[HN Gopher] AdGuard Home: Network-wide ad- and tracker-blocking ...
___________________________________________________________________
AdGuard Home: Network-wide ad- and tracker-blocking DNS server
Author : kls0e
Score : 187 points
Date : 2024-02-06 16:48 UTC (6 hours ago)
(HTM) web link (github.com)
(TXT) w3m dump (github.com)
| zukzuk wrote:
| I looked at Pi-hole recently but went with AdGuard Home. Nicer UI
| and nicer everything by all appearances. There's also a
| surprising amount of customization for something this slick, like
| being able to defer to my internal DNS for local private domain
| queries, etc.
|
| I'm not entirely sure why AdGuard is giving this away, and maybe
| I should look into that, but seemed like a relatively low-risk
| decision to go with this for now. And I can't say enough about
| how much more pleasant using things like the NYTimes app has been
| without the obnoxious ads.
| andix wrote:
| Yes, it's really awesome. The split-dns feature has all the
| options you would imagine.
|
| I thought i would need a second dns server behind it, but i
| could add all the rules I need right into adguard home. It even
| supports DoT and DoH upstreams, which is still not a thing with
| many home routers.
|
| Edit: here are the docs:
| https://github.com/AdguardTeam/AdGuardHome/wiki/Configuratio...
| madduci wrote:
| They can expand their user base and when they have acquired a
| certain amount of people, switch to a licensed model?
| andix wrote:
| The main repo is GPLv3:
| https://github.com/AdguardTeam/AdGuardHome
|
| They already have many other commercials products and I guess
| also the default filter rules are very good because of their
| experience in the domain.
|
| But I think you can use it completely without the AdGuard
| servers and use other filter list sources.
| andix wrote:
| About the give-away-for-free aspect I was also wondering. Do
| they maybe configure their dns servers as default upstream and
| hope many people keep the defaults? DNS is one of the best
| technologies to do data mining and sell the data. I guess it's
| also why all those easy to remember dns servers like 8.8.8.8
| and 1.1.1.1 exist. Google and Cloudflare for sure don't do it
| just to be nice.
|
| Disclaimer: adguard claims not to sell any customer data.
| JadoJodo wrote:
| I ran a competing project[0] on my home network for a few years
| before I discovered NextDNS[1]. What I lost in performance
| (requests don't leave my house) I gained in portability: ALL my
| devices can take advantage - at home and away - and time-saved.
| PiHole works 90% of the time, but when it did stop working, I'd
| have to spend a bit of time fixing it. At $20/year, I simply
| couldn't compete with NextDNS.
|
| Note: This isn't a shill for NextDNS; I love these kinds of
| projects and think they absolutely should exist, but NextDNS just
| happens to be one of those dead-simple SaaS tools that is an
| insanely good value.
|
| 0 - https://pi-hole.net/
|
| 1 - https://nextdns.io
| drewg123 wrote:
| I love NextDNS.
|
| The one (fairly huge) issue that I have is that it cannot
| handle captive portals when its enabled on my iPhone. So if I'm
| joining the wifi on a plane, etc, I need to remember to turn it
| off. This means that I cannot recommend it to my non-technical
| friends.
| maronato wrote:
| I've been using NextDNS for a little while and don't remember
| having issues with captive portals on my iPhone. Maybe
| something changed?
| hipsterstal1n wrote:
| Most likely it's due to the different lists you can add or
| use on NextDNS. I also have issues with captive portals (I
| run a number of lists on NextDNS) and I just flip it off
| and on when I need to.
| mbesto wrote:
| Interesting. I've had the same issues. Is there a captive
| portal whitelist somewhere?
| drewg123 wrote:
| I just checked, and I don't use any lists, except for an
| allow list I just started with captive portal domains. Eg
| _.aainflight.com,_.captive.apple.com, etc
| air7 wrote:
| A general trick for bringing up the captive portal manually
| is to browse to a non ssl url such as http://example.com
|
| The portal would unapologeticly mitm the server response with
| a redirect to the portal login page.
|
| The domain needs to exist (to pass DNS) and not have HSTS,
| but otherwise any address will do.
| ssklash wrote:
| http://neverssl.com/ is my go-to for this.
