hello

was wondering if anybody here use adblock services here (self hosted, DoH/DoT offsite service like adguard, nextdns, etc.)

my journey in ad blocking and content control is:

1. PiHole
i have some RPi 1 B+ laying around, so i set up pihole there and run it about 1 year. it was okay but lacking stuff like DoT/DoH.

then i moved to hosted service:

2. nextDNS
free account, with 300k queries. free functions (can select ad list services, time pause some services like youtube, block porn and force youtube restricted mode, etc.)

used it a couple of months and want more, so i change to

3. AdGuard Home (self hosted)
i installed it on my RPi 1 B+ but thing sometimes use near 100% of the CPU and slow down the system. i have an unused intel atom laptop (lenovo s10-3 with atom n450) laying around, so i installed adguard there and also use it as a private shared server (accessed outisde with cloudflared tunnel). so far running fine (CPU usage below 10% and temp around 50c-to 60c. watt usage is at 8w).

still waiting for content filter to come out with youtube keyword blocking though, then i can block that youtube channel 'wolfoo' because i hate wolfoo.

If you dont mind using Cloudflare as DNS then I would suggest setup PiHole with cloudflared DoH as currently I'm using those in RPi5 and all working great.

hows the dns response time?

i once tried hosting adguard at office server with unifi 800mbps fixed ip and port forward.

kinda slow

I've compared normal 1.1.1.1 with DoH 1.1.1.1 and the responses I would say, almost the same. Feel like no different to me.

I use Pi Hole

Pi Hole itself doesn't support DoH/DoT
But it can be easily added using cloudflared or dnscrypt-proxy
Pi Hole Docs recommend cloudflared, but it does not run on Pi 1/ Pi Zero due to armv6 architecture (with that said there are 3rd party builds that target armv6, but I faced other issues such as it freaking out when internet connection is lost)

So, I myself use dnscrypt-proxy, connecting to Quad9 over DNSCrypt, based on this guide (it can also do DoH and Dot)
https://blog.sean-wright.com/dns-with-pi-hole-dnscrypt/

if you got asus router with merlinwrt firmware, you can install adguard home on it

I am currently using DNS assignment for AdGuard, which is available in the stock firmware of my ASUS router.

Running pihole and works like a charm

I have a paid NextDNS account as well as AdGuard Home running on a GL.iNet router. As long as you understand their limitations, I think most people will be satisfied with either.

Main reason I pay for premium NextDNS is because I install it on family members’ devices and remotely manage their blocking (we don’t live in the same house). For my own needs, I just have it on my daily phone.

AdGuard Home I enable on certain vlans for various IoT devices in my house.

For other more private devices like my personal iPad or laptop, I tend to run a VPN full time and my current provider has very good customizable blocklists, so neither NextDNS nor AdGuard Home come into play here.

Horses for courses, as they say. Use what works for you.

This post has been edited by dev/numb: Jan 19 2024, 12:19 AM

Yeah but that is public Adguard, which is different to Adguard home

With Adguard public, you use their servers with their managed set of lists to block

With Adguard home, you are in control of exactly what to block and what to not block + your choice of upstream DNS provider like CloudFlare, Google, etc

With that said, for most people using a public server is good enough compared to a self hosted and self managed solution

Of course, there are cloud based alternatives like NextDNS or Adguard DNS (not to be confused with Adguard Public DNS...)
But usually they have a limit and a fee after that

This method will make you depends on their list. If you setup PiHole/Adguard you can control your own list plus their list if you want.

i'm using opnsense + unbound dns
dns coming from adguard.

Currently using adguard public default DOH on router.Suit my need.

mine running pihole on top on umbrel on top of pi4. seems fit my purpose

I tried Pihole on Pi3B, then Adguard home (self hosted), Merlin with Diversion

Now using Adguard Public DNS, lazy tinkering with extra hardware

It's not the same... adguard home give you more option to set dns on which service you prefer and also custom adblock list if you wanna use other filter list.


