I ran a competing project[0] on my home network for a few years before I discovered NextDNS[1]. What I lost in performance (requests don't leave my house) I gained in portability: ALL my devices can take advantage – at home and away – and time-saved. PiHole works 90% of the time, but when it did stop working, I'd have to spend a bit of time fixing it. At $20/year, I simply couldn't compete with NextDNS.<p>Note: This isn't a shill for NextDNS; I love these kinds of projects and think they absolutely should exist, but NextDNS just happens to be one of those dead-simple SaaS tools that is an insanely good value.<p>0 - <a href="https://pi-hole.net/" rel="nofollow">https://pi-hole.net/</a><p>1 - <a href="https://nextdns.io" rel="nofollow">https://nextdns.io</a>
I looked at Pi-hole recently but went with AdGuard Home. Nicer UI and nicer everything by all appearances. There's also a surprising amount of customization for something this slick, like being able to defer to my internal DNS for local private domain queries, etc.<p>I'm not entirely sure why AdGuard is giving this away, and maybe I should look into that, but seemed like a relatively low-risk decision to go with this for now. And I can't say enough about how much more pleasant using things like the NYTimes app has been without the obnoxious ads.
AdGuard is a Russian company, with Russian engineers, the majority of AdGuard developers and other employees working from Moscow, registered in Cyprus. Not a great recipe. Hard pass on security grounds.
You might be interested in py-hole. It's just a python script and some dnsmasq configuration, it runs on openwrt, is free and close to zero cpu usage.<p><a href="https://github.com/time4tea-net/py-hole">https://github.com/time4tea-net/py-hole</a>
One other neat thing about AdGuard is that it is available as a Home Assistant addin - and it does integrate with the rest of HA, so you can e.g. have a switch to enable/disable blocking as part of your dashboard.
AdGuard Home is amazing! I used PiHole for a time but did run into small issues quite at lot. Mind you nothing serious but things like these are only really useful if they just work.
Adguard Home works without any issues on my Pi setup via docker-compose [1] and it even runs on a second Pi as backup using a cool container called adguardhome-sync [2] to keep their configurations in sync. I am not seeing any ads in my network anymore and it is quite interesting to see how many tracking/ad requests are sent by some devices...<p>1 - <a href="https://thesmarthomejourney.com/2021/05/24/adguard-pihole-dns-ad-blocker/" rel="nofollow">https://thesmarthomejourney.com/2021/05/24/adguard-pihole-dn...</a><p>2 - <a href="https://thesmarthomejourney.com/2023/02/12/adguardhome-sync-instances/" rel="nofollow">https://thesmarthomejourney.com/2023/02/12/adguardhome-sync-...</a>
Unsure if anyone here uses Technitium DNS(Opensource and free).
It works on minimal hardware. I am running it on an Orange Pi 3 LTS.<p><a href="https://technitium.com/dns/" rel="nofollow">https://technitium.com/dns/</a>
There are a few mostly positive comments here about NextDNS but I'll start a new comment since I'm thinking about switching away from NextDNS. Why? I'm on a Mac / Safari now and would like to enable their "Hide IP address from trackers" feature but if I do, then I start seeing advertisements on websites that would normally be blocked by NextDNS. So I have to uncheck this option and can't use Apple's feature. Overall, I guess the two can't be used together, per an issue reported on the NextDNS Help site:<p><a href="https://help.nextdns.io/t/q6yq4xy/nextdns-stops-working-properly-when-updating-to-ios-17-ipados-17" rel="nofollow">https://help.nextdns.io/t/q6yq4xy/nextdns-stops-working-prop...</a><p>Does anyone by chance know if this is a known issue with AdGuard or even Pi-hole?
Neat!
Similar: If you happen to run pfsense on your network, check out pfblockerng, I really like it!: <a href="https://docs.netgate.com/pfsense/en/latest/packages/pfblocker.html" rel="nofollow">https://docs.netgate.com/pfsense/en/latest/packages/pfblocke...</a>
I contributed improved ipset support to this project. As far as I know, it’s one of the few off-the-shelf DNS servers that can insert result records into Linux ipsets to enable domain-based firewall policy. I run it on OpenWRT and use the ipset support to open the default drop firewall from my “smart” projector on my IoT subnet to NetFlix and YouTube. It sets the ipset entry expiry to the DNS TTL. Now, the only way for the machine to connect to the internet is to resolve a whitelisted domain and it can only access while the record is fresh. I haven’t encountered any issues so far. I take it that some Chinese users use this same functionality to selectively VPN domains to evade GFW.
Also runs on home assistant. The only thing to remember is when your updating HA (or you forget that your HA pi is not on the UPS, and you trip your GFI when doing home maintenance on your ring main) that your DNS also goes down.<p>Side note: it’s always DNS…
Happy AdGuard user here. It's running directly on my EdgerouterX so no need for an extra device to maintain. I really love the high level service blocking as well, blocking the whole of Facebook is just ticking a checkbox!
With a self-hosted DNS internally, how do you handle fallback?<p>For example if the box with Adguard Home or pihole crashes, can you configure your router or your devices in a way that would instead go to say cloudflare or google DNS?