| scosman wrote:
| Not http://nevertls.com ?
| therealmarv wrote:
| +1 for nextdns definitely, that would be also my preferred
| choice.
|
| Alternative and free for private usage is to set DNS to:
| dns.adguard-dns.com
|
| on your devices to block ads with DNS.
|
| UPDATE: it seems the old one was dns.adguard.com (which was
| blocked in some countries)
| greenie_beans wrote:
| omg, thank youuuu
| bityard wrote:
| For the home-gamers without a strong grip of DNS, note that
| you can't enter a domain name into your resolver fields, you
| have to use the IPs: 94.140.14.14
| 94.140.15.15 2a10:50c0::ad1:ff
| 2a10:50c0::ad2:ff
|
| Also, it looks like https://dns.adguard-dns.com/ redirects to
| https://adguard-dns.io/ which is a paid service for more
| advanced DNS filtering, a la NextDNS.
| JulianWasTaken wrote:
| Interesting -- for me pi-hole has worked for so long that I've
| forgotten my login even, but when I redo my home network in the
| near future I definitely intend to re-evaluate the options.
| Sounds like I've got 3 now...
| nickthegreek wrote:
| you are gonna want to do a 'pihole -up' every few months. I
| would suggest finding that password!
| afruitpie wrote:
| Another great (and free!) option is Mullvad's ad-blocking DNS
| over TLS or HTTPS.
|
| https://mullvad.net/en/help/dns-over-https-and-dns-over-tls
| mrbonner wrote:
| i paid for NextDNS back in 2020 but discontinue the following
| year due to services such as streaming from PBS app and
| websites not working properly. I knew this maybe related to
| aggressive blocking DNS but I wasn't having the time to
| investigate. I have no complain about NextDNS. Their service
| works and pricing is fine. I just use Adguard premium now and
| have no issue for a year.
| i2shar wrote:
| Haven't used NextDNS but have used PiHole and currently running
| AdGuard Home. But if you are paying $20/year just for DNS
| encryption/blocking, you may consider upgrading to Mullvad
| which gives you DNS Ad blocking but also IP anonymity,
| tunneling etc.
| ThePowerOfFuet wrote:
| The two are not the same; with NextDNS I can choose to enable
| logging and see all requests from each device, as well as
| allowlist/denylist any domain/subdomain I want.
| oceanplexian wrote:
| Except all of these third party VPN and DNS type services are
| literally NSA honeypots and privacy nightmares. I get that
| you have to do DNS lookups somewhere, but I'm not going to
| make it ridiculously trivial for a bad actor to scoop up all
| that data conveniently in a central location.
| hackeman300 wrote:
| Mullvad is an NSA honeypot? Got any sources on that?
| nprateem wrote:
| I agree there's a very high chance they and the majority
| of other VPNs are - or if not the US some other intel
| org.
|
| The US government has form (what was that early crypto
| machine they sold to allies and it was backdoored?), and
| they'd be foolish to miss such a strategically obvious
| play.
| lencastre wrote:
| Yes, let me just get my tin foil roll, stand up in front
| of the mirror,...
| screamingninja wrote:
| >> consider upgrading to Mullvad
|
| > all of these third party VPN and DNS type services are
| literally NSA honeypots
|
| https://mullvad.net/en/help/privacy-policy
|
| It is up to you to decide what you believe, but Mullvad is
| a swiss company that does not ask for your personal
| information for signup and even allows payment in cash. You
| hurt your own credibility each time you make an unqualified
| claim without looking into it.
| the-dude wrote:
| Swiss : https://en.m.wikipedia.org/wiki/Crypto_AG
| lnxg33k1 wrote:
| I also switched from pihole, because of the random disservice,
| I'd have it working, the suddently it would just stop, without
| changing anything, and even having it in their own docker
| container, unbelievable, I am quite happy with adguardhome, but
| now I kinda would try this nextdns
| hsshah wrote:
| Have you looked into their privacy/data collection policies?
|
| Generally prefer local solutions but gave up on Pi-hole some
| time back after recurring issues. Currently using client-
| specific adguard; however the centralized management with
| nextdns is enticing.