Attached thumbnail(s)

I have installed AdGuard Home on my PC and mobile phones before, and I have considered buying its subscription.



https://www.stacksocial.com/search?utf8=%E2...3&query=adguard

But in the end, I just like the simplicity of using the public AdGuard DNS service.

adguard home is free tho not subscription based..
https://github.com/AdguardTeam/AdGuardHome

This post has been edited by GameSky: Jan 20 2024, 11:47 AM

if you're into customizing what to block (assuming you didnt do this yet)

1. set DDNS on your asus router (fqdn will be like somethingyouchoose.asuscomm.com)

2. register free adguard dns account

3. put your ddns fqdn at your account so that adguard knows your profile

4. set the given dns IP on your adguard account to your router

i have 2 AGH instances, with AdGuard DNS as a backup (if you get the AdGuard VPN it comes for free with it). Also have ControlD Full Access but i have only used that for specific devices for DNS Proxy, i should spend time to utilize it more.

I started using Adguard Home last year. Runs on a Mikrotik hAP ax3.

oh, that device support docker?

The arm and arm64 models support but not everything works. So far only using Adguard Home, uptime-kuma and Lego.

How do you put the DDNS into adguard tho? Been looking for the settings for days

Adguard DNS Dashboard -> Home -> Scroll down to your devices

Assuming you added only 1 device, which is your router and have setup adguard on your router

Click on settings of that device

Scroll down

Plain DNS server addresses -> Linked IPv4 address -> Advanced settings -> Configure DDNS

If you have never linked before, click on Link IP address first

Thanks, got it working now
Tried DNS over TLS, but I dont think merlin and adguard are able to play along
Especially I dont see the option to turn off DNS server
Followed the steps in the website, couldnt get a connection lol

Merlin has DoT support directly if you’re using Adguard DNS.
otherwise if you’re running AdguardHome locally, you just forward everything to AdguardHome and do DoT/DoH/DoQ from Adguardhome

i just experimenting with adguard with open port & cloudflared tunnel.

1. adguard DoT, port forward 853 and using letsencrypt cert
work but sometimes a bit wonky (cannot resolve)

2. adguard DoH, port forward 443 and using letsencrypt cert
worked ok

3. adguard DoH with cloudflared tunnel & port forward 443 with cloudflare proxy
worked ok but sometimes high response time

one thing i still stuck is, when using cloudflared tunnel/proxy, client section is like this:



but on port forward, its like this:



This post has been edited by eds2: Jan 29 2024, 12:40 PM

I tried Pihole + unbound but the unbound part doesn't work.
$ dig pi-hole.net @127.0.0.1 -p 5335
It return nothing.

Unbound only works if I turn on VPN.
$ dig pi-hole.net @127.0.0.1 -p 5335
Same command but this time it works.

I doubt TM unifi blocked unbound.
Can someone else verify this?

127.0.0.1 = localhost.
so if you’re running unbound on a VPS and you’re running the command on your pc, it won’t work because the command is querying your pc.

tried to run adguard home, but totally unable to block ads

Not even one? Mine, I think most are blocked. I didn't really look in detail but the ads in LYN blocked.

It's a DNS block so you may need to clear your DNS cache. Or just use another device to test.

This post has been edited by soonwai: Feb 1 2024, 01:25 PM

tried manual with default filter, set router to adguard home dns, manual set device to adguard home dns none of them block ads

What blocklist you use?

I’m using these btw. Most of the ad is blocked

i just use the 1 default filter, let me have a try with yours

haiz, still the same, i think i will just stick with my adguard app

did your clients show up on the client list in adguardhome's dashboard?

Better restart your phone after changing dns. Sometimes the device cache didn't expired so it will still getting the previous record.
And it does not prevent youtube ads and facebook ads. (mobile)

yes, did show up in client list got dns queries , just that blocked by filters showing 0, i can see ads in lyn forum after switch to adguard home

check browser private dns settings
android private dns settings
icloud private relay

etc

before you abandon your adguard home set up, see if this have any results on your adguard home dashboard

1. at your PC, open cmd or terminal

2. type:
nslookup
server 192.168.0.2 <-- change the IP address to your adguard home IP
google.com
www.google-analytics.com

3. 'google.com' should return something and google-analytics.com will show 0.0.0.0

results might look like this:





This post has been edited by eds2: Feb 2 2024, 04:25 PM

have to turn off icloud private relay ya?

