just wanted to point out that dns-level blocking introduces a discrepancy to a shared truth, which creates problems and is hence more costly than it might appear.
I have stuff that i can only access inside my home network, so here the truth is one.. Out in the internet those same addresses do not exist, so out there the truth is another..
This is also the same for most, if not all, enterprises, there is always stuff that can only be accessed either on the internal network or via VPN..
There are address that point to different endpoints depending on the network you are connected, and this is by design, again the network wide google safe search is an example.
Same thing for streaming services and CDN's, the same address will return a different endpoint depending on your location..
This happen even for direct IP address without using DNS, Quad9 for example have dozens of servers that provide service to the address 9.9.9.9 for their DNS Server, so depending on your location the same IP address will connect you to a different server that is located closer to you to ensure fast access.
DNS like anything in the network and in computing in general can cause problem if not done correctly.. But then the problem is how it was implemented not the dns blocking or redirecting functionalities on themselves..
redirection and managing your horizons aside, my objection lies with the use for content blocking, because it is the wrong tool for the job.
cheers
It is one tool that is available in our toolbox that we might use or not.. and it is one perfectly valid way of doing it.. It might not fit all workflows or all use cases but that does not make it bad or wrong..
Also, not every endpoint can have ad blocking done locally and having it at the DNS level is a great alternative for those cases..
I honestly use both, all my browsers have local ad blockers to prevent the DNS query from being done in the first place, yet i still have DNS level ad blocker to cover other devices, like TVs for example that now are filled with ads and do not have a method for blocking ads locally..
Also solutions like AdGuard do much more then just ad blocking, like i already mentioned about google safe search, you could just disable the ad blocker and it would still be a great tool to have and i personally consider a must have when you have young kids starting to use the web.
You are within your right to not like this type of solution and are free to not use it in your networks, but stop making BS claims that is the wrong tool for the job or that it is the wrong way of doing it..
What i like most about ad guard home is that almost all configurations can be customized per device.. So if you have some workflow or some device where dns blocking is causing problems you can just disable for that device and still have it for the other devices that need it..
