Recently saw a post regarding pi-hole, and I am considering to try it out. I am wondering if it would fit my usecase, so I want to ask about specifically what it solves.
I heard pi-hole blocks ads at DNS resolution level, so it does not block e.g. youtube ads. For me and my family who mostly watch youtube with handful of blog surfing, what value would it bring? Most blogs do not seem to contain much ads, so I am not sure ad-blocking helps much there.
Given the praise pi-hole is getting, I guess there are more to it than limited blocking of ads. I would love to learn more about this topic, as I am blind on the networking stuff. Thanks in advance!
You must log in or register to comment.
It’s very good if you have people at home who aren’t as technical. Like it will block ads in your kids phone games, and your elderly mother won’t get as many scam popups etc
For example some mobile games that have in-app ads are blocked.
Was surprised how much is blocked once I opened the app outside of my home network.As other mentioned, an advantage is that it blocks ads on phone apps too. My other use case is to add extra DNS entries to name devices on my local network. Finally, after using pihole for a while I switched to blocky. It has similar features but it lacks the UI and the dchp server, but in exchange it uses much less resources. Since I didn’t use either of these it sounded a good trade to me
@xanza@lemm.ee has a great response and also suggests using AdGuard Home instead, which is what I run as well. The biggest benefits the AGH has over PiHole for my family is the fact that you can very easily define a Client and the ips that pertain to that client… so I can define a single client for all of my devices , a single client for each of my kids, etc.
Then from there I can block specific services like social media platforms per client group or allow them. And similar to PiHole, I can setup all the blocklists that I want and it’ll block them across all clients.
For my kids, this means it’s blocking all those pesky ads that pop up in games getting them to go and download more mind numbing and draining games…
Finally, I can keep tabs on my network traffic and see what individual devices are accessing what domains; however, this doesn’t mean that I can see the individual web pages.
I have two AGH instances setup on two different hosts, and an additional AdGuardHome-sync container that syncs between the two instances, to make sure that all settings are mirrored.
I mean that’s mainly it… it’s amazing at clearing adds off of news articles general viewing pages like blogs etc… but yes as you said, it’s not particularly great for things like youtube/spotify etc… things that deliver the ads through the same source as the main content.
Two things. 1, unless you specifically need to run the software on a Pi, I recommend using AdGuard Home over Pi-Hole. It’s more actively maintained (not to imply that Pi-Hole isn’t actively maintained), and is going to be more of a setup once and forget type of solution.
2, the value in running a software like this is to be able to monitor your network traffic for suspicious activity, block ads, and access to malware, porn, warez, gambling, crypto, etc (especially if you have children). You can use custom blocklists like Hagezi’s threat intelligence feeds (TIF) which instantly decreases your attack vector while interfacing with the clear-net. The TIF blacklists block malware, cryptojacking, scam, spam and phishing. Blocks domains known to spread malware, launch phishing attacks and host command-and-control servers.
I very highly recommend using the Hagezi TIF lists. You can setup AdGuard very easily (mine runs off my Synology NAS), and you can easily force your entire network to use it by changing your DNS server in your router configuration page to your AdGuard Home instance IP (in my case, it’s my Synology NAS IP from within my network).
Takes a few minutes to setup, and you’re done. From there you can use the web-ui to change settings, update blacklists, and even see what your network traffic looks like: https://x0.at/D-aY.png and you can even block access to services directly: https://x0.at/QlbJ.png
I’ve had AdGuard Home running in various places, but always struggled with getting it to show which device was making the call while also being protected while away from my local network. Just keeping the house secure wasn’t a problem, but routing my traffic while out always seemed to cause problems. Moreso on the synology.
What’s your use case look like?
but always struggled with getting it to show which device was making the call
This depends on how you have your devices setup to use your DNS. For e.g, in my home I have my Phone and PC setup to use the IP of my AdGuard server. In AdGuard, I have them as named devices. All other devices on my network use the router as DNS, so all other requests that are not coming from my PC or Phone indicate “router” as the name.
What’s your use case look like?
Home based server running AdGuard forwarded through a caddy reverse_proxy to a domain. Using DoH/3 so even when remote I use my own DNS. Works great.
Good shout. I’ve just recently moved from Pihole to Adguard Home myself, complete with Hagezi lists. I consider myself very tech savvy and I work in the field but AGH suits my needs much better.
One example is wildcard DNS to route all of my hosted services via reverse proxy. In Pihole I had to make weird blocking rules to make this work, but AGH has specific settings for it. It also supports DoH out of the box, whereas Pihole needs non-standard faffery to get it working.
Very pleased with AGH in general.
Thanks a lot for detailed analysis!!
May I ask about difference between Adguard Home and Pi-Hole in terms of “setup once and forget”?
May I ask about difference between Adguard Home and Pi-Hole in terms of “setup once and forget”?
To put a fine point on it, its about usability. AdGuard is just a simple DNS stub resolver which acts as a middle-man between your network, and an upstream DNS resolver. Basically, your device makes a DNS request to your AdGuard instance, and it either gets filtered out by your blacklists (and never leaves your network), or its forwarded to an upstream DNS resolver (a real DNS server) and then back again. Pi-Hole does the same thing, and many many many more things. So while they would both do what you want, Pi-Hole (in my experience) is dozens of times more complicated and difficult to setup. Which is awesome–if you need all those other features.
Hmm, so basically AdGuard is streamlined for the dns-filtering usage? I was thinking of buying an raspberry pi and running pi-hole on it, can I do the same on adguard, presumably easier?
It’s mostly about the setup. Adguard you run via a container, and you’re done–it starts working as soon as you change your DNS settings. Pi-Hole takes some setup to get working.
Thanks! Adguard seems like a good fit for me, gotta set it up soon.
It’s basicly domain based filtering. So I use mine to also block phishing, crypto mining, malware and anything tracking my web behavior…my parents have theirs setup to also block adult content for the younger siblings…
Tracking your web behavior? That sounds quite interesting, how do you utilize the data?
This will be the device that helps reduce the amount of ads and blocks telemetry data on devices (mobile device / streaming box / etc) that you can’t utilize some or all of the traditional blocking methods (hosts files / browser plugins / etc). The Pi can also have additional software installed (I recommend PiVPN) to extend these blocking capabilities **securely** when you’re not on your “home” wifi.
I get a lot of ads everywhere. And trackers. On most of the news sites, social media platforms, my email provider, .places where I look up information, … The majority of the internet is commercial and financed through advertisements. With few exceptions, like personal/indie blogs and places like this one. I mean if you read just blogs and Wikipedia, you might already be alright. But that’s not how 99% of people use the internet.
Yeah, Youtube ads won’t be blocked by a DNS blocker. You need a browser plugin for that. I use Firefox, uBlock and Sponsorblock. That removes most of the ads everywhere, including Youtube.
You can also set it up to point at unbound for either recursive resolving of DNS, or resolving over HTTPS/TLS, as right now most DNS traffic is sent over unencrypted connections, meaning your ISP can see all of the domains you are resolving.
Can’t the ISP pretty easily tell what website you are going to anyways? After all they are the one that ultimately connect you to the destination so they know the IP. Would just be one more step for them but they could figure out which domains resolve to that IP.
DNS logging is the simplest way they’d track you, so you’d limit that
Reverse DNS lookups would be less precise as well as it’d just point to an IP owned by some cloud provider, so they’d have a hard time there
But yes a privacy respecting VPN is better, however I don’t love browsing on a vpn as I hate captchas and like being able to access services I host on my local net