Not vps, I run the server locally.

I reckon the new router Dlink DIR-X3060Z is the problem coz previously I used another router which is fine.

thx, after i turn of private relay, set dns and ipv6 dns, now all working fine forum look clean clean now

Trying out adblock lean.So far so good.

Hi guys, adguard home support ipv6 ?

support. you want to use the adguard built in dhcp server?

because after change ipv6 dns server to adguard ip i no longer have ipv6 service

For me, I leave IPv6 dns blank and just use ipv4.

you mean ipv6 dns on your router ?

Yes. I only have ipv4 dns enabled. All queries are done thru ipv4.

it really does depend on your router

some routers advertise the router itself
some will put isp dns if you leave blank
some will not advertise anything if you leave blank

i use a router flashed with openwrt and it's behaviour is the last one after i uncheck advertise router as dns server

but whenever needed, i always use the link local (fe80) addresses

Not really. It can be used still block many in app ads, telemetry etc. And even as a way to use DoH/DoT as ISPs are sometimes hijacking google, cloud flare dns to MCMC dns server now.

these dns based adblockers can NEVER block facebook/ig/youtube ads because the content comes from the same domain as the ads
it is not "dumb and meaningless" as it can still help block on

devices that you cant install adblockers: eg, smart tvs
devices that are a bit more painful to install adblockers onto: eg, android phone

and even then, running your own server has benefits like having exact control over what to block and unblock, logging for monitoring purpose, and also now with recent isp hijacks, sending your upstream requests encrypted so isp cant snoop on it

for blocking youtube ads, use firefox and ublock origin, that's all you need.

To get the actual IP address, you must read and parse the X-Forwarded-For HTTP header.
If the client didn't pass through any proxy, it should be only one IP address. If the client pass through multiple proxy, the field will contain a comma-separated list of IP address.

D-Link chew UDP 53 packet. You need to configure:

I did this to get ipv6 internet
first you need to obtain the ipv6 address of your adguard home device, then set it as ipv6 dns in your router settings.

we use adguard for DoH and block ads in the Internet, so it is still useful

Indeed, i found it very useful.Not only blocking popups ads, i configure with blocking malware, cryptojacking, scam, spam and phishing.

This is my test result with my chosen blocklist.

Done, ipv6 primary need to key in ip address from adguard and secondary leave it blank

If you wanna argue for the sake of argue, then lets argue

First of all, why i use another device and software? Because i can use different DNS upstream simultaneously, of course you would not understand that. The flexibility offered by AdGuard Home that you will never understand.

2nd, I am using Adguard to block Ads & offer a layer of protection to my elderly or not so IT savvy family members. And AdGuard Home offers a more granular settings compare to browsers extension that got Cripple By Google itself if you are using Google Chrome.

Yes it is all about DNSMASQ config, since there is GUI settings why not leverage it? It is like you prefer manual transmission car and I love auto transmission car and you don't have to laugh at me for being an auto transmission guy.

Nice
I been using this Adguard Home for almost 2 years down the road, it been very useful for my family members

Nice
Glad it is working for you

Initially using DOH to 3rd party server that provide preconfig blocklists maybe 4 years ago,before that just using browser plugin on my pc.
Since feb this year, i happen to buy new router to play around and decided to use dnsmasq + stubby(DOT) + adblock-lean on the router.Highly configurable.
I believe the blocklist format for adguard home abit different from adblock-lean. but with the same goals.
How do you run your adguard home? using docker container? or dedicated hardware?

Niceeee
4 years ago i am still a newbie in networking, now still a newbie but got level up from 0-1


Initially i run AdGuard Home with Raspberry Pi 4, then i switched to an mini x86 PC in order to get more firepower to run other services.

Same here, still noob. I have been using old x86 pc,spun up smoothwall to monowall to pfsense.i cant afford to run the machine 24/7 since higher electrical bill.so im switching to asic hardware (normal home router,tiks and wrts) and since i dont have gigabits internet, with hardware offload (WED etc), i can get away with cheaper and low wattage hardware like filogic 8xx.Btw, im caught fish for a living, not a network expert by all mean.

