Adguard Home - Docker Compose Setup

Self-Hosting Feb 24, 2024

Spice up your day by setting up a local DNS Server for network-wide ad, tracking and malware blocking.

Pi-hole used to be the old favourite for this type of setup however they've fallen behind in recent years and most of the fans have moved onto AdGuard Home.

AdGuard Home is another open-source DNS with blocking capabilities. If you aren't already aware, you set up your network to use the local AdGuard/Pi-hole server for DNS. When you try and access example.com your computer will send a lookup for the IP address of example.com, this query gets sent to your local server it then goes to the upstream such as Cloudflare (1.1.1.1), the response will then be forwarded to your device. The benefit of this setup is the blocking and caching it provides.

You can load in blocklists containing advertising or malware domains, so when your browser tries to access annoyingpopupads.com the request will simply get blocked (technically the IP of 0.0.0.0 is returned).

The caching a local DNS server provides can also be handy; if you request example.com and you already requested it 30 seconds ago it will serve that same IP without going off to fetch it. This can save a significant amount of time when browsing the web, usually around 3-200ms per lookup.

Pi-hole vs AdGuard Home

Feature Pi-hole AdGuard Home
DNS Blocking
DHCP Server
Docker Installation
Local DNS Entries (rewrites)
DoH/DoT Upstream
Answer queries via DoH/DoT
Upload HTTPS Certificate
Block Services (eg Discord/TikTok)
Blocklist Update frequency Once Per Week 1 Hour-1 Week

We have a post on setting up Pi-hole here.

Install

  1. Ensure you have Docker installed.
  2. Head to your home (or docker) directory: cd
  3. Create AdGuard Directory: sudo mkdir adguard
  4. Use the following template: sudo nano docker-compose.yaml:
version: "3"
services:
  adguardhome:
    image: adguard/adguardhome
    container_name: adguardhome
    ports:
      - 53:53/tcp
      - 53:53/udp
      - 784:784/udp
      - 853:853/tcp
      - 3000:3000/tcp
      - 80:80/tcp
      - 443:443/tcp
    volumes:
      - ./workdir:/opt/adguardhome/work
      - ./confdir:/opt/adguardhome/conf
    restart: unless-stopped

You may want to add - 67:67/udp -p 68:68/tcp -p 68:68/udp to use AdGuard as DHCP Server. You'll want to use this if you can't set DNS settings on your router. Ensure you turn off the router DHCP service first (Only one DHCP Server can be run on a network).

  1. Spin it up: sudo docker-compose up -d
  2. Setup AdGuard Home via the WebUI at http://[IP-Here]>:3000

Now just head to your router setting and configure the DCHP settings and set the DNS Server as your Adguard IP address. If you are unable to configure this you can turn off DHCP and use the AdGuard to handle DHCP (Look at the section above).

DNS Upstreams

These are configured under Settings > DNS Settings

You'll most likely want to be using DoH (DNS over HTTPS) or DoT (DNS over TLS) for your upstream. These will encrypt outgoing requests by using TLS. This stops your ISP from monitoring the lookups and protects you from DNS Cache Poisoning and DNS Hijacking.

Some DoH Options:

Provider Endpoint Notes
Quad9 https://dns.quad9.net/dns-query Malware domains blocked
Cloudflare https://cloudflare-dns.com/dns-query DoH for 1.1.1.1
Cloudflare https://security.cloudflare-dns.com/dns-query 1.1.1.1 with malware blocking
NextDNS Account Required nextdns.io 300k free monthly queries

Want more options? Visit https://dnscrypt.info/public-servers

Best Malware Blocklists for Pi-hole Adguard Home
Top malware, virus and phishing DNS blocklists/blacklists for Pi-hole and Adguard Home.
CyberHostCyberHost

Tags

CyberHost

Recommended for you