Setting Up Trusted Service Providers

Tags:
Categories:

When creating a paid service, the default setting uses faster domestic upstream services, including Ali’s IPv4 and IPv6 as well as DoT services.

Some service providers may have issues with incorrect DNS resolution, directing some overseas websites to the wrong IP addresses, resulting in inaccessibility. A common symptom is a certificate error in the browser.

To avoid resolution errors, you can switch to an upstream service provider like Cloudflare. When using such services, ensure you are using the DoH or DoT protocol to prevent hijacking.

Additionally, you need to disable domestic upstream services, as they are closer and faster, and AdGuard will prioritize them.

To disable an upstream service, simply add a # before the corresponding service IP.

Avoiding Resolution Errors

After setting up, you need to test the upstream to ensure the upstream server is available, and then apply the changes.

Avoiding Resolution Errors - Apply

However, using only overseas services can degrade the access experience for domestic apps, as these apps typically route overseas resolutions to specific external servers, resulting in slower domestic access speeds.

If you only need to avoid resolution errors for commonly used services, you can manually specify a specific resolution address for the domains that are incorrectly resolved, while still using the default domestic upstream services for unspecified domains.

In the AdGuard console, go to Settings -> DNS Settings -> Upstream DNS Servers, and add the domains that are incorrectly resolved in the format [/example1.com/example2.com/]tls://1.0.0.1 to Custom DNS Servers, then click Save Settings.

Setting Upstream Servers

Setting Upstream Servers

public2.adguardprivate.svc.cluster.local is our internally provided resolution service that avoids resolution errors, with the upstream set to Cloudflare. Compared to users manually specifying an overseas upstream, it offers faster resolution speeds, at the cost of a slight delay when updating domain resolutions. If you do not have specialized needs, you can use our provided resolution service that avoids errors.

If you need to use external resolution addresses from Cloudflare or Google, you must specify the IP using DoT/DoH. Here are some examples:

#tls://1.1.1.1
tls://1.0.0.1
tls://[2606:4700:4700::1111]
tls://[2606:4700:4700::1001]
tls://[2606:4700:4700::64]
tls://[2606:4700:4700::6400]
https://1.1.1.1/dns-query
https://1.0.0.1/dns-query
https://[2606:4700:4700::1111]/dns-query
https://[2606:4700:4700::1001]/dns-query
#tls://8.8.8.8
#tls://8.8.4.4
tls://[2001:4860:4860::8888]
tls://[2001:4860:4860::8844]
tls://[2001:4860:4860::64]
tls://[2001:4860:4860::6464]
#https://8.8.8.8/dns-query
#https://8.8.4.4/dns-query
#https://[2001:4860:4860::8888]/dns-query
https://[2001:4860:4860::8844]/dns-query

The addresses commented with # are currently blocked by the firewall and temporarily unusable.

Our site fully supports IPv6, which is one of our advantages, allowing the use of IPv6 addresses for upstream services to achieve more stable resolution speeds.