DNS section doesn't consider private ECS

[Mikaela]

Affected page

https://www.privacyguides.org/dns/

Description

The page simultaneously states that AdGuard DNS has ECS, NextDNS and Quad9 make it optional, and PrivacyGuides requirement is that there is no ECS or it can be disabled.

This is partially incorrect as both AdGuard and NextDNS privatize it, while Quad9 doesn't.

While ECS generally tells the authoritative nameserver the client's subnet, private ECS lies about that a bit and brackets users (see sources below).

So what I am suggesting is changing AdGuard's "yes" to "private", NextDNS "optional" to "optionally private" while keeping Quad9 as "optional" and explaining what ECS and private ECS are about if not just linking to upstream sources.

Sources

• https://adguard.com/en/blog/private-dns-v0-3-beta.html
• https://medium.com/nextdns/how-we-made-dns-both-fast-and-private-with-ecs-4970d70401e5
  • https://scribe.rip/nextdns/how-we-made-dns-both-fast-and-private-with-ecs-4970d70401e5
• https://www.quad9.net/support/faq/#edns

(I have been noting these for my personal use in my dotfiles repo.)

Before submitting

• I am reporting something that is verifiably incorrect, not a suggestion or opinion.
• I agree to the Community Code of Conduct.

[privacyguides-bot]

This issue has been mentioned on Privacy Guides. There might be relevant details there:

https://discuss.privacyguides.net/t/contemplating-dns-resolvers/17203/13

[dngray]

That does make a lot of sense. I think this might have been before there was really offering a private option.

[privacyguides-bot]

This issue has been mentioned on Privacy Guides. There might be relevant details there:

https://discuss.privacyguides.net/t/nextdns-logging-is-opt-out-not-opt-in-as-stated-on-pgs-dns-resolvers-recommendations-page/17206/36