=baidu.com&type=1" | jq .

dns.pub

curl -H 'accept: application/dns-json' 'https://doh.dns.pub/dns-query?name=baidu.com&type=A' | jq .

AdGuard Private DNS

# Currently unsupported

2. DNS Wire Format Queries

Returns binary DNS responses that require further parsing.

Google

curl -H 'accept: application/dns-message' 'https://dns.google/dns-query?dns=q80BAAABAAAAAAAAA3d3dwdleGFtcGxlA2NvbQAAAQAB'  | hexdump -c

Cloudflare

curl -H 'accept: application/dns-message' 'https://cloudflare-dns.com/dns-query?dns=q80BAAABAAAAAAAAA3d3dwdleGFtcGxlA2NvbQAAAQAB'  | hexdump -c

Aliyun

curl -H 'accept: application/dns-message' "https://dns.alidns.com/dns-query?dns=P8QBAAABAAAAAAAABWJhaWR1A2NvbQAAAQAB"  | hexdump -c

dns.pub

curl -H 'accept: application/dns-message' 'https://doh.dns.pub/dns-query?dns=q80BAAABAAAAAAAAA3d3dwdleGFtcGxlA2NvbQAAAQAB'  | hexdump -c

AdGuard Private DNS

curl -H 'accept: application/dns-message' 'https://public0.adguardprivate.com/dns-query?dns=q80BAAABAAAAAAAAA3d3dwdleGFtcGxlA2NvbQAAAQAB'  | hexdump -c

Parsing DNS Responses with Python

# pip install dnspython
# pip install requests
# Parsing JSON responses
import json
import requests

def query_dns_json(domain="example.com", type="A"):
  """Query DNS using JSON format"""
  url = "https://dns.google/resolve"
  params = {"name": domain, "type": type}
  headers = {"accept": "application/dns-json"}

  response = requests.get(url, params=params, headers=headers)
  return json.dumps(response.json(), indent=2)

# Parsing Wire Format responses
def query_dns_wire(domain="example.com"):
  """Query DNS using Wire Format"""
  import dns.message
  import requests
  import base64

  # Create DNS query message
  query = dns.message.make_query(domain, 'A')
  wire_format = query.to_wire()
  dns_query = base64.b64encode(wire_format).decode('utf-8')

  # Send request
  url = "https://dns.google/dns-query"
  params = {"dns": dns_query}
  headers = {"accept": "application/dns-message"}

  response = requests.get(url, params=params, headers=headers)
  dns_response = dns.message.from_wire(response.content)
  return str(dns_response)

if __name__ == "__main__":
  print("JSON query result:")
  print(query_dns_json())
  print("\nWire Format query result:")
  print(query_dns_wire())

Generating Base64-Encoded DNS Wire Format Data

# pip install dnspython
import base64
import dns.message
import dns.rdatatype

# Create a DNS query message
query = dns.message.make_query('example.com', dns.rdatatype.A)

# Convert message to Wire Format
wire_format = query.to_wire()

# Encode to base64
wire_format_base64 = base64.b64encode(wire_format).decode('utf-8')

# Print
print(wire_format_base64)

How to Use Bing International Edition

Some search engines refuse to innovate; valuable content keeps decreasing while ads keep multiplying. Many have started abandoning them and switched to Bing (bing.com).

Bing comes in multiple versions:

  • cn.bing.com is the China edition; search results are censored.
    • Domestic edition: mainly searches Chinese content.
    • International edition: searches both Chinese and English content.
  • www.bing.com is the genuine international edition; there is no mainland-China censorship, letting you find much more “you-know-what” content.

Search results differ among the three editions. For users who can read English, I strongly recommend the international edition—it yields far more valuable material.

I won’t elaborate on how search results differ in the true international edition; try it yourself if you’re curious.

The true international edition even offers an entry point for Microsoft Copilot, similar to ChatGPT. It can summarize search results for you. Although there is a usage frequency limit, normal everyday use is perfectly fine.

Switching between the domestic and international editions isn’t difficult; the focus here is how to access the real Bing International edition.

Many people have scratched their heads for ages in the settings without success—probably because they were looking in the wrong place.

The real restriction lies in DNS. DNS can return different resolution results based on the requester’s geographic location. For instance, requests for qq.com from Shandong and Henan may yield different IP addresses. Typically, DNS provides the server IP that is geographically closest.

Therefore, if you want to use the international edition, try switching your DNS to Google’s tls://dns.google or Cloudflare’s tls://one.one.one.one.

Only the encrypted DNS addresses from these two DNS providers are listed here; raw-IP DNS endpoints are intentionally omitted, because overseas plain-IP DNS is easily hijacked. Giving out 8.8.8.8 or 1.1.1.1 is pointless.

Refer to How to Configure Encrypted DNS for setup instructions.

Note: using encrypted DNS is the simplest way to gain access to Bing International; other methods exist but won’t be covered here.

If one DNS endpoint does not work, try the following in order:

  • tls://dns.google
  • tls://one.one.one.one
  • tls://8.8.8.8
  • tls://8.8.4.4
  • tls://1.1.1.1
  • tls://1.0.0.1

Usually two of them will connect successfully. If none work, you’ll need to explore other solutions.