AdGuard Home: DNS-level ad blocking for your network
I ran Pi-hole for over a year before switching to AdGuard Home. Both do the same thing: block ads and trackers at the DNS level for your entire network. AdGuard Home does it with a cleaner interface and some features that Pi-hole lacks out of the box.
What AdGuard Home does differently
Like Pi-hole, AdGuard Home acts as your network's DNS server and blocks requests to known advertising and tracking domains. The difference is in the details:
DNS-over-HTTPS and DNS-over-TLS are built in. Your DNS queries to upstream resolvers are encrypted by default. Pi-hole can do this too, but it requires additional configuration with tools like cloudflared or stubby.
Per-client settings. You can configure different blocking rules for different devices. Maybe you want aggressive blocking on the smart TV but lighter filtering on your work laptop. AdGuard Home handles this natively.
A cleaner dashboard. The statistics and query log are well-designed and easy to navigate. Filtering, sorting, and searching through DNS queries feels faster than Pi-hole's interface.
Setting it up
Docker Compose:
services:
adguardhome:
image: adguard/adguardhome
container_name: adguardhome
restart: unless-stopped
ports:
- "53:53/tcp"
- "53:53/udp"
- "3000:3000/tcp"
- "443:443/tcp"
- "853:853/tcp"
volumes:
- ./work:/opt/adguardhome/work
- ./conf:/opt/adguardhome/confOpen http://your-server-ip:3000 for the setup wizard. Pick your upstream DNS servers (I use Quad9 and Cloudflare), configure the admin password, and you are done.
Then point your router's DNS to the AdGuard Home server, just like you would with Pi-hole.
Blocklists
AdGuard Home comes with a default blocklist that is decent. I add a few extras:
- AdGuard DNS filter (included by default)
- OISD for comprehensive blocking
- Steven Black's hosts for additional coverage
Add them under Filters > DNS Blocklists. AdGuard Home updates them automatically on a schedule you set.
DNS rewrites
A feature I use constantly: DNS rewrites let you create custom DNS records for your local services. Instead of remembering 192.168.1.50:8080, you access nextcloud.home or proxmox.home:
Go to Filters > DNS Rewrites and add:
nextcloud.home -> 192.168.1.50
proxmox.home -> 192.168.1.10
grafana.home -> 192.168.1.50
Every device on your network can now use these hostnames. No need to run a separate DNS server or edit hosts files.
Encrypted DNS
AdGuard Home supports DNS-over-HTTPS (DoH) and DNS-over-TLS (DoT) for both upstream queries and client connections. This means:
- Your queries to upstream DNS (Quad9, Cloudflare) are encrypted so your ISP cannot see what domains you resolve
- Clients on your network can connect to AdGuard Home over DoH/DoT for encrypted local DNS
For the upstream encryption, it works out of the box. Just use https://dns.quad9.net/dns-query as your upstream server instead of the plain IP.
Pi-hole vs AdGuard Home
Both are excellent. The honest comparison:
AdGuard Home wins on: built-in encrypted DNS, per-client configuration, DNS rewrites, interface design.
Pi-hole wins on: larger community, more documentation and guides available, longer track record.
If you are starting fresh, I would pick AdGuard Home. If you have a working Pi-hole setup, the switch is not urgent. Both block ads effectively.
Sources
Related posts
Self-hosting with Coolify: a PaaS on your own server
How Coolify turns your VPS into a Heroku-like platform for deploying apps, databases, and services with a clean web UI.
Backup strategies for self-hosted data
The 3-2-1 backup rule applied to self-hosted services, with practical tools and patterns I use to protect my data.
Self-hosting a media server with Jellyfin
Setting up Jellyfin to stream movies, music, and photos across all my devices without a Plex subscription.
Enjoying the blog? Subscribe via RSS to get new posts in your reader.
Subscribe via RSS