I'm experienced in DNS but have never seen the point in DNS blocklists. It feels like the wrong layer.<p>I do adblocking with a browser extension. The adblocking has more context, can modify the page, and has easy UI integration for debugging and turning it off.<p>What else are DNS blocklists for? Clients except browsers?<p>For the record, on my desktop I use systemd-resolved (for DNSSEC) and dnscrypt-proxy2 (for encryption). On my router I run unbound as recursive resolver for other devices.<p>On my phone I use quad9, and adblocking via Firefox.
I used Pi-Hole, then went to NextDNS, then to AdGuard DNS, tinkered with AdGuard Home, and currently testing Control-D. They are all actually pretty good, similar features, and it has become just a matter of personal choice.<p>In all fairness, when I have some time and can invest in decent hardwares, I might go back to AdGuard Home with one of the paid services as backup for travel, and for the other family members.<p>Pi-Hole works really well but once-a-while, when I'm traveling, it will decide to act up and it's a whole IT support with the family over phone for minutes if not hours. I'm not smart enough to setup a secure enough tunnel and the like, and haven't read up enough on the topic. This follows similar pattern with AdGuard Home.<p>NextDNS, AdGuard DNS, Control-D are easy and just works, especially with the devices that the family uses. I think I bought one of those AdGuard Lifetime license, so I use that to block client-side rendered ads in conjunction with either AdGuard DNS or NextDNS or Control-D. Right now, Control-D is doing pretty good with my test-drive.<p>Edit: The other reason is that many websites such as the Governments’, Banks (at-least in India) seldom works with Pi-Hole or AdGuard Home. With the other tools, I can turn off for a while, and go Internet-Naked and do the transactions, pay the insurance, etc.<p><a href="https://adguard-dns.io" rel="nofollow">https://adguard-dns.io</a><p><a href="https://nextdns.io" rel="nofollow">https://nextdns.io</a><p><a href="https://controld.com" rel="nofollow">https://controld.com</a>
I wonder how much DNS blocking would contribute to a unique browser fingerprint? Like a tracker could use a range of domains, some of which are known to be blocked by certain end-user software, to build a fingerprint.<p>I currently use a vanilla LibreWolf which has uBlock Origin and reasonable defaults out of the box for this reason.<p>My only other line of thinking is that a combination of DNS, IP and in-browser blocking could be more effective than just in-browser alone.
Related:<p><i>AdGuard Home: Network-wide ads and trackers blocking DNS server</i> - <a href="https://news.ycombinator.com/item?id=33387678">https://news.ycombinator.com/item?id=33387678</a> - Oct 2022 (113 comments)<p><i>Show HN: AdGuard Home – an open source network-wide ad blocker</i> - <a href="https://news.ycombinator.com/item?id=18238503">https://news.ycombinator.com/item?id=18238503</a> - Oct 2018 (2 comments)
Coincidentally I just set up OpenWRT [1] on a NanoPi from FriendlyElectric.<p>How would this fit into using Wireguard? Or, how would I go about that? It seems like there might be something conflicting about running both, but I am very new to it all.<p>[1] It is actually running their FriendyWRT variation which came with the precompiled drivers for getting a Realtek USB wifi adapter to work, otherwise stock OpenWRT would work as well
Those who are using DNS level ad blocking: how much do sites break? And how easy is it to unblock them?<p>I currently use browser based blocking and find a lot of sites don’t work at all. Typically SPAs.<p>But if I have to use them, I can disable the adblocker in two clicks. How does that compare?
How can this possibly work?<p>I don't know much about how adtech works, but if I were Google I'd provide ad blocking detection to all of my clients. And it should be pretty simple to detect if parts of the network that are essential to my ads are being blocked.
> Runs on your OpenWrt box<p>Where are you seeing that? The only reference to OpenWRT I see is in the "Projects that use AdGuard Home" section which links to a different project.<p>Otherwise that's a misleading title - this is a PiHole alternative.
Sadly for the AdGuard team, there isn't much of an audience for this. It's one of those things everyone says they want but few people will actually install one, much less maintain one over time. Add to that the wife-forced uninstalls and the total long-term audience for this is (no kidding) in the thousands.
Been 4 months and I'm pretty happy with the following setup: PiHole + RaspberryPi + Tailscale<p>With Pihole running on a tailnet all my devices use it by default as long as they're on the same tailnet. That way I have seamless ad-blocking even when I'm on cellular data or my friends' wifi networks.
Anyone know of an Adguard home or pihole equivalent service I can run as part of OPNSense?<p>I currently have a different machine dedicated to pihole, but it would be intriguing to have something built in. I would imagine split DNS and firewall rules would be simpler this way.
I run AdGuard Home on a Pi and it's fantastic. I was running PiHole previously and found it endlessly problematic, I rarely have to even think about AdGuard Home.
Standing reminder that any device smart enough to run a real web browser shouldn't use one of these and doesn't need one. uBlock Origin works much better for any device capable of running it, both in terms of user experience (the browser understands a block rather than a mysteriously failing request) and because it can block first party ads and clean up page layout.<p>The primary use case for these is for blocking ads on devices that don't allow running a real browser and yet still shows ads, such as "smart home" devices, TVs, etc.
Don't do this. Network firewalls are harmful. Let people configure their own firewalls on device. Having to VPN around network blocks is annoying to say the least. Network firewalls are harmful and just a lazy excuse for bad client security.