Using your mobile phone without a constant barrage of ads It's possible even on budget phones without installing any unusual apps or tweaking any system settings. Simply changing a network setting can let you enjoy games and apps with significantly less advertising and, incidentally, improve your privacy while browsing.
The key is to take advantage of private DNS and resolvers with ad blocking.A feature included in Android for years, and in many other platforms, filters ad domains, trackers, and even adult content. Let's take a detailed look at how it works, how to activate it step by step, and what advanced alternatives exist for those who want complete control.
What is DNS and why is it used to block ads?
The DNS (Domain Name System) is the system that translates domain names into IP addressesWhen you type a website address like www.google.es or when an app tries to load an ad, it actually performs a DNS query to determine which IP address to connect to. Your internet service provider or router usually handles these queries by default.
DNS servers specializing in ad blocking work with lists of domains containing ads, trackers, and malware.Every time an app or website tries to contact one of those domains, the DNS, instead of returning a valid IP address, responds with a fake or empty address, or simply refuses to resolve. The result: the ad never gets downloaded.
This affects both advertising on websites and the advertising you see within many apps and games.The app's code still reserves the space where the ad would go, but since the content isn't downloaded, those spaces remain blank or display a generic message. In return, you save data and battery, and your phone runs a bit smoother because it processes fewer scripts and resource-intensive tasks.
In addition to ad blocking, changing your DNS also impacts your privacy.If you use an encrypted DNS (such as DoH, DoT, or DoQ, which we'll discuss later), your provider can no longer easily see all the websites and services you connect to, nor manipulate the responses to insert targeted advertising or redirect traffic.
Private DNS on Android: Blocks ads without apps or VPN
Since version 9, Android has included a setting called Private DNS. This allows you to specify a custom DNS server using encrypted protocols like DNS-over-TLS. The interesting thing is that, if you choose a provider with ad filters, you can block ads and trackers system-wide without installing apps or using battery-draining VPNs.
This setting is especially useful on cheap or low-spec mobile phoneswhere every extra ad slows down the system and makes the experience a chore. By cutting off advertising online, games and apps that are overwhelmed with banners and pop-ups become much more bearable.
It works simply: the phone stops querying your carrier's DNS. It then starts using another server, such as those from AdGuard or NextDNS, which come pre-configured with blocklists. When an app tries to download a banner, the DNS returns a response that prevents that content from loading.
An important point is that this method does not require root access, unusual APKs, or paid services.It's literally just changing one option in your Android settings, and that's it. If you notice any connection issues, you can always revert to automatic settings in seconds.
How to set up a DNS with ad blocking on Android step by step
To enable private DNS with ad filtering on Android 9 or higherThe exact steps may vary slightly depending on the customization layer, but the general path is very similar on almost all mobile phones:
- Open Settings of the System.
- Sign in Connections o Network and Internet.
- Use the internal search engine to find the option Private DNS if you don't see it at first glance.
- Choose Private DNS provider hostname.
- Enter the DNS server you want to use with ad blocking.
- Press on Save.
A very popular and free server is AdGuard's DNS.which filters ads and trackers across all device traffic. To use it with private DNS on Android, the correct hostname is:
- dns.adguard-dns.com (ad blocking and tracking)
If you also want to block adult content and activate family protectionAdGuard offers a specific variant that adds filters for websites of this type, in addition to the usual ads. According to the service, the host for this version is:
- family.dns.adguard.com (ad blocking + adult content and child protection)
After saving the change, Android will immediately begin using the new DNS.You don't need to restart your phone, although sometimes closing and reopening the apps where you want to check the lock helps. If your office or hotel Wi-Fi suddenly won't let you authenticate, you can switch back to "Automatic" and reactivate the private DNS once you've passed through the login portal.
Use secure DNS in Google Chrome only for web browsing
If you prefer that ad blocking only affects the browser and not the entire systemYou can configure Secure DNS directly in Google Chrome. This is useful if you want to maintain the normal behavior of apps but browse with more privacy and less tracking.
The basic steps in Chrome for Android are as follows (may vary slightly depending on the version):
- Open Chrome and go to Configuration.
- Go to section Privacy & Security.
- Touch on the option Use secure DNS.
- Choose Select another provider or similar.
- Enter the URL of the DNS with ad filtering.
For AdGuard, Chrome requires a special URL format that supports DNS-over-HTTPSThe correct address for it to work is:
- https://dns.adguard-dns.com/dns-query
It is important to respect the exact URL formatBecause if you make a mistake with even one character, Chrome simply won't apply the DNS or will return resolution errors. Also note that there's a family-friendly version that blocks adult content using a different endpoint within the AdGuard service.
It's worth remembering that Chrome's DNS takes precedence over the one configured on Android.If your system uses a DNS with adult filters and Chrome only uses one that blocks ads, you could still access adult content from the browser because its own settings take precedence.
