DNS sinkhole, between Privacy and AdBlocker, configuration and feedback
DNS sinkhole that protects your devices from unwanted content, without installing any client-side software.
Filter your DNS queries
DNS querie is used to convert a web address (duckduckgo.com) by an IP address usable by your computer (184.108.40.206)
DNS-Sinkhole is placed between the DNS Server, and your client (Computer, TV, Tablet, Phone etc …) Depending on the configuration of your DNS-Sinkhole, it can accept the request, or refuse it, based on DNS-Sinkhole List.
DNS-Sinkhole DNS-Sinkhole List DNS Server DNS-Sinkhole Request/Response DNS Request/Response
Here is a sample of DNS-Sinkhole List
amptrack.dailymail.co.uk #DailyMail Tracker analytics.gandi.net #Gandi analytics.yahoo.com #Yahoo arc.msn.com #Microsoft areyouahuman.com #Are You A Human atdmt.com #Facebook #...
By default the DNS-Sinkhole uses their own list, but you can add a lot of them, simply with a search on github.
I share my lists on a GitHub Ealenn/AdGuard-Home-List. This list can easily be used in corporate. This is the list that is configured in my home, and I use every day. It brings together the most famous lists.
Once you have AdGuard Home ready and are logged in, use its main menu to add one blocklist and one allowlist.
Redundancy of DNS servers
Another advantage is the multiplication of DNS servers available. If any DNS server is no longer accessible, for example your internet service provider, you will switch to another automatically.
Example, in case of DDoS cyberattack as in 2016 with Dyn, Dyn is not accessible, but CloudFlare is up ! More recently in 2018 with the French internet service provider Free, and they national DNS breakdown.
Personally I use :
- Cloudflare, the fastest DNS resolver on Earth
- Cisco Open DNS
# AdGuard 220.127.116.11 18.104.22.168 https://dns.adguard.com/dns-query tls://dns.adguard.com # Cloudflare DNS 22.214.171.124 126.96.36.199 https://dns.cloudflare.com/dns-query tls://188.8.131.52 # Google 184.108.40.206 220.127.116.11 https://dns.google/dns-query tls://dns.google # Cisco OpenDNS 18.104.22.168 22.214.171.124 https://doh.opendns.com/dns-query # Dyn DNS 126.96.36.199 188.8.131.52
Open Source Leaders
- developers are located in the US, Canada, England, Germany and Australia
- has a bigger community, so you can easily find help if you need it
- block-lists and allow-lists are constantly updated and maintained by the maintainers
- most of the developers are still located in Moscow (Russia)
- had a cleaner Interface compared to Pi-Hole
- uses fewer resources (RAM)
- support of DNS-Over-HTTPS
Pi-Hole and AdGuard have similar-looking main dashboard which is accessed via a web browser. You get to see a few nice graphs and statistics on how well the blockers are performing.
More information in official Pi-Hole documentation
version: "3" services: pihole: container_name: pihole image: pihole/pihole ports: - "53:53/tcp" - "53:53/udp" - "67:67/udp" - "8000:80/tcp" - "4443:443/tcp" environment: TZ: 'Europe/Paris' WEBPASSWORD: 'Password used for Web Administration' ServerIP: 'IP of Pi-Hole' volumes: - './etc-pihole/:/etc/pihole/' - './etc-dnsmasq.d/:/etc/dnsmasq.d/' dns: - 184.108.40.206 - 220.127.116.11 - 18.104.22.168 cap_add: - NET_ADMIN restart: unless-stopped
More information in official AdGuard Home documentation
version: "3" services: adguard: container_name: adguardhome image: adguard/adguardhome ports: - "53:53/tcp" - "53:53/udp" - "67:67/udp" - "68:68/tcp" - "68:68/udp" - "8000:80/tcp" - "4443:443/tcp" - "853:853/tcp" - "3000:3000/tcp" volumes: - ./workdir:/opt/adguardhome/work - ./confdir:/opt/adguardhome/conf dns: - 22.214.171.124 - 126.96.36.199 - 188.8.131.52 cap_add: - NET_ADMIN restart: unless-stopped
Two solutions now, use it as a DHCP server and everything is automatic… Or configure the DNS server on your devices and set IP address of your raspberry.
Personally, I have configured my devices to use the DNS server
I was used Pi-Hole during 6 mounth, then AdGuard during 6 mounth.
The two solution are almost identical, otherwise AdGuard does the job very well, and the interface is even nicer.
I still prefer AdGuard Home, because DNS-Over-HTTPS is available and easy to set up.
The “problem” stems from the principle of DNS-Sinkhole. You can’t really block all the ads or junk. Because some domains are not dedicated only to advertising or privacy sniffing… Example with Facebook, Youtube or Google.
You can block A LOT of things. And it is not negligible.
Today approximately 10-20 percent of DNS requests are refused on my network with AdGuard.