| evanreichard wrote:
| I'm curious what issues you ran into with Pi-hole? I was
| running my instance for years without a single hiccup. I ended
| up moving to AdGuard Home about a year ago though because I
| wanted to run it on my OPNSense box.
|
| I have an automatic WireGuard VPN set up on my devices to VPN
| into my home network when I'm not connected to my SSID, so my
| local DNS still works remotely.
| fdgadfagfgd wrote:
| I think op's saying local DNS was fine and preferred, just
| not usable outside the home network.
| zikduruqe wrote:
| > I have an automatic WireGuard VPN set up on my devices to
| VPN into my home network when I'm not connected to my SSID,
| so my local DNS still works remotely.
|
| Exact same setup for me also.
|
| I also run Tailscale since I have run into some remote
| networks that blocked wireguard's port.
| tamimio wrote:
| I did have several issues with adguard home, after some time
| (or packets?) the dns wouldn't resolve and basically you
| can't open any website, you can ping with no issues but not
| opening the site, only resolved by either restarting the
| server or waiting few minutes, didn't bother to troubleshoot
| it but I tried it on several hardware and got the same issues
| with different interruptions time.
| lencastre wrote:
| Is there any config update to the wire guard profile needed
| to ensure that DNS request traffic is routed through pi-hole?
| evanreichard wrote:
| I use the bare WireGuard app on iOS. I just statically set
| the DNS server to the AdGuard Home IP (or Pi-hole IP) on my
| local network in the app.
| therealfiona wrote:
| Too many false positives with Pi-Hole. I never felt
| comfortable putting my partner on the same vlan that it was
| serving DNS requests for fear that something would break for
| them when I was out of town, unable to get into the pi-hole
| and sort out the issue.
|
| I also had my banking app stop working one day. Never could
| get it working. Eventually I just got fed up with having to
| switch vlans or to mobile data to check my bank and got rid
| of the pi-hole.
|
| The blocker on PFsense eventually had the same issue.
|
| Realistically, I was probably running too many overly
| restricting blocklists for my actual needs.
|
| But, I also don't want to fiddle with messing with the out of
| the block blocklists that also caused me issues.
| qzx_pierri wrote:
| Couldn't you just monitor the query log and whitelist
| domains that were false positives?
| evanreichard wrote:
| I can empathize with the sometimes aggressive blocking, and
| as you pointed out can be pretty block list dependent.
|
| I generally will go in and whitelist things if a site
| breaks due to a DNS block, but of course putting your
| partner on the same VLAN can be problematic. I "got around"
| that by having a button in Home Assistant that will
| completely turn off Pi-hole (and now AdGuard). So my
| partner will go in and toggle that if there's a problem.
|
| AdGuard Home does also have the ability to completely
| disable blocking for specific clients.
| nkrisc wrote:
| I had similar issues and the problem with a white list is
| it can be very difficult to figure exactly which cryptic
| subdomain of some major company is necessary for the
| service to work, without just allowing everything and
| defeating the purpose .
| swed420 wrote:
| > I never felt comfortable putting my partner on the same
| vlan that it was serving DNS requests for fear that
| something would break for them when I was out of town
|
| One potential workaround, if your hardware supports it, is
| to broadcast two separate SSIDs for general users: one with
| a blocklist, and one without as a fallback. Users just need
| to know when to use each.
| stranded22 wrote:
| I love nextdns - pihole was fine but required admin, and I also
| had challenges vpn'ing in to use it out side of home. Whereas
| nextdns is simple to use, and effective.
| verelo wrote:
| No idea how I have been living under a rock. I was using
| Google dns forever, but just switched my router over to next!
| This looks amazing, and great to see so many people using it
| with positive feedback.
| temp0826 wrote:
| Happy nextdns user here who used to have an overly-complicated
| setup with pihole and vpns etc. The only thing I have to
| complain about is the iOS app- I really wish it had a builtin
| way for viewing logs and white/blacklisting domains from the
| app, without having to go to the site. (Other settings would be
| nice too, sure, but as aggressive as I run it I find myself
| fiddling with the whitelist the most)
| JaggedJax wrote:
| I've used ControlD [https://controld.com/] for this and liked
| it. Does anyone know how NextDNS compares to it?
