Chinaski1
commented
3 weeks ago Hello there!
AdGuard DNS uses Anycast technology so we can't manage traffic routing 100% of the time.
At this point, we're compiling problems in internal list with the possibility of their correction in nearest future. Please provide following information via email to support@adguard.com (also share a link to this issue on GitHub):
1) Your IP address: https://adguard.com/en/test.html 2) ASN. 3) Provider name. 4) DNS server location: https://adguard.com/en/test.html|
I am closing this task as it goes to the internal list of routing issues.
Platform
Router
Protocol
DNS-over-TLS
Do you use AdGuard app?
Yes I am
Your configuration
I am using AdGuard DNS configured with DNS-over-TLS on my router (2a10:50c0:c000::[identifier], 94.140.14.49, 94.140.14.59, and the TLS addresses), along with the AdGuard Pro app on my iOS devices. My router (ASUS RT-AC88U) is connected to a 5G cellular gateway in southern Florida, using T-Mobile (AS21928). My iOS devices can additionally connect through Verizon (AS6167) or AT&T (AS7018).
Traceroute to AdGuard DNS
A traceroute from my router seems to fail (possibly due to my NAT setup):
traceroute to 94.140.14.14 (94.140.14.14), 10 hops max, 38 byte packets 1 192.168.12.1 (192.168.12.1) 1.680 ms 1.165 ms 1.040 ms 2 192.0.0.1 (192.0.0.1) 7.779 ms 9.965 ms 7.079 ms 3 4 5 6 7 8 9 10
The service does work, however.
Issue Details
Through my router, I am invariably connected to AdGuard DNS servers in Europe (e.g. "dns2-dp-fra-*") — typically in Germany, although sometimes I've seen it connect to French severs, too. This occurs whether I am using the connection provided through the AdGuard Pro app or not.
However, my iOS devices connecting through their cellular modems (using different providers) do connect to the closest server, in Miami (e.g. "dns2-dp-mia-*"). They are using either Verizon (AS6167) or AT&T (AS7018). While that is fine for those devices, they do not have unlimited data nor do they always have good connectivity, so regardless this behavior can not extend to the rest of my network. Simply put, using those connections instead is not a solution in any real way.
Steps to reproduce:
Expected Behavior
AdGuard DNS should choose the geographically closest server, or at least the one with the lowest latency. It does so correctly using two other cellular ISPs in the same area, on the same devices.
Actual Behavior
AdGuard DNS uses servers in Europe for clients in southeastern Florida, United States. The most frequently used one is in Frankfurt, Germany — a distance of about 8,000 km (~5,000 mi)! This unfortunately adds to the latency already inherent in using a cellular modem and subsequently diminishes the otherwise excellent experience of using AdGuard DNS.
Screenshots
Screenshot 1: AdGuard test page using Verizon
Screenshot 2: AdGuard test page using T-Mobile
Additional Information
I see that very similar issues have been reported several times before. They are usually closed with something like "contact your ISP, it's their problem" — but considering the scope of the issue (and that many users are likely not aware of where their DNS servers are, probably leading it to be under-reported) — I think the problem is actually on AdGuard's end.
Nonetheless, I did contact T-Mobile, only for them to tell me that their equipment does not support "unauthorized" DNS (which is at least facially true, their gateway does not allow for any configuration at all, leading to the NAT setup described above).
Notably, similar DNS providers do not exhibit the same behavior; i.e. NextDNS appropriately connects to their Miami server. But I vastly prefer AdGuard, so please don't dismiss this issue!