Other DNS services with ad blocking: NextDNS, ControlD, and more
Although AdGuard is one of the best known, it is not the only one that offers DNS-level blockingThere are alternatives such as NextDNS or ControlD that allow much more customization of what is blocked, creation of profiles per device, and detailed statistics of requests.
NextDNS, for example, works like a kind of Pi-hole in the cloudYou register, create a configuration, and enable or disable ad blockers, trackers, and domains from Amazon, Apple, Google, etc. Then you get a DNS-over-TLS or DNS-over-HTTPS host to use on Android (on private DNS) or other systems.
The typical process with NextDNS would beYou register on the website, adjust the Security and Privacy settings to specify which domain types you want to block, copy the URL for “DNS over TLS/QUIC”, and paste it into the private DNS option on your Android device. From then on, all queries will be routed through their servers with the filters you've defined.
NextDNS has a free limit of about 300.000 queries per monthwhich is usually more than enough for a personal mobile phone. If you have many devices, constant streaming, or intensive use, you might need to consider a paid plan or combining it with other solutions.
ControlD is another interesting alternative focused on privacy and granular controlIt allows you to choose different profiles (ad blocking, parental control, social media blocking, etc.) and can also be used via DNS-over-HTTPS or DNS-over-TLS on Android, compatible browsers and routers.
How DNS blocking works internally
To understand why ads disappear just by changing the DNS Pay attention to how many banners and trackers are loaded. Websites and apps often include calls to advertising domains (adservers) that serve images, videos, or tracking scripts.
When the device resolves an ad server's domain, the specialized DNS queries its blocklists.If that domain is categorized as advertising, a tracker, or malware, the resolver can do several things: return an invalid IP address, redirect to a local IP address with no content, or simply not respond with a valid address.
Without obtaining a correct IP address, the app or browser cannot connect to the ad serverThe visual result is that the space reserved for the banner remains empty, displaying a blank area or a box without content. Technically, the app attempted to do this, but the network blocked it.
This method has its limits.Ads served from the same domain as the main content (for example, some banners embedded in video platforms like YouTube) are much harder to filter using DNS alone, because blocking that domain also blocks the legitimate content. In these cases, browser-level blockers or dedicated apps remain more effective.
Even so, for much of the intrusive advertising on websites, free games, and utility appsDNS blocking is a very balanced solution: it doesn't require root access, it doesn't drain the battery with permanent VPNs, and it's fairly transparent to the user once set up.
Airplane mode: a simple trick for offline games and apps
There is an even simpler way to get rid of ads in certain offline games and apps.Activate airplane mode. It's not elegant and it doesn't work for everything, but in some specific cases it works wonders.
Many free games that don't require a constant internet connection only use the internet to display advertising.The game itself is installed locally, with no multiplayer or cloud data, but every few minutes it tries to download an ad to generate revenue. If you activate airplane mode, the phone cuts off all connections, and therefore the ads don't load.
The idea is simple: you start the game, activate airplane mode, and continue playing without the banners appearing.You do lose any online features, rankings, or real-time purchases, but for a quick, uninterrupted game it can be very practical.
The major drawback is that many current applications depend on a permanent connection.Social media, video apps, most modern multiplayer games, etc., stop working properly without data or Wi-Fi. Therefore, this trick is only useful for very specific titles and tools.
Even with those limitations, airplane mode is a useful tool when you're looking for a temporary solution.Without touching DNS settings or installing anything. It's as simple as turning it on and off from the quick settings when you need it.
DNS-over-HTTPS, DNS-over-TLS and DNS-over-QUIC: encrypting queries
So far we've talked about which DNS to use, but how those queries travel also matters.By default, DNS requests are usually sent in plain text, which allows your Internet provider or anyone controlling the network to see which domains you are querying in real time.
To avoid this, protocols such as DNS-over-HTTPS (DoH), DNS-over-TLS (DoT) and DNS-over-QUIC (DoQ) have appeared.These services encrypt queries in the same way that web traffic is already encrypted with HTTPS. So, even if someone can see you connecting to a DNS server, they won't know which domains you're querying.
DNS-over-HTTPS (DoH) encapsulates DNS requests within normal HTTPS traffic over port 443From the outside, they appear to be simple web connections, making them difficult to block or selectively inspect. Browsers like Firefox and Chrome have heavily relied on this method.
DNS-over-TLS (DoT) uses port 853 and a TLS channel dedicated exclusively to DNS trafficIt is easier to manage in controlled networks (companies, advanced homes) but also easier to block if someone decides to close that port.
DNS-over-QUIC (DoQ) is the most modern option, based on the QUIC protocol over UDPIt improves latency and stability on unstable connections, and also encrypts queries. It's not yet as widespread as DoH or DoT, but some advanced resolvers, such as Technitium, and certain commercial services already support it.
