AdGuard DNS sometimes uses servers on other continents

[jroseff]

Platform

Router

Protocol

DNS-over-TLS

Do you use AdGuard app?

Yes I am

Your configuration

I am using AdGuard DNS configured with DNS-over-TLS on my router (2a10:50c0:c000::[identifier], 94.140.14.49, 94.140.14.59, and the TLS addresses), along with the AdGuard Pro app on my iOS devices. My router (ASUS RT-AC88U) is connected to a 5G cellular gateway in southern Florida, using T-Mobile (AS21928). My iOS devices can additionally connect through Verizon (AS6167) or AT&T (AS7018).

Traceroute to AdGuard DNS

A traceroute from my router seems to fail (possibly due to my NAT setup):

traceroute to 94.140.14.14 (94.140.14.14), 10 hops max, 38 byte packets
1 192.168.12.1 (192.168.12.1) 1.680 ms 1.165 ms 1.040 ms
2 192.0.0.1 (192.0.0.1) 7.779 ms 9.965 ms 7.079 ms
3 * * *
4 * * *
5 * * *
6 * * *
7 * * *
8 * * *
9 * * *
10 * * *

The service does work, however.

Issue Details

Through my router, I am invariably connected to AdGuard DNS servers in Europe (e.g. "dns2-dp-fra-*") — typically in Germany, although sometimes I've seen it connect to French severs, too. This occurs whether I am using the connection provided through the AdGuard Pro app or not.

However, my iOS devices connecting through their cellular modems (using different providers) do connect to the closest server, in Miami (e.g. "dns2-dp-mia-*"). They are using either Verizon (AS6167) or AT&T (AS7018). While that is fine for those devices, they do not have unlimited data nor do they always have good connectivity, so regardless this behavior can not extend to the rest of my network. Simply put, using those connections instead is not a solution in any real way.

Steps to reproduce:

1. Set up an AdGuard DNS connection with a device connected to T-Mobile's 5G Home Internet network
2. Observe results at https://adguard.com/en/test.html

Expected Behavior

AdGuard DNS should choose the geographically closest server, or at least the one with the lowest latency. It does so correctly using two other cellular ISPs in the same area, on the same devices.

Actual Behavior

AdGuard DNS uses servers in Europe for clients in southeastern Florida, United States. The most frequently used one is in Frankfurt, Germany — a distance of about 8,000 km (~5,000 mi)! This unfortunately adds to the latency already inherent in using a cellular modem and subsequently diminishes the otherwise excellent experience of using AdGuard DNS.

Screenshots

Screenshot 1: AdGuard test page using Verizon


Screenshot 2: AdGuard test page using T-Mobile


Additional Information

I see that very similar issues have been reported several times before. They are usually closed with something like "contact your ISP, it's their problem" — but considering the scope of the issue (and that many users are likely not aware of where their DNS servers are, probably leading it to be under-reported) — I think the problem is actually on AdGuard's end.

Nonetheless, I did contact T-Mobile, only for them to tell me that their equipment does not support "unauthorized" DNS (which is at least facially true, their gateway does not allow for any configuration at all, leading to the NAT setup described above).

Notably, similar DNS providers do not exhibit the same behavior; i.e. NextDNS appropriately connects to their Miami server. But I vastly prefer AdGuard, so please don't dismiss this issue!