Adguard Home Setup

Networking Jun 23, 2021

Spice up your day by setting up a local DNS Server for network-wide ad, tracking and malware blocking.

Pi-hole used to be the old favourite for this type of setup however they've fallen behind in recent years and most of the fans have moved onto AdGuard Home.

AdGuard Home is another open-source DNS with blocking capabilities. If you aren't already aware, you set up your network to use the local AdGuard/Pi-hole server for DNS. When you try and access example.com your computer will send a lookup for the IP address of example.com, this query gets sent to your local server it then goes to the upstream such as Cloudflare (1.1.1.1), the response will then be forwarded to your device. The benefit of this setup is the blocking and caching it provides.

You can load in blocklists containing advertising or malware domains, so when your browser tries to access annoyingpopupads.com the request will simply get blocked (technically the IP of 0.0.0.0 is returned).

The caching a local DNS server provides can also be handy; if you request example.com and you already requested it 30 seconds ago it will serve that same IP without going off to fetch it. This can save a significant amount of time when browsing the web, usually around 3-200ms per lookup.

Pi-hole vs AdGuard Home

Feature Pi-hole AdGuard Home
DNS Blocking
DHCP Server
Docker Installation
Local DNS Entries (rewrites)
DoH/DoT Upstream
Answer queries via DoH/DoT
Upload HTTPS Certificate
Block Services (eg Discord/TikTok)
Blocklist Update frequency Once Per Week 1 Hour-1 Week

Although it's a little dated we have a post on setting up Pi-hole here.

Install

  1. Ensure you have Docker and docker-compose installed.
  2. Head to your home (or docker) directory
  3. Create AdGuard Directory: mkdir adguard
  4. Use the following template: nano docker-compose.yaml:
version: "2"
services:
  adguardhome:
    image: adguard/adguardhome
    container_name: adguardhome
    ports:
      - 53:53/tcp
      - 53:53/udp
      - 784:784/udp
      - 853:853/tcp
      - 3000:3000/tcp
      - 80:80/tcp
      - 443:443/tcp
    volumes:
      - ./workdir:/opt/adguardhome/work
      - ./confdir:/opt/adguardhome/conf
    restart: unless-stopped

You may want to add - 67:67/udp -p 68:68/tcp -p 68:68/udp to use AdGuard as DHCP Server. You'll want to use this if you can't set DNS settings on your router. Ensure you turn off the router DHCP service first (Only one DHCP Server can be run on a network).

  1. Spin it up: sudo docker-compose up -d
  2. Setup AdGuard Home via the WebUI at http://IP:3000

Now just head to your router setting and configure the DCHP settings to use the IP address of your AdGuard to answer DNS queries. If you are unable to configure this you can turn off DHCP and use the AdGuard to handle DHCP (Look at the section above 5).

When looking for upstream DNS providers Quad9 (DoH: https://dns.quad9.net/dns-query) is a solid choice it's rapid and includes malware blocking. Other top privacy respecting DNS Services can be found at privacytools.io.

Best Malware Blocklists for Pi-hole Adguard Home
Top malware, virus and phishing DNS blocklists/blacklists for Pi-hole and Adguard Home.

Tags