I used AdGuard Home for self-hosting a DNS server and it surprised me

DNS works as the telephone directory for the Internet, and when it works, it's seamless to the user. But along with the growing move to self-host services comes a push to run DNS servers at home, which keeps your network and activities more private. Plus, you can filter advertising at the DNS level, block malware-serving domains, and generally block any other services or websites you don't want accessed from your network.

You can also use encrypted DNS requests, which stop your ISP from seeing your search habits. That means they cannot sell that data to advertisers, resulting in fewer targeted ads overall. I've tried Unbound, Pi-hole, and Technitium, but there are other options, and AdGuard Home is just as powerful. It runs on almost anything, so you could even run the Docker container on your primary PC and have ad-free browsing on all your devices.

What really surprised me is that AdGuard's other services are all license-based, and AdGuard Home is free for anyone to self-host. I've used its blocking software on my desktop and DNS servers to block things on my iPad Pro and a few other mobile devices that can't run the app, and it worked well. The self-hosted option is no less competent; all it takes is some extra work to get going.

AdGuard Home is my network's best new friend

This self-hosted DNS server blocks ads, trackers, and more without intervention

At its core, AdGuard Home isn't dissimilar to Pi-hole or any other DNS-based ad-blocking tool. It blocks ads and trackers, malware, and other threats, has a built-in DHCP server, and a ton of ready-made community-sourced blocklists as well as its own. It blocks using DNS sinkholing, and you can set up DNS rewrites for self-hosted apps to resolve even without a domain name. It also comes with other features right out of the gate that make it a better option for many:

• HTTPS access for the admin interface
• Support for encrypted upstream servers using DNS-over-HTTPS, DNS-over-TLS, or DNSCrypt (you can encrypt the local traffic too if you add a Let's Encrypt SSL certificate)
• Runs on more devices with cross-platform compatibility
• Parental controls
• Can force Safe Search on search engines used by your browsers
• Per-client configuration
• Access controls
• Runs without root
• Blocks phishing and malware domains

Running as a network-level DNS server means you can block devices like Smart TVs or streaming boxes that cannot run adblocking apps. Eventually, the content-blocking proxy feature from the standalone AdGuard apps will come to AdGuard Home so that you can block even more annoyances. And there's a ton of community apps that use the AdGuard API, so you can add it to GLInet routers, Asus routers, OpenWRT-based routers, Zabbix, or see and manage your AdGuard DNS from a Home Assistant installation.

I like that I can set how AdGuard queries upstream servers, either load-balancing, which queries one at a time, parallel requests to speed up responses, or the fastest IP address, which speedtests each DNS server and then uses the fastest for future queries. I've set up several encrypted upstream servers so that it uses them all, but without falling back to any insecure options that would use plaintext DNS requests.

AdGuard Home runs on almost anything

There's even an OPNsense plugin if you prefer to run it that way

Whatever device you decide to host AdGuard Home on, there will be an option that works. The company maintains official packages for Linux, Unix, macOS, FreeBSD, and OpenBSD, an official Docker image, and a Snap Store version for Linux users. Or, like me, you could run the Proxmox Helper Script and spin up an LXC container in seconds to start your adblocking DNS server. My colleague Richard installed AdGuard Home on his NAS, using the Synology Container Manager app.

You might realize that AdGuard Home will only work when on your home network, but there are a few ways around that, so it works anywhere your devices are. The easiest I found was setting up Tailscale and setting AdGuard Home's IP address as the custom DNS server. Enabling override local DNS is the last step, then ensuring that every device you want to block annoyances on is also signed in to Tailscale so they're on your tailnet.

You could also use Cloudflare Tunnel, set up a VPN using AdGuard as the DNS, or use DDNS with port forwarding, but Tailscale is still the quickest and least-hassle way to get things going.

I installed it on my Proxmox server

My Proxmox server was the obvious choice, because it's the only network device (other than my router) that's never switched off. I was slightly worried that it might take up a chunk of system resources that would be better used elsewhere, but it's currently using 50MB of RAM out of a configured 512GB, and 2GB of potential storage space for caching DNS results and logs. That's less than I thought by a long way, and means I have plenty of resources left for my other home lab experiments.

AdGuard Home is fantastic for those devices on your network that can't run an adblocking client

Even if you don't want it for ad-blocking, AdGuard Home is fantastic for self-hosted service users, as you can set up DNS rebinds to use easily typed domain names instead of remembering IP addresses and port numbers. But it's also perfect for protecting your privacy online, blocking trackers and ads, and enabling encrypted DNS resolvers that your router might not be able to use otherwise.