Android, with its private DNS option, relies primarily on DNS-over-TLSWhile browsers like Chrome facilitate the use of DoH, many ad-blocking providers, such as AdGuard or NextDNS, offer endpoints compatible with both protocols.
Set up your own local DNS: Pi-hole, AdGuard Home and Technitium
If you want to go a step further and have total control over DNS queries across your entire networkYou can set up your own DNS server at home using a small computer, a NAS, or a Raspberry Pi. This way, you don't depend on external services and you can customize the blocklists to your liking.
Pi-hole is probably the most popular homemade solutionIt functions as a recursive DNS server that applies blocklists at the local network level. Any device using this server (mobile phones, Smart TVs, computers, game consoles) is protected without requiring any installation. The drawback is that it requires some initial setup and a degree of technical know-how.
AdGuard Home is another very powerful open-source optionIt features a simple web panel and integration with ad lists, trackers, and family protection. Similar to Pi-hole, it installs on a device on your network and configures your router or other devices to use that DNS instead of your ISP's.
Technitium DNS Server goes a step further by combining recursive and authoritative functionsThis means that, in addition to resolving external domains with ad blocking, you can create your own internal domains for self-hosted services, development labs, etc., and manage them from a web interface.
Among the most outstanding features of Technitium are It features compatibility with DoH, DoT, and DoQ, support for DNSSEC, automatic blocklists, an HTTP API for automation, and a real-time statistics dashboard. This allows you to see which devices are querying which domains, what is being blocked, and adjust rules on the fly.
Technitium is cross-platform to install, but it is especially convenient with Docker.Using a docker-compose configuration file, you create a container that exposes the necessary DNS ports (53/UDP and TCP), as well as those for the web console. From there, you enable blocking, add ad lists, and decide whether the server will allow recursive queries only to your private network.
Using your own local DNS has several clear advantagesYou reduce dependence on third parties like Google DNS or Cloudflare, avoid additional tracking, can speed up resolution on your internal network, and above all, have a central location from which to effortlessly apply blocking and filtering policies to all devices.
Recursive vs. authoritative DNS: key concepts
When discussing DNS servers, it is common to distinguish between recursive and authoritative servers.Understanding the difference helps to better appreciate what solutions like Pi-hole, AdGuard Home, or Technitium do.
A recursive DNS behaves like a "detective" that looks for a domain's IP address when it doesn't have it in its cache.If you ask it, for example, example.es, and it doesn't know the answer, it queries other servers: first the root server, then the TLD (.es), and finally the domain's authoritative server, until it gets the correct IP address. This is the type of server we use as end users.
An authoritative DNS, on the other hand, is the one that has the "official truth" about a specific domain.It stores A, MX, CNAME, and other records and responds to other machines with that information. When you register a domain and configure its DNS zone, you are working with authoritative servers.
DIY ad-blocking solutions often work in conjunction with filters.They receive the request from your device, check their block lists, and if the domain is not blocked, they follow the normal recursive process until they get the answer. If it is blocked, they alter the answer or deny it.
Advanced tools like Technitum combine both functionsallowing you to be authoritative for internal domains (e.g., server.home, nas.lan) on your local network while also acting as recursive externally with ad and tracker blocking.
Use cases and limitations of DNS ad blocking
Setting up a DNS with ad blocking makes sense in several typical scenariosOn a home network, for example, you can protect all the devices in the house, from mobile phones to televisions, without having to install individual blockers. It's ideal for reducing aggressive advertising in children's apps and free games.
It is also very useful in work environments or small businesses Where you want to limit access to adult or potentially dangerous content, or simply prevent productivity from being affected by banners and pop-ups, family protection profiles from services like AdGuard DNS are perfect for this.
On the limitations side, it must be accepted that DNS blocking is not perfect.Ads embedded within the domains of services like YouTube, some social networks, or highly closed applications cannot always be filtered without breaking some functionality. In these cases, dedicated browser blockers or more sophisticated solutions are still necessary.
Another thing to watch out for is public WiFi networks with captive portals. (airports, hotels, cafes…). These systems often rely on DNS redirects to display the login page. If you have an active DNS redirect, Private DNS If it's very strict, the page might not load. In those cases, the best solution is to temporarily disable private DNS, complete the login process, and then re-enable it.
From a legal and ethical standpoint, it is worth remembering that many free services are financed by advertising.Blocking ads improves the user experience, but it also reduces revenue. Finding the right balance between usability and supporting creators is a personal choice—for example, by keeping ads enabled on some key services or by supporting ad-free paid versions when you actually use them a lot.
With all that said, it's clear that playing with DNS settings has become an extremely powerful tool To eliminate much of the most annoying advertising, improve privacy, and gain control over what happens on your network, whether you opt for a quick Android solution or set up your own local DNS server with custom statistics and rules.