|
| ControlD has worked well for me, outside a few UI complaints I
| have with their site. I do have some concerns with trust as I
| don't know much about ControlD, and I'd rather use the most
| trusted service for this.
| rnicholus wrote:
| I've been a NextDNS user for years now, and am trying out
| ControlD (last week) before I commit to switching. NextDNS
| development seems to have stalled and there are a number of
| conveniences missing, such as being able to label allowlist
| entries (ControlD supports this). Also, running the NextDNS
| app on a device that use a different profile then the one on
| my home router results in constant issues when the device
| wakes from sleep (not able to resolve domains for a
| noticeable amount of time on wake). NextDNS claims this is an
| Apple issue, but I don't think that's entirely true.
| Certainly not a problem for other similar services.
|
| I'm seeing ControlD as much more feature-rich and the service
| is evolving faster. I also personally like the UI a bit more
| vs NextDNS. Prices are comparable.
| SparkyMcUnicorn wrote:
| It looks like cost is not comparable. ControlD pricing is
| per user and a router costs $5/month, but NextDNS is a flat
| $20/year.
|
| So ControlD would be significantly more than NextDNS for me
| personally.
| JaggedJax wrote:
| Their "personal" pricing is $20 per year. It looks like
| they've moved that to a separate pricing page and are
| gearing the other for business use.
| rnicholus wrote:
| It's very much comparable...for personal use:
| https://controld.com/plans?step=plans
| SparkyMcUnicorn wrote:
| With your link, I'm only seeing "Free Trial". While I'm
| not seeing any pricing for personal use (without signing
| up at least), I'll take you at your word.
|
| Maybe I'll give it a try sometime.
| rnicholus wrote:
| That's odd. Even in incognito mode i see 2 plans and 2
| prices for personal use.
| idatum wrote:
| I ran Pi-hole along with my OpenBSD router running unbound for
| some period. Then I realized I can download the same entries
| used for Pi-hole, AdGuard, uBlock, etc. I created a simple
| script that generates an unbound configuration that I can
| include in my unbound.conf file.
|
| One advantage over Pi-hole I noticed is I can return NXDOMAIN
| which makes more sense to me. I didn't see how I had that
| option with Pi-hole.
|
| I just checked, and the generated unbound configuration comes
| in at 218000 lines, so takes a moment on my Celeron J3060 class
| router when loading unbound.
| anon9874 wrote:
| Care to share your script?
| idatum wrote:
| If I recall, I was inspired by this:
|
| https://www.tumfatig.net/2022/ads-blocking-with-openbsd-
| unbo...
| screamingninja wrote:
| I setup Pi Hole with tailscale on an inexpensive cloud server.
| It is configured to serve DNS requests over the tailscale
| interface. Also added tailscale IP address of the Pi Hole to
| tailscale DNS override to ensure that all devices on the
| tailnet use it without any additional reconfiguration. For
| redundancy, I have multiple DNS servers on my tailnet. Family
| and friends can use it without worrying about portability and
| be protected at all times, especially on cell networks.
| scosman wrote:
| Tried this. Latency of DNS so critical, wasn't loving the
| self host option. Plus Tailscale wasn't quite reliable enough
| for all DNS traffic outside the house.
|
| I ended up with Pi-Hole on local network (manual DNS tied to
| Wifi SSID), NextDNS as default/fallback on other networks.
| s0ss wrote:
| Neat! Similar: If you happen to run pfsense on your network,
| check out pfblockerng, I really like it!:
| https://docs.netgate.com/pfsense/en/latest/packages/pfblocke...
| politelemon wrote:
| > Runs on your OpenWrt box
|
| Where are you seeing that? The only reference to OpenWRT I see is
| in the "Projects that use AdGuard Home" section which links to a
| different project.
|
| Otherwise that's a misleading title - this is a PiHole
| alternative.
| cricalix wrote:
| It absolutely runs on OpenWrt - simple as opkg install, then
| setting it up and sorting DNS redirection as needed.
| masfuerte wrote:
| Yes, but the title suggests that OpenWrt is the only place it
| runs. Which is misleading.
| dsissitka wrote:
| https://openwrt.org/docs/guide-user/services/dns/adguard-hom...
| rekabis wrote:
| What's the difference between this and just using their DNS
| addresses with the force redirect option enabled?
