NXDOMAIN vs 0.0.0.0 Blocking mode for Adguard for iOS in 2024.

[BillyJoeJimBob]

Please answer the following questions for yourself before submitting a question.

• [X] I am running the latest version
• [X] I checked the knowledge base and found no answer
• [X] I checked to make sure that this issue has not already been filed

Ask a question

Is the default blocking mode (0.0.0.0) currently the best practice for blocking content in iOS or is there any reason to use NXDOMAIN? I am asking because I have seen conflicting information on this recently regarding apple devices, see

https://developer.apple.com/support/prepare-your-network-for-icloud-private-relay

https://github.com/AdguardTeam/AdGuardDNS/issues/60#issuecomment-543079239

Thank you.

[tengizmax]

You're right @BillyJoeJimBob , using 0.0.0.0 is the standard and generally recommended method for blocking content in iOS. It effectively prevents devices from connecting to unwanted domains.

Thats why we recommended to use default (0.0.0.0 response) blocking mode, because NXDOMAIN is a DNS response signaling a non-existent domain, not a mechanism designed for content blocking.

Using 0.0.0.0 for content blocking on iOS is indeed more reliable than returning DNS errors (NXDOMAIN) . This is because returning 0.0.0.0, while technically an invalid IP address, doesn't count as a DNS failure and won't negatively impact the DNS server's fail rate. This approach helps maintain a more stable and reliable DNS resolution experience for users on iOS.

[BillyJoeJimBob]

Thank you for clarifying the issue.