Well, i have a big family so have to use x86 device Bye bye energy saving device

Oh i see..i am from IT field but more to Server related, not network guy anyway, just olok olok network sometimes
Guess hobby & interest gather us all together to this Adguard stuff

beside adblock, i use adguard for content filter for my kids since it can force restriction mode for youtube plus blocking services like deviantart, etc.

i installed it on old intel atom netbook (lenovo s10-3). power usage is very low since it is only for adguard and file storage.

then i upgraded to intel n100 mini pc, install proxmox (act as my dev server since i WFH alot) and add adguard on it.

I got that same netbook sitting around lol
what distro did you put on it? did you disable the screen since its always on?

thinking about using it as an alternative to raspberry pi

i'm using headless debian. didnt bother with the screen settings because its always fold down.

just that the battery already busted. if blackout, i have to manually turn it back on lol.

Thx bro, now play those free games no more ads hahaha

Only ipv4 I use secondary dns as back up in case I restart my home assistant my internet won’t down

This post has been edited by INGfusion: Aug 21 2024, 04:10 PM

wah..i am still using intel atom D525
But good enough for my big family

Personally i recommend this Distro, DietPi, damn lightweight and has build in AdGuard as well

And it also support Raspberry Pi 4, 5 is On The Way

welcome, sharing is caring.

Hi, i'm newbie to AGH, i've just setup it and i'd like to ask why can't i access to the home interface using other device?

This post has been edited by The.Lucas.DaY: Aug 21 2024, 11:19 PM

tell us more about your setup
like have you configure static IP to the AGH device?

Yes, i configured static IP to the AGH device (a laptop), eg. interface 192.168.0.88 :88 bind port 88, both on the same network

I followed the instruction below from YT

can you open the adguard gui on the laptop (localhost:88 or 192.168.0.88:88) ?

Yes, i can open web interface on the laptop 1 with 192.168.0.88:88, not in laptop 2 with the same address

Usually windows firewall is not needed for local access…but have you tried disable firewall or add the ‘adguardhome’ exe in firewall exclusion?

This post has been edited by eds2: Aug 22 2024, 10:49 AM

Oh you are using AGH in windows, can you try to disable the Windows Firewall and try to access AGH from another laptop again?

Sorry I am using Linux based AGH, so my input might lead you wrongly, please bear with me

Thanks guy, i did it by added AGH.exe in firewall allow list.

Just fyi, those who use tm unifi, adguard and set doh and dot at this section, There’s probably left a couple of url you can use

Unfiltered adguard
Control d
Quad9 unfiltered

boss, yours adguard home can block youtube browser version ads?

Adguard Home, Pi-Hole

These cannot block Facebook, Instagram, Twitter, YouTube ads

Why? Because they can only monitor and handle DNS requests

So, it can see a request to googleadservices.com, and block it
But, these websites like YouTube, the ad comes from the same domain
So, if you want to block it, you'll have to block YouTube.com
Which will block the entire site

So, it's simply not possible for these to block YouTube ads

Use a browser based adblocker, uBlock Origin has always worked for me
Google wants it gone from Chromium browsers, so move to Firefox if needed

understood, thanks boss

Currently using NextDNS. Still testing it on my home network before making the recommendation to my boss for office level deployment. So far, this DNS service is quite robust, easy to config and is free (for up to 300k queries, after which, you can either use it disabled until next month, or pay RM79 per year, which is kinda cheap IMO. so far, tested some of the shady lanun sites, it managed to block it without any issues. Anybody else is using this DNS? Wanna know your thoughts on this service and whether or not it is suitable for commercial deployment.

I believe quite a few do
I use it when I'm out of home (can't be bothered to tunnel back home to use Pihole)

ControlD is another one that people use here

It's alright
Just that it seems to be just in a maintanance mode just keeping the service going
Not much active communication or updates
Forums are pretty dead too

But the core service works
They also have dns0.eu, free public DNS for EU countries, so unfortunately quite high latency if we try to use it