| skottenborg wrote:
| The internal DNS records are very handy if you host local
| services.
| winstonprivacy wrote:
| Sadly for the AdGuard team, there isn't much of an audience for
| this. It's one of those things everyone says they want but few
| people will actually install one, much less maintain one over
| time. Add to that the wife-forced uninstalls and the total long-
| term audience for this is (no kidding) in the thousands.
| breckenedge wrote:
| My spouse's device is on a pihole exclusion list. Can you not
| do this with AdGuard?
| zukzuk wrote:
| Yes, you can definitely use it selectively.
| jraph wrote:
| What is the reason for someone in the network to not want the
| filtering? Does this break some websites?
|
| My own devices are covered, I definitely want full filtering
| even when not at home and my devices are completely hackable,
| but I'm wondering if such a tool would be a convenience for
| other people using the network in particular with less
| hackable devices, and people likely to use my network are
| likely totally uninterested in ads, but I don't want this to
| be a pain.
| breckenedge wrote:
| Yes, it breaks some websites and apps that they use for
| work. My pihole also only runs on my "private" network, the
| "guest" network is not filtered.
|
| Apple's Private Relay also does not work behind a pihole.
| jraph wrote:
| Okay thanks! I guess I'm not in the target of these
| things.
| syslog wrote:
| Private Relay does work, but it circumvents the Pihole
| (so no adblocking).
| rockooooo wrote:
| It breaks a lot of websites, I used NextDNS for about two
| years but got tired of the headaches.
| dizhn wrote:
| I don't get this comment. It is basically the same kind of tool
| as the Pihole only much easier to install and maintain. (It's a
| single go binary) Isn't this a popular class of software?
| nickthegreek wrote:
| It is not a popular class of software to the masses, it is a
| popular class of software to a niche audience. I don't share
| as pessimistic attitude as OP though. I'm pretty sure the
| audience is in the tens of thousands!
| dizhn wrote:
| They have that many stars on GitHub. They actually also
| have thousands of forks each. The api probably still has a
| way to count downloads but I didn't bother. I wasn't
| claiming users in the millions anyway. :)
| winstonprivacy wrote:
| What's funny is that I was once extremely optimistic about
| the potential for such a device, to the extent of having
| sold and delivered a few million in product.
|
| Hard experience taught us that churn is just crazy high, no
| matter how compatible it easy to use you make it. Getting
| tens of thousands of stars is not the hard part because
| it's such an easy concept to like. But I would be surprised
| there are more than let's say ten thousand piholes in
| active use.
| bityard wrote:
| I guess I'm the exception to the rule, I spent a fair chunk of
| my previous weekend upgrading the hardware on my opnsense
| router/firewall so that I could virtualize opnsense and be able
| to glom on related services exactly like AdGuard Home easily.
| Naac wrote:
| Anyone know of an Adguard home or pihole equivalent service I can
| run as part of OPNSense?
|
| I currently have a different machine dedicated to pihole, but it
| would be intriguing to have something built in. I would imagine
| split DNS and firewall rules would be simpler this way.
| _micheee wrote:
| The built-in unbound dns server has support for blocklists,
| maybe you want to give it a try:
| https://docs.opnsense.org/manual/unbound.html
| moviuro wrote:
| Unbound with tags?
|
| *
| https://unbound.docs.nlnetlabs.nl/en/latest/topics/filtering...
|
| * https://try.popho.be/securing-home3.html
|
| *
| https://git.sr.ht/~moviuro/moviuro.bin/tree/master/item/lie-...
| bityard wrote:
| I'm in the process of migrating my OPNSense to a virtual
| machine so that I can run whatever network-related services I
| want right along side it in a container or VM. I used to scoff
| at those enterprising homelabbers who apparently stuck their
| firewall in a VM just because they could but I get it now. It's
| super nice to be able to just snapshot and back up the whole
| VM, and run whatever you want alongside it. (Although I will
| limit the box to specific network management things like
| AdGuard Home.)
| cycomanic wrote:
| Adguard runs directly on opnsense.
|
| https://0x2142.com/how-to-set-up-adguard-on-opnsense/
| lawn wrote:
| I run Adguard Home on my router with OPNSense. I don't remember
| how I set it up, but it wasn't that difficult.
