Resolver Updated With Upstream Security Fixes Ahead of Release
The resolver engine now carries four security fixes from the upstream AdGuard Home project, applied before they ship in an official release. Full technical notes are on GitHub.
Transparent updates on our infrastructure, security patches, and feature rollouts.
The resolver engine now carries four security fixes from the upstream AdGuard Home project, applied before they ship in an official release. Full technical notes are on GitHub.
Automatic discovery (DDR, RFC 9462) designates dnsdoh.art directly for DoH, DoT and DoQ. One name, one certificate carrying the resolver IP, strictly verified on every transport.
dnsdoh.art now answers Discovery of Designated Resolvers (RFC 9462) in strict verified mode. A device that knows only the resolver address 194.180.189.33 discovers the encrypted endpoints on its own, and Windows 11 fills in the DoH template automatically.
Post-quantum key exchange (X25519MLKEM768) is now live and verified across all four encrypted-DNS transports (DoH, DoH3, DoT and DoQ), and Encrypted Client Hello keeps the site name out of plaintext during the TLS handshake.
Two new evergreen guides: one explains DNS caching and TTL, including why a record can keep resolving to an old address after you change it; the other walks through what an IP address lookup actually shows about you, and what it does not.
A guide on how a site can recognise you from dozens of small browser details, even with cookies cleared and your IP hidden, and what actually reduces it.
Three guides that pair with our leak test: how the test actually works, what to do when you find a leak, and how to check whether a VPN is leaking your DNS.
Four guides on the fundamentals: what a resolver is and what it sees, how the encrypted protocols compare, what DNSSEC does and does not do, and a runbook for building your own validating resolver.
We spent the week sharpening the parts of the site you actually use: setup guides for more devices, plain-language protocol explainers, an expanded knowledge base, and a faster-loading homepage.
A wave of behind the scenes tuning makes lookups quicker and far more stable when our servers are busy. We also load tested the resolver to confirm it stays fast well beyond everyday demand.
We rebuilt the engine that looks up and security-checks your DNS requests, switching its cryptography to Google's high-speed BoringSSL for snappier encrypted lookups.
We are open-sourcing the complete architectural specification and optimization logs for our custom AdGuardHome Edge core engine.
We are open-sourcing dns-ultra, an advanced DNS diagnostic engine designed to benchmark upstream resolvers with real-world accuracy and intelligent scoring.
We have successfully migrated our custom network engine to the fresh v0.81.4 base, incorporating critical upstream DNSSEC cache fixes into our optimized stack.
We have rewritten the core DNS-over-UDP response path, deploying a package-level sync.Pool mechanism that completely eliminates heap allocations.
We are formalizing our infrastructure under the AdGuardHome-Edge designation, a high-performance, custom-optimized fork of the core AdGuard engine.
Routine component updates across our full software stack, keeping all binaries current with the latest upstream releases.
A deep tuning cycle of our kernel networking parameters has improved DNS response consistency and reduced tail latency during peak usage periods.
We have migrated to AMD EPYC Zen 2 processors and recompiled our entire software stack from source with platform-native optimizations for maximum throughput.
A comprehensive security update introducing real-time traffic monitoring, smarter flood mitigation, and improved protection for legitimate users during high-traffic events.
We have completed a major infrastructure hardening cycle, migrating our packet processing pipeline to XDP native mode and modernizing our TLS configuration to eliminate weak cipher suites.
Our nftables ruleset has been fully migrated to production mode with refined per-IP rate limiting, a global SYN circuit breaker, and improved amplification reflection defense.
We have completely re-engineered our edge packet processing pipeline, introducing eXpress Data Path (XDP) technology and a deterministic memory model for sub-millisecond traffic analysis.
Our network stack has been re-calibrated for next-gen 5G cellular connectivity. We have heavily tuned nftables for microsecond-latency packet processing.
Rapid deployment of Nginx 1.29.5 addressing upstream bugs, alongside a critical logic update to our nftables firewall engine to tighten stateful packet inspection.
We have upgraded our core network stack. Nginx 1.29.4 and OpenSSL 3.6.0 are now live, alongside the new nftables 1.1.6 firewall engine for superior performance.
A massive expansion of our edge security. We have integrated 7 global threat intelligence feeds-including FireHOL and Spamhaus-and optimized our firewall synchronization engine.
Major infrastructure hardening with kernel-level nftables firewall, intelligent bot detection, automated threat blocklists, and multi-layer rate limiting across all DNS protocols.
A complete visual overhaul (v2.0), a new IP & Fingerprint analysis tool, and implementation of our transparent legal framework.
Major architectural shift for our DNS Leak Test. Now utilizing kernel-level packet capture (tcpdump) piped to Redis for zero-latency tracking.
We have upgraded our core filtering engine to AdGuard Home v0.107.70, bringing enhanced performance, security patches, and better blocklist handling.
We have launched a professional-grade DNS Leak Test on our main site. Instantly verify your VPN security and detect transparent proxies.
November 2025 brings our biggest update yet: a complete website redesign and the integration of Redis Server for caching.
Critical update for Unbound fixing CVE-2025-11411 (Domain Hijacking vulnerability).
Core filtering engine updated to version v0.107.69 for improved stability.
Support for IPCrypt client IP encryption and stability fixes.
Routine version updates for the core trio: AdGuard Home, Unbound, and dnscrypt-proxy.
Keeping our infrastructure secure with the 2024 release cycle updates.
Optimizing the integration between AdGuard Home, Unbound, and our newly added dnscrypt-proxy.
A major security upgrade introducing dnscrypt-proxy to encrypt upstream traffic.
DNSDOH.ART goes live with a privacy-first foundation powered by AdGuard Home and Unbound.