Selfhosted Adblocker over network

Adguard home is a network-wide software for blocking ads and trackers. This will allow you to block domains and applications using DNS Records and also this does not require any client-side application installation or configuration. It also supports DOH - DNS Over HTTPS and DOT - DNS Over TLS which allows a smartphone to connect through the internet with encrypted DNS requests which will keep you away from IPS being able to decode the request data.

Adguard home in simple words is a recursive DNS that lookup for IP addresses for a domain from the main domain but it will not disclose any specific identity to track back it will server information so Ads will not follow up in your devices anymore.

Adguard vs PiHole

Why I prefer Aguardhome over Pihole is that it has native support for HTTPS and TLS encrypted traffic for DNS and setting up the DNS blocklist with auto-update were way-more easy compared to other self-hosted DNS server like blockly. Managing devices for DHCP with local domain names will help you just remember the domain name insist of the IP address of individual devices.

Docker Setup

Adguardhome gives support for all architecture in Linux even arm natively but docker gives comfort to recreate containers easily.

docker run --name adguardhome\
    --restart unless-stopped\
    -v /my/own/workdir:/opt/adguardhome/work\
    -v /my/own/confdir:/opt/adguardhome/conf\
    -p 53:53/tcp -p 53:53/udp\ # Plain DNS
    -p 67:67/udp -p 68:68/udp\ # DHCP only if you need
    -p 80:80/tcp -p 443:443/tcp -p 443:443/udp -p 3000:3000/tcp\ # Web dashboard and DOH
    -p 853:853/tcp\ # DOT
    -p 784:784/udp -p 853:853/udp -p 8853:8853/udp\ # DNS-Over-QUIC
    -p 5443:5443/tcp -p 5443:5443/udp\ # DNSCrypt
    -d adguard/adguardhome

It should be super simple, make sure to select all the interfaces in the next step for listening for incoming connection if you want to restrict access through a certain interface then select that. Then you will be asked to setup admin credentials.

At last, it will show you a guide on how to set up adguard for various devices. It will become easy if you just configure the router with this DNS server which you will find inside Lan Network settings under DHCP settings.

Once you are done with the setup it will direct you to the dashboard and you have to log in using admin credentials. You will have access to a dashboard with general statistics. Under the DNS setting, you will have the option to add more Upstream DNS servers which is the root DNS server for looking for DNS requests. If you add more than one, then adguard use some technique like LoadBalancer between all the DNS server which you have configured.

These settings of the DNS blocklist allows you to add different blocklist like Adblock, Malware, Content, Apps, and more. You can either choose from a predefined list or give any external link and you can check for updates to pull the latest block list.

DNS Over HTTPS / DNS Over TLS

Under Encryption settings, you can enable DNS over HTTP and enter information like your domain name, and port and if you have SSL certification you can update information. If not you can generate SSL certification using Let's Encrypt.

sudo apt-get update
sudo apt-get install certbot

sudo certbot certonly -d example.com -d dns.example.com

Now you can copy and paste the certificate with the private key which will encrypt the DNS traffic.

Thanks for reading this blog till the end, hope it was useful. Thank you!