| grebly wrote:
| How does it compare to pfblockerng on pfsense?
| rpnx wrote:
| Don't do this. Network firewalls are harmful. Let people
| configure their own firewalls on device. Having to VPN around
| network blocks is annoying to say the least. Network firewalls
| are harmful and just a lazy excuse for bad client security.
| sn0wf1re wrote:
| It isn't a firewall, it's a DNS server that returns fake
| results for entries in its blocklist.
| drcongo wrote:
| I run AdGuard Home on a Pi and it's fantastic. I was running
| PiHole previously and found it endlessly problematic, I rarely
| have to even think about AdGuard Home.
| triyambakam wrote:
| Coincidentally I just set up OpenWRT [1] on a NanoPi from
| FriendlyElectric.
|
| How would this fit into using Wireguard? Or, how would I go about
| that? It seems like there might be something conflicting about
| running both, but I am very new to it all.
|
| [1] It is actually running their FriendyWRT variation which came
| with the precompiled drivers for getting a Realtek USB wifi
| adapter to work, otherwise stock OpenWRT would work as well
| vosper wrote:
| What does this break, if anything? Anyone run into sites or apps
| where Adguard Home needed to be disabled? How easy was that?
| fursund wrote:
| Perhaps obvious, but if you're using mixpanel or posthog for
| analytics on anything you build, you'll have to put them on
| exclusion lists, in order to be able to use their analytics
| platform.
| mnt3 wrote:
| Depends on the blocklists you're using. I broke Google search
| sponsored links, some Slickdeals links, and the meta quest app
| store. You have the ability to whitelist as well if you want to
| unblock some things.
|
| I'm running it in a docker container and then pointing my
| router at it.
| pandemic_region wrote:
| Happy AdGuard user here. It's running directly on my EdgerouterX
| so no need for an extra device to maintain. I really love the
| high level service blocking as well, blocking the whole of
| Facebook is just ticking a checkbox!
| ittan wrote:
| Unsure if anyone here uses Technitium DNS(Opensource and free).
| It works on minimal hardware. I am running it on an Orange Pi 3
| LTS.
|
| https://technitium.com/dns/
| az09mugen wrote:
| Yup, running it on a pi 4. Simple to set up and use, happy with
| it. I didn't know about Adguard but I don't want to try it even
| if it seems good.
| justaman wrote:
| Will this work against ads on major streaming apps like prime,
| hulu, and netflix?
| Ninn wrote:
| No
| karolist wrote:
| Works fine, beautiful and simple UI, I have it on my Dell R230
| homelab server, running inside a container under Proxmox VM
| int_19h wrote:
| One other neat thing about AdGuard is that it is available as a
| Home Assistant addin - and it does integrate with the rest of HA,
| so you can e.g. have a switch to enable/disable blocking as part
| of your dashboard.
| dsheets wrote:
| I contributed improved ipset support to this project. As far as I
| know, it's one of the few off-the-shelf DNS servers that can
| insert result records into Linux ipsets to enable domain-based
| firewall policy. I run it on OpenWRT and use the ipset support to
| open the default drop firewall from my "smart" projector on my
| IoT subnet to NetFlix and YouTube. It sets the ipset entry expiry
| to the DNS TTL. Now, the only way for the machine to connect to
| the internet is to resolve a whitelisted domain and it can only
| access while the record is fresh. I haven't encountered any
| issues so far. I take it that some Chinese users use this same
| functionality to selectively VPN domains to evade GFW.
| steeve wrote:
| Currently running this as a Home Assistant addon is
| steviedotboston wrote:
| can this be used in conjunction with tailscale?
| dsheets wrote:
| I use it with WireGuard.
| aantix wrote:
| Is there something similar, say a proxy, that rewrites the
| responses to exclude certain ad patterns?
| miah_ wrote:
| Yes, Privoxy
|
| http://www.privoxy.org/
|
| It comes with all the limitations of using a HTTP Proxy in
| today's world where SSL is everywhere.
| 2OEH8eoCRo0 wrote:
| I love AdGuard Home, been using it for years now after PiHole
| gave me issues.
