AdGuard Home is a powerful network-wide ad-blocking and privacy protection solution that enhances your online browsing experience. It acts as a local DNS server, filtering out unwanted advertisements, trackers, and malicious websites before they reach your devices. By deploying AdGuard Home on your network, you gain comprehensive control over the content that enters your home or office, offering a wide range of benefits.
AdGuard Home provides a convenient way to block ads, malware, and undesirable websites without relying on browser extensions or device-specific solutions. By implementing it on your router, you can effectively block these elements at the DNS level, offering several benefits:
- Ad Blocking: AdGuard Home allows you to eliminate ads from all devices connected to your network. It works across various platforms, including smartphones, tablets, computers, and IoT devices, without requiring individual installations or configurations. With AdGuard Home, you can enjoy an ad-free browsing experience, free from annoying pop-ups, banners, and video ads.
- Malware Protection: By using AdGuard Home, you can enhance your network's security by preventing access to known malicious websites. It actively blocks connections to sites that are associated with malware, phishing attempts, or other online threats. This helps safeguard your devices and data from potential harm.
- DNS-Level Filtering: AdGuard Home operates at the DNS level, meaning it intercepts and filters out unwanted content before it even reaches your devices. This approach ensures consistent and network-wide protection against ads, malware, and harmful websites, regardless of the browser or application you are using.
- Easy Implementation: AdGuard Home can be set up on your router, making it a centralized solution for all devices on your network. Once configured, it automatically applies ad-blocking and content filtering rules to every connected device, streamlining the process and eliminating the need for individual installations or maintenance.
- Customization: With AdGuard Home, you have the flexibility to customize your filters and rules based on your preferences. You can create whitelists and blacklists, define specific blocking categories or domains, and fine-tune the ad-blocking settings according to your needs. This empowers you to have greater control over the content that is allowed or blocked on your network.
Finding DNS filters
How AdGuard is able to block all this for you is that you have to add filters to it by adding lists that people have made, which is the easier way, or you can add custom filters like this:
||example.org^:block access to example.org and all its subdomains;
@@||example.org^:unblock access to example.org and all its subdomains;
127.0.0.1 example.org:respond with 127.0.0.1 for example.org (but not for its subdomains);
! Here goes a comment.:just a comment;
# Also a comment.:just a comment;
/REGEX/:block access to domains matching the specified regular expression.
The custom filters help you narrow down the blocking, and if the filtering lists block something important, like when apps require you to unblock Google Analytics to work, you would add:
Which would override the filter list and unblock it on the DNS level.
How would you install this?
There are several ways to install AdGuard Home, depending on your technical expertise and the device or platform you intend to use. Here are some common installation methods:
- Dedicated Hardware: AdGuard Home can be installed on dedicated hardware devices like Raspberry Pi or similar single-board computers. This method provides a stable and always-on solution for running AdGuard Home. You would need to follow the installation instructions specific to your chosen hardware.
- Virtual Machine: If you have experience with virtualization software like VirtualBox or VMware, you can set up a virtual machine and install AdGuard Home on it. This allows you to run AdGuard Home within a virtualized environment, providing flexibility and compatibility across various operating systems.
- Docker: Docker is a popular containerization platform that simplifies the installation and management of applications. AdGuard Home has an official Docker image available, allowing you to deploy it easily using Docker on supported platforms. This method is particularly useful if you are familiar with Docker or have an existing Docker infrastructure.
- Linux Distribution Packages: AdGuard Home offers installation packages for various Linux distributions, such as Debian, Ubuntu, Fedora, and CentOS. These packages streamline the installation process and integrate AdGuard Home with the package manager of your chosen Linux distribution, simplifying updates and maintenance.
- Windows, macOS, and FreeBSD: AdGuard Home also provides pre-compiled binaries for Windows, macOS, and FreeBSD. You can download the appropriate binary for your operating system and execute it to start using AdGuard Home. This method is straightforward and suitable for those using these operating systems.
- Home Network Routers: Some advanced home routers offer built-in support for AdGuard Home. In such cases, you can directly enable AdGuard Home functionality through your router's firmware or settings. This method may vary depending on your specific router model, so consult your router's documentation or manufacturer's website for instructions.
I went with two dedicated servers that is running Proxmox on two of my Proxmox clusters. Ok, why did I say two clusters? Because you need to run two Adguard Homes if you want to have a stable system that can use the other Adguard Home in case one of them goes down. In networking, you don't need a single point of failure, especially when your devices will be relying on this to access the internet and translate domains to IPs.
I installed it on my two Proxmox's with this handy script.
bash -c "$(wget -qLO - https://github.com/tteck/Proxmox/raw/main/ct/adguard.sh)"
You can checkout the other scripts at https://tteck.github.io/Proxmox/
Run this script in the Node shell, and it will walk you through the setup.
To ensure uninterrupted functioning of the DNS servers for AdGuard Home, it is necessary to assign a static IP address to the server's MAC address within your router settings. This step is crucial because if the IP addresses assigned to the DNS servers were to change dynamically, it would result in the servers going offline or becoming inaccessible.
