Introduction

Pi-hole and AdGuard Home are open-source network-wide ad blocker and privacy protection software designed to protect any devices on your home. It functions as a DNS (Domain Name System) sinkhole, which means it filters and blocks requests to ad and tracking domains at the DNS level before they reach the devices on your network. This effectively prevents unwanted ads, pop-ups, and tracking attempts from appearing on all your family devices.

Key features and functions of Pi-hole and AdGuard Home

  • Ad Blocking: Both Pi-Hole and AdGuard Home blocks ads, banners, and pop-ups on all devices connected to your home network. By blocking ads at the DNS level, it works across various devices, including computers, smartphones, tablets, smart TVs, and IoT devices.
  • Privacy Protection: In addition to ad blocking, Both Pi-Hole and AdGuard Home also blocks tracking and analytics domains, enhancing your online privacy by preventing websites from collecting data about your browsing behavior.
  • Parental Control: Both Pi-Hole and AdGuard Home can be configured to provide parental controls, allowing you to block access to specific websites or content categories for family members.
  • Safe Browsing: The software includes a database of known malicious websites, and it can block access to these sites, protecting users from potentially harmful content and phishing attempts.
  • Customization and Whitelisting: Both Pi-Hole and AdGuard Home allows you to customize its blocking rules and create whitelists for websites that you trust and want to support.
  • DNS Caching: Both Pi-Hole and AdGuard Home incorporates DNS caching, which can improve the speed and efficiency of DNS resolution, leading to faster loading times for websites.
  • Cross-Platform Support: AdGuard Home is compatible with various operating systems, including Windows, macOS, Linux, and popular routers running OpenWrt or DD-WRT firmware, while Pi-Hole can only be installed on Linux devices.
  • Open Source: Both Pi-Hole and AdGuard Home are open-source software, meaning its source code is publicly available for review and contributions from the community.

You can choose to use either Pi-hole or AdGuard Home, you typically need to install it on a dedicated home-server or any devices within your home network, and then configure your router or devices to use AdGuard Home’s DNS server as the primary DNS resolver. This way, all DNS queries from your devices will be filtered through AdGuard Home, effectively blocking ads and protecting your privacy.

Comparison between Pi-hole and AdGuard Home

Here’s a comparison to help you understand their key features:

Pi-hole AdGuard Home
Platform Compatibility Originally designed to run on a Raspberry Pi, Pi-hole can be installed on various platforms, including Linux, macOS, and Docker containers. It’s flexible and can work on dedicated hardware or as a virtual machine. AdGuard Home is more versatile in terms of platform support. It can run on Linux, macOS, Windows, and various NAS devices, making it easier to integrate into existing setups.
User Interface Comes with a simple web-based dashboard that displays statistics on blocked domains, queries, and client activity. The interface is functional but not as visually appealing as some other options. Offers a modern and user-friendly web interface with easy-to-understand statistics and settings. The interface is designed to be intuitive, making it more accessible to users.
Blocking Lists and Filters Supports various third-party blocklists to block ads, trackers, and other undesirable content. Users can choose from a wide range of community-maintained lists to customize their ad-blocking experience. Similarly, AdGuard Home supports custom blocklists and also includes its curated list of filters for enhanced ad-blocking and privacy protection.
Privacy Features Primarily focuses on ad-blocking and domain filtering. While it can help with privacy by blocking trackers, it does not have additional built-in privacy features. Besides ad-blocking, AdGuard Home has additional privacy features, such as DNS-over-HTTPS (DoH) and DNS-over-TLS (DoT) support, which encrypt DNS queries, providing an extra layer of privacy.
Parental Control Lacks built-in parental control features, which means it may not be the best choice for families seeking content filtering for children. Includes basic parental control features that allow users to block access to certain categories of websites.
Community and Support Benefits from a large and active community, which results in plenty of online resources, forums, and guides available for troubleshooting and support. Has a growing community, and its developers are actively involved in providing support and updates.

