Recommended Enabling ECS

This article provides a detailed introduction to the recommended DNS settings in AdGuard Home, particularly the role, principles, privacy implications, and alternatives of EDNS Client Subnet (ECS), to help you optimize your DNS resolution experience.
Tags:
Categories:

To achieve the best DNS resolution experience, we have preset some recommended configurations, but there is still a configuration that users need to pay attention to, which is “EDNS Client Subnet”.

Enabling EDNS Client Subnet (ECS)

For a better experience, you might want the DNS server to return server IP results that are geographically closest to you. EDNS Client Subnet (ECS) can achieve this. It allows sending an IP subnet containing geographic information to the DNS server, so the server can return the best DNS resolution results.

How it Works:

When ECS is enabled, your DNS resolver (such as AdGuard Home) will include a part of the client’s IP address (usually the first 24 bits, representing the subnet where the client is located) in the DNS query and send it to the upstream DNS server. The upstream DNS server will then return the server IP address most suitable for that region based on this subnet information.

sequenceDiagram
    participant Client
    participant DNS Resolver
    participant Upstream DNS Server

    Client->>DNS Resolver: DNS Query
    DNS Resolver->>Upstream DNS Server: DNS Query with ECS (Client Subnet)
    Upstream DNS Server->>DNS Resolver: DNS Response (Geo-localized IP)
    DNS Resolver->>Client: DNS Response (Geo-localized IP)

Privacy Considerations:

Enabling ECS can improve the accuracy and speed of DNS resolution, but it may also have certain privacy implications. By sharing the subnet of the client’s IP address, your approximate geographic location information may be recorded by the upstream DNS server. Please weigh whether to enable this feature based on your situation.

How to Weigh:

Enabling ECS can strike a balance between access speed and accuracy. If you have high requirements for privacy protection, you can choose to disable ECS, but it may reduce access speed. If you want to achieve the best access experience, you can enable ECS, but be aware of the potential privacy implications. This privacy information is collected by the upstream DNS, and this service still adheres to the privacy policy commitment, not collecting or utilizing any information.