By associating a static IP address with the server's MAC address, you create a fixed reference point within your network. This allows your router to consistently direct DNS traffic to the correct IP address, ensuring that the AdGuard Home DNS servers remain operational and accessible.
Assigning a static IP address to the server's MAC address typically involves accessing your router's administration interface and locating the DHCP (Dynamic Host Configuration Protocol) settings. Within these settings, you can manually map the MAC address of the AdGuard Home server to a specific IP address that will remain unchanged.
By establishing this static IP assignment, you provide a stable foundation for AdGuard Home to function optimally and maintain continuous DNS resolution and ad-blocking capabilities within your network.
Setting up filter lists
This is trial and error because you might use a service that could be on these lists. In the Adguard Home admin panel, you would go to
Filters > DNS Blocklists > Add Block List (Green Button) > Choose from the list.
Now you need to figure out which works for you, but I've been perfecting my lists for awhile, and I can give you some good ones:
AdGuard DNS filter https://adguardteam.github.io/AdGuardSDNSFilter/Filters/filter.txt Online Malicious URL Blocklist https://malware-filter.gitlab.io/malware-filter/urlhaus-filter-agh-online.txt NoCoin Filter List https://adguardteam.github.io/HostlistsRegistry/assets/filter_8.txt OISD Blocklist Big https://adguardteam.github.io/HostlistsRegistry/assets/filter_27.txt Dan Pollock's List https://adguardteam.github.io/HostlistsRegistry/assets/filter_4.txt Fanboy's Social Blocking List https://easylist.to/easylist/fanboy-social.txt Scam Blocklist by DurableNapkin https://adguardteam.github.io/HostlistsRegistry/assets/filter_10.txt The Big List of Hacked Malware Web Sites https://adguardteam.github.io/HostlistsRegistry/assets/filter_9.txt Malicious URL Blocklist (URLHaus) https://adguardteam.github.io/HostlistsRegistry/assets/filter_11.txt Fanboy's Annoyance List https://secure.fanboy.co.nz/fanboy-annoyance.txt Phishing URL Blocklist (PhishTank and OpenPhish) https://adguardteam.github.io/HostlistsRegistry/assets/filter_30.txt Dandelion Sprout's Anti-Malware List https://adguardteam.github.io/HostlistsRegistry/assets/filter_12.txt
As the admin of the AdGuard home, you would now need to watch the query log and top blocked domains to see if anything is being blocked that you need. If it is being blocked, you would need to create the custom filter list that I explained above.
Upstream DNS servers
So when Adguard Home listens on port 53, it gets a DNS request, runs it through the filters, and then sends it to the DNS upstream servers that you can change.
Settings > DNS Settings > Text Box
You can see a list of DNS upstream settings here: https://adguard-dns.io/kb/general/dns-providers/
So these two servers seem to be the fastest and most stable. You can play around and see if there are better ones in your region.
Now you have three choices for how it interacts with the upstream servers. I have picked Paralel Requests, but you can play around with this setting and see which is faster for you.
Once you have set all that up, test the upstreams, and then press Apply to save.
Once you have configured your filters and prepared AdGuard Home for integration into your network, the next step is to update the DNS server settings on your router. By changing the DNS servers to the static IP address you previously assigned, you ensure that all network devices benefit from AdGuard Home's functionalities.
To make this adjustment, access your router's settings through its administration interface. Look for the DNS server settings section, which may be located in the network or internet settings. Replace the existing DNS server addresses with the static IP address you set up for AdGuard Home.
To find the specific IP address to enter, you can refer to the AdGuard Home administration panel's Setup Guide. The setup guide typically provides clear instructions on where to locate the necessary DNS server information.
By modifying the DNS server settings in your router, all devices connected to your network will automatically utilize AdGuard Home for DNS resolution, ad-blocking, and content filtering. This ensures consistent protection and an improved browsing experience across your entire network.
Remember to save the changes made to the router's DNS server settings to apply the updates effectively.
In conclusion, deploying AdGuard Home provides an effective means of protecting the devices in your network from malicious sites and URLs. It offers a valuable layer of defense against potential threats. However, it's important to note that no solution is entirely foolproof, and regular maintenance and adjustments are necessary.
By continuously fine-tuning the filters according to your preferences, you can ensure an optimal browsing experience while maintaining adequate protection. It's crucial to regularly review and update the filters, as they are periodically updated to address new threats and improve performance.
Remember that the ultimate goal is to strike a balance between security and accessibility. While blocking harmful content is important, it's equally vital to ensure that legitimate websites and services are not inadvertently blocked. Regular monitoring and adjustment of the filters help achieve this equilibrium.
AdGuard Home is just one tool in the arsenal of protecting your home and family from the potential risks and tracking prevalent on the internet. It complements other security measures and promotes a safer online environment.
By being proactive, staying informed about emerging threats, and regularly maintaining and fine-tuning your filters, you can enhance the protection of your network, ensuring a safer browsing experience for your home and family.