Ultimately, both Pi-hole and AdGuard Home are capable ad-blocking solutions, and the choice between them depends on individual preferences, desired features, and platform compatibility. Users seeking a more straightforward setup may prefer Pi-hole, while those looking for additional privacy features and more user-friendly interface might opt for AdGuard Home.

Tips before installing.

  • Run the update/upgrade.
  • To avoid installation failure due to port conflicts, ensure that the required port is not being used. netstat -tulpn.
  • If you find any services that using the listed port like 53, 80 port, consider to disable before installing.
  • Docker install requires you to install the Docker and Docker-Compose. I recomend you to follow the official website to get the best practice instaling the Docker.

Port required by Pi-hole

53 UDP  # DNS
54 UDP  # Will be used to combine with DNSCrypt.
67 UDP  # Dhcp
547 UDP # DhcpV6
80/443 TCP  # lightttp-WebUI
4711 TCP # API Engine

Port Required by AdGuard to use all features:

3000 TCP for the initial installation
80/443 TCP for the web interface
443 UDP
53 TCP/UDP for the DNS server
67-68 UDP
853 TCP
784 UDP
853 UDP
8853 UDP
5443 TCP/UDP

Pi-hole and AdGuard Home Installation.

You can choose to install both Pi-hole or AdGuard directly on your home server, Linux miniPC or ARM-based SBCs (Single board computer) like RasberryPi, OrangePi, or Armbian.

AdGuard Home Installation

Adguard Home - using Direct install to SBCs box.

  • Change the current directory to /opt: cd /opt.
  • Download the latest Adguard Home package that match with your SBC’s CPU Architecture on this link.
  • I’m using v7 Arm-based SBC on this example.
wget https://github.com/AdguardTeam/AdGuardHome/releases/download/v0.107.34/AdGuardHome_linux_armv7.tar.gz
  • Extract tar -xvzf ./AdGuardHome_linux_armv7.tar.gz
  • Go to extracted directory cd AdGuardHome/
  • Install /AdGuardHome -s install
  • Other available AdGuardhome command.
AdGuardHome -s uninstall #Uninstall the AdGuard Home service.
AdGuardHome -s start #Start the service.
AdGuardHome -s stop #Stop the service.
AdGuardHome -s restart #Restart the service.
AdGuardHome -s status #Show the current service status.
  • Remove the downloaded archive: sudo rm AdGuardHome_linux_armv7.tar.gz

Adguard Home - Using Docker Install

  • Install the Docker.
  • Pull the latest stable version:
docker pull adguard/adguardhome
  • Create directories for persistent configuration and data. The image exposes two volumes for data and configuration persistence. You should create a data directory on a suitable volume on your host system, e.g. /my/own/workdir, and a configuration directory on a suitable volume on your host system, e.g. /my/own/confdir.
  • Create and run the container
docker run --name adguardhome\
    --restart unless-stopped\
    -v /my/own/workdir:/opt/adguardhome/work\
    -v /my/own/confdir:/opt/adguardhome/conf\
    -p 53:53/tcp -p 53:53/udp\
    -p 67:67/udp -p 68:68/udp\
    -p 80:80/tcp -p 443:443/tcp -p 443:443/udp -p 3000:3000/tcp\
    -p 853:853/tcp\
    -p 784:784/udp -p 853:853/udp -p 8853:8853/udp\
    -p 5443:5443/tcp -p 5443:5443/udp\
    -d adguard/adguardhome

Don’t forget to use your own data and config directories! Ports mappings you may need:

-p 53:53/tcp -p 53:53/udp  #plain DNS.
-p 67:67/udp -p 68:68/tcp -p 68:68/udp #add if you intend to use AdGuard Home as a DHCP server.
-p 80:80/tcp -p 443:443/tcp -p 443:443/udp -p 3000:3000/tcp #add if you are going to use AdGuard Home's admin panel as well as run AdGuard Home as an HTTPS/DNS-over-HTTPS server.
-p 853:853/tcp` #add if you are going to run AdGuard Home as a DNS-over-TLS server.
-p 784:784/udp -p 853:853/udp -p 8853:8853/udp #add if you are going to run AdGuard Home as a DNS-over-QUIC server. You may only leave one or two of these.
-p 5443:5443/tcp -p

Now you can open the browser and navigate to http://yourIP:3000/ to control your AdGuard Home service.