| Crosseye_Jack wrote:
| Also runs on home assistant. The only thing to remember is when
| your updating HA (or you forget that your HA pi is not on the
| UPS, and you trip your GFI when doing home maintenance on your
| ring main) that your DNS also goes down.
|
| Side note: it's always DNS...
| Dries007 wrote:
| Exactly why I run my DNS on an old pi just for that and some
| minor watchdog stuff.
| raajg wrote:
| Been 4 months and I'm pretty happy with the following setup:
| PiHole + RaspberryPi + Tailscale
|
| With Pihole running on a tailnet all my devices use it by default
| as long as they're on the same tailnet. That way I have seamless
| ad-blocking even when I'm on cellular data or my friends' wifi
| networks.
| smarterhome wrote:
| AdGuard Home is amazing! I used PiHole for a time but did run
| into small issues quite at lot. Mind you nothing serious but
| things like these are only really useful if they just work.
| Adguard Home works without any issues on my Pi setup via docker-
| compose [1] and it even runs on a second Pi as backup using a
| cool container called adguardhome-sync [2] to keep their
| configurations in sync. I am not seeing any ads in my network
| anymore and it is quite interesting to see how many tracking/ad
| requests are sent by some devices...
|
| 1 - https://thesmarthomejourney.com/2021/05/24/adguard-pihole-
| dn...
|
| 2 - https://thesmarthomejourney.com/2023/02/12/adguardhome-
| sync-...
| amelius wrote:
| How can this possibly work?
|
| I don't know much about how adtech works, but if I were Google
| I'd provide ad blocking detection to all of my clients. And it
| should be pretty simple to detect if parts of the network that
| are essential to my ads are being blocked.
| cyberax wrote:
| I really hate that all these services break DNSSEC. I guess it
| can't be helped.
| stzsch wrote:
| I got my glinet gl-axt1800 mainly for the adguard support out of
| the box, as a way to keep my smart tv experience sane. Works
| pretty well.
| JoshTriplett wrote:
| Standing reminder that any device smart enough to run a real web
| browser shouldn't use one of these and doesn't need one. uBlock
| Origin works much better for any device capable of running it,
| both in terms of user experience (the browser understands a block
| rather than a mysteriously failing request) and because it can
| block first party ads and clean up page layout.
|
| The primary use case for these is for blocking ads on devices
| that don't allow running a real browser and yet still shows ads,
| such as "smart home" devices, TVs, etc.
| gotschi_ wrote:
| Unfortunately it is a 11mb install, which makes it quite
| unfitting for your usual openwrt device
| time4tea wrote:
| You might be interested in py-hole. It's just a python script and
| some dnsmasq configuration, it runs on openwrt, is free and close
| to zero cpu usage.
|
| https://github.com/time4tea-net/py-hole
| vladgur wrote:
| With a self-hosted DNS internally, how do you handle fallback?
|
| For example if the box with Adguard Home or pihole crashes, can
| you configure your router or your devices in a way that would
| instead go to say cloudflare or google DNS?
| jerezzprime wrote:
| I dealt with a less-than-ideally reliable pihole by configuring
| the pihole as the primary DNS, and an external DNS server as
| the secondary (most devices accept 2 or more IPs for DNS).
| lurking_swe wrote:
| most routers let you set a primary dns server and a secondary.
| just set the secondary to something like google or cloud flare
| dns.
| smarkov wrote:
| I believe this only works if your ad blocking DNS is
| configured to return 0.0.0.0 for all blocked domains rather
| than NXDOMAIN, since then services might try using the
| secondary DNS instead and that would result in nothing
| getting blocked. Ideally your secondary DNS should be a copy
| of the primary.
| vladgur wrote:
| do you know if pihole or Adguard can configured to support
| confirming to the router or the client that resolution took
| place, rather than try the secondary DNS.
|
| If i understand you correctly, if you have a blocking
| internal DNS running pihole or Adguard and an external
| general DNS such as google or cloudflare, unless what you
| described can be configured, the requests that come back
| "blocked" from pihole would then simply be resolved by
| google/cloudflare, thus negating the point of pihole.
| moontear wrote:
| There is no primary and secondary dns on windows. Both dns
| servers are queried, if one goes down you are fine but you
| won't hit your local dns all the time.
