JLH
Blog
About

AdGuard Home

June 19, 2024

Intro

I’ve been using NextDNS for quite a while. It worked well enough, but I wanted to set something up that I could control locally. I was initially looking at Pi-hole, as it seems to be a widespread favorite. While I was researching, I came across several articles talking about AdGuard Home. I liked the user interface better, and it seemed to be a growing project. Ultimately, that was the route I went.

Installation

I chose to install AdGuard as a Docker container in one of my existing Proxmox VMs. It was straightforward. I just created a Docker Compose file from the information on the Docker Hub page. I chose to only forward ports 53 (tcp and udp) and 3000. I’m not using any of the additional features requiring the other ports.

Configuration

My configuration was also fairly simple. In pfSense, I setup my DHCP server to hand out the IP address for AdGuard as the DNS entry. I still have the DNS resolver enabled in pfSense, and it is setup to forward requests to Quad9 via TLS. After this, pfSense should no longer be receiving DNS requests for external addresses though.

In AdGuard, I bumped up the time window for showing statics on the main page. Under DNS settings, I left the default to forward requests via HTTPS to Quad9, but I also added a line to send any DNS requests for my home domain to my local pfSense DNS server. For private reverse DNS servers, my pfSense box is listed so that AdGuard can use it to pull device names to show in the statistics.

For blocklists, I’m a fan of the HeGaZi’s lists. I’m currently running multi pro, threat intelligence feeds, and several of the native tracker feeds.

Backup

Since I’m using AdGuard as my primary DNS for all devices, I wanted a simple backup. Sometimes I need to reboot my Proxmox server, and I don’t want internet to disappear for everyone during that time because the DNS is down. I decided to setup a Raspberry Pi with a POE hat to serve this purpose. AdGuard has specific instructions for installing on a Pi. Once that is setup, all I had to do was add the IP address of the Pi as a second DNS server entry in my DHCP server.

Conclusion

I’ve been running this for about 3 weeks at this point with absolutely no issues. I like being able to have more services self-hosted, and this was a simple win. At some point, I’d like to look at configuring my firewall rules to block attempts to access any external DNS servers. That should be fairly simple except for DNS over HTTPS. That’s a project for another day though.