Ri Rua's blog

I have been running AGH as a network ad-blocker for a wee while now and my settings were obviously a bit dodgy as the processing time was long and a significant number of DNS lookups were taking 100+ms.

This was fine for a while but recently it's been becoming a pain and the itch to resolve it (pun intended) was needing scratched. The result was that the average processing time dropped from around 15ms to 3ms!

What I did

I changed the number of upstream servers I use and run them as parallel requests 2 Primary: https://dns.quad9.net/dns-query tls://dns.quad9.net

2 Fallback (these rarely, if ever, get used) tls://dns.mullvad.net tls://one.one.one.one

• Changed the rate limit to 0
• Disabled EDNS ☐
• Enabled DNSSEC ☑
• Blocking Mode Default ☑
• DNS Cache Size 128000000 (I think I can probably shrink this)
• Minimum TTL 2400
• Maximum TTL 84600
• Optimistic Caching ☑ (this is was previously enabled but didn't seem to be working)

Other settings

I connect to the server via Allowed Clients and I had to re-adjust their settings to return the upstream dns to default and I changed their individual caches to 12800000, although I'm unsure if I can return that setting to default or if it conflicts with the larger default cache.

Encrypted DNS working via both DoT and DoH, this setting is preferrably enabled in the Yunohost admin dashboard, not the app itself, so that the ports are apportioned correctly.

Filterlists

The lists update hourly to reduce the opportunity to cause problems and I utilise the mini versions where possible, to reduce the storage and processing time where possible.

Primary Blockers

• AdGuard Ad-Blocker
• Hagezi AdBlock Pro Mini
• Smart TV blocklist

Bonus BLockers

• Hagezi Anti-Gambling
• Hagezi Threat Intelligence mini
• Hagezi Amazon Blocklist
• Hagezi TikTok Tracker blocker

Blockers supplied by AdGuard

• Dandelion Sprout's Game Console Adblock List
• Dandelion Sprout's Anti-Malware List
• uBlock Badware Risks
• Phishing Blocklist
• Anti Stalkerware
• No Coin

Although I run AGH via Yunohost, I was delighted to see it is also available as a Snap package for those able to run them.

Resources

• In-depth look at AGH by AdGuard themselves.
• Blocklists by Dandelion Sprout
• Blocklists by Hagezi, I would encourage using the Codeberg mirror instead of using GitHub.
• Reddit page that helped optimise my setup
• Reddit page that helped with initial setup

---

Follow me within the Fediverse. Drop the RSS Feed into your RSS reader of choice