| moontear wrote:
| Honestly? Have two instances and point to both via your router
| dhcp dns. Very Client will use them and you are good to go.
| There are also solutions like adguardhome-sync to keep both
| installations in sync.
| 35mm wrote:
| Those who are using DNS level ad blocking: how much do sites
| break? And how easy is it to unblock them?
|
| I currently use browser based blocking and find a lot of sites
| don't work at all. Typically SPAs.
|
| But if I have to use them, I can disable the adblocker in two
| clicks. How does that compare?
| HumblyTossed wrote:
| Sites break often if they're shitty. Especially if you click
| Google's "Sponsored" link by accident after a search because I
| block Google's ad stuff.
|
| But, you get used to what sites break and decide if it is worth
| bothering to fix it or not.
|
| I can disable my pihole by opening a browser, navigating to
| pihole and disabling it.
| ololobus wrote:
| I use PiHole, it does break some stuff here and there, and
| sometimes useful things like Private Relay or iCloud in iOS; or
| once YouTube history stopped working for me (apparently they
| use a separate domain to track watched videos and progress!).
| It also depends on the block lists you upload. It's pretty easy
| to unblock, especially web, as you just look on which domain
| cannot resolve in the browser dev tools and add it to the allow
| list.
|
| Yet, DNS-based blockers have a limited usefulness at this
| moment as some major ad-providers started using the same
| primary domain for serving ads. For example, YouTube, partially
| Google, Yandex. I guess they cover everything with top level
| load-balancer and then route internally to specific service
| ingresses
| lock-the-spock wrote:
| I use AdGuard home as part of my HomeAssistant setup and have
| had no problem at all. Only thing is to turn off the enforced
| safe search as that quite reduces results.
| LeoPanthera wrote:
| It entirely depends on which blocklist(s) you use. I had to
| stop using the StevenBlack list because it started breaking a
| _lot_ of things, apparently intentionally.
|
| I recommend using only one list, rather than a combination of
| several. I switched to the https://oisd.nl Big List, which has
| been great... although it did break GitHub yesterday. That was
| the first breakage since I switched, and it was fixed when I
| reported. But still, keeping an eye on it.
| nprateem wrote:
| Forget about streaming media from amazon prime and various
| terrestrial broadcast apps. But just create 2 networks, one
| protected, one not.
| kodt wrote:
| Affiliate links break, which can be annoying for other members
| of the household who may want them to work.
| downrightmike wrote:
| rarely breaks. Also simple regex blocking goes a long way: .
| _ads._ will get rid of most ads domains. . _tele._ for
| telemetry etc
| dang wrote:
| Related:
|
| _AdGuard Home: Network-wide ads and trackers blocking DNS
| server_ - https://news.ycombinator.com/item?id=33387678 - Oct
| 2022 (113 comments)
|
| _Show HN: AdGuard Home - an open source network-wide ad blocker_
| - https://news.ycombinator.com/item?id=18238503 - Oct 2018 (2
| comments)
| readscore wrote:
| I'm experienced in DNS but have never seen the point in DNS
| blocklists. It feels like the wrong layer.
|
| I do adblocking with a browser extension. The adblocking has more
| context, can modify the page, and has easy UI integration for
| debugging and turning it off.
|
| What else are DNS blocklists for? Clients except browsers?
|
| For the record, on my desktop I use systemd-resolved (for DNSSEC)
| and dnscrypt-proxy2 (for encryption). On my router I run unbound
| as recursive resolver for other devices.
|
| On my phone I use quad9, and adblocking via Firefox.
| Larrikin wrote:
| I enjoy having ads blocked in apps and on my iPad, where ad
| blocking is extremely limited otherwise.
|
| If you look at the logs from your media box, (whether that is
| your TV, Roku, or whatever) there's a massive amount of
| tracking that gets sent up.
|
| Combined with Tail scale I can even block ads and tracking on
| my devices when I'm not home.
| seanieb wrote:
| AdGuard is a Russian company, with Russian engineers, the
| majority of AdGuard developers and other employees working from
| Moscow, registered in Cyprus. Not a great recipe. Hard pass on
| security grounds.
___________________________________________________________________
(page generated 2024-02-06 23:00 UTC)