So, I plan to get a DNS resolver for adblocking soon.
Both AdGuard Home and Pi-Hole seem to be enticing options.
If you have experience with either, which do you prefer?
i looked at both and went with Pi-hole. this was 3 years ago when i looked so i am sure stuff has changed since then. and my reason for picking pihole may be irrelevant to you.
pihole is a truly open platform and works entirely with out needing dedicated apps or plugins on each device. pihole does have a nice gui now, but at the time it definitely was not as polished as adguard.
adguard will ask for money for some things. and while it is more polished, some advanced things seem to be harder to configure because of being more behind the scene.
i run pihole in a VM with hardware NICs passed through. there are a lot of ways to build a pihole system though. so that is up to what you have space for.
1 Like
huh, one hand feature in adguard seems to be optional Encrypted DNS upstream servers (DNS-over-HTTPS, DNS-over-TLS, DNSCrypt).
not used it, but had to use a separate app to get it working for my pihole.
also not sure how the blocklists work, but the wildcard/pattern matching feature looks real nice
1 Like
Having tried both, I settled on AdGuard Home. Pi-Hole expects a clean host to set-up on. AdGuard doesn’t care – it runs on anything, and being a FreeBSD guy, it makes me happy that I can run it on BSD.
I have AdGuard Configured without it’s own cache being backed by an Unbound resolver and NSD for local DNS resolution. I also like that it can also host DoT, DoS and Quic when you provide it with an SSL cert.
4 Likes
pihole can be installed on pretty much anything debian based, also.
honestly i think everyone that is using one of these, just picked the one for whatever reason they thought made sense to them, and they stuck with it. either is nice and is very likely to do what you need.
1 Like
I’ve used both but got tired of the chain of DNS servers so now use pure Unbound for adblocking with a script to download a list of hosts to block each day. You can’t really go wrong with either though.
1 Like
Can you share the lists of hosts you block or the script?
I’m new, so I’ll try these first, before upgrading to something more advanced like Unbound.
It’s written as an Oil script instead of Bash but it’s fairly simple and easy to change back to Bash.
#!/usr/bin/env oil
const URL_OISD_HOSTS = 'https://abp.oisd.nl/'
const URL_CNAME_TRACKERS = 'https://raw.githubusercontent.com/AdguardTeam/cname-trackers/master/combined_disguised_trackers_justdomains.txt'
const UNBOUND_CONF_PATH = '/etc/unbound/unbound.conf.d'
cd /tmp {
# Download and extract raw domains from each list
wget -q $URL_OISD_HOSTS -O - | grep '||' | sed "s/^..//;s/.\$//" > oisd.list
wget -q $URL_CNAME_TRACKERS -O - | grep -v '#' > adg_cname.list
# Combine lists and add unbound blackhole syntax
sort -u oisd.list adg_cname.list | sed "s/^/local-zone: \"/;s/\$/\" always_nxdomain/" > $UNBOUND_CONF_PATH/blacklist.conf
rm oisd.list adg_cname.list
}
unbound-control reload
No functionality for a whitelist currently but not super hard to do, I just haven’t needed to actually do it.
EDIT: You’d run it once per day with either cron or a systemd timer.
1 Like
You might also want to have a look at h**ps://github.com/0xERR0R/blocky which is a very nice piece of software for this kind of service.
I’ve used AdGuard for a while and PiHole for longer. I regret tring to get PiHole working the way I want to each and every time. It also likes to break upon updating, in my experience. While AdGuard does it’s thing and it’s always updated.
Go for AdGuard, 100%!
1 Like
I used to use pihole until 2-3 years back, but switched to Adguard home. Last time I compared the two was about a year ago. Adguard home is leaner, and supports various DNS crypto options better. (otoh i think it was DNS over TLS upstream?)
DHCP doesn’t work properly on Adguard (maybe they fixed it, I was only a partial implementation about a year ago last time I checked).
I run it in a container via docker compose, and I use dnsmasq for DHCP only.
1 Like