Pihole Installation

Pihole Installation - using Automatic Install

  • Clone the Pi-hole repository: git clone --depth 1 https://github.com/pi-hole/pi-hole.git Pi-hole
  • Change directory to the install directory: cd Pi-hole/automated install/
  • Run the installation script: sudo bash basic-install.sh
  • Accept the defaults setting. You will have adjust the later.
  • Log into the Pi-hole Admin Web UI, and change the necessary setting.

Pihole Installation - using Docker Install

  • Creating a new directory to store pihole configuration file.
mkdir ~/pihole
  • Create docker-compose.yml to denfine the Pi-hole docker container deployment.
version: "3"

services:
  pihole:
    container_name: pihole
    image: pihole/pihole:latest
    ports:
      - "53:53/tcp"
      - "53:53/udp"
      - "67:67/udp"
      - "80:80/tcp"
    environment:
      TZ: 'America/Chicago'
      # WEBPASSWORD: 'set a secure password here or it will be random'
    volumes:
      - './etc-pihole:/etc/pihole'
      - './etc-dnsmasq.d:/etc/dnsmasq.d'
    cap_add:
      - NET_ADMIN
    restart: unless-stopped
  • Disable systemd-resolve service to avoid conflict systemctl stop systemd-resolve
  • change name server on nano /etc/resolv.conf to nameserver 127.0.0.1
  • Run docker-compose sudo docker-compose up -d
  • You should now access the Pi-hole web interface. http://IPADDRESS/admin

To protect the privacy on all your home devices, you combine the Pi-hole or Adguard with DNSCrypt-Proxy. You can use the DNSCrypt as DNS upstream later.

DNSCrypt

DNSCrypt is a protocol that authenticates communications between a DNS client and a DNS resolver. It prevents DNS spoofing. It uses cryptographic signatures to verify that responses originate from the chosen DNS resolver and haven’t been tampered with.

DNScrypt-proxy Installation

DNScrypt-proxy Installation - using Direct Install

  • Go to /opt directory cd /opt
  • Download the latest version on this link.
wget https://github.com/DNSCrypt/dnscrypt-proxy/releases/download/2.1.4/dnscrypt-proxy-linux_arm64-2.1.4.tar.gz
  • Extract the downloaded archive sudo tar -xvzf ./dnscrypt-proxy-linux_arm64-2.1.4.tar.gz
  • Rename the unpacked directory sudo mv ./linux-x86_64 ./dnscrypt-proxy
  • Change directory to dnscrypt-proxy cd dnscrypt-proxy
  • Create configuration from an example sudo cp ./example-dnscrypt-proxy.toml ./dnscrypt-proxy.toml
  • Edit the configuration: server_names = ['cloudflare']
  • If you wanto add multiple server names: server_names = ['scaleway-fr', 'google', 'yandex', 'cloudflare']
  • listen_addresses = [‘127.0.0.1:54’]
  • Install the dnscrypt-proxy sudo ./dnscrypt-proxy -service install
  • Start dnscrypt-proxy sudo ./dnscrypt-proxy -service start

Adjust the Pi-hole or Adguard

As you have finished installing the DNSCrypt-proxy, you can adjust the Pi-hole or AdGuard to use DNSCrypyt-Proxy with repointing the Upstream DNS to 127.0.0.1:54 instead of public DNS. With repointing the upstream DNS to DNSCrypyt-Proxy, we will have a fully control and monitor of all DNS request coming from our home devices, and we can re-adjust to block unblock any domain if necessary in the future.

Conclusion

Combining Pi-Hole or AdGuard Home with DNSCrypt-Proxy are an excellent solution for us who want to create a network-wide ad-blocking and privacy-enhancing environment without losing the access control.