My AdGuard Home Setup

I believe it is imperative that we reduce the impact of Big Tech and its ability to stalk us and shape our opinions, views and relationships. Because of this, I think ad-blocking is something we should all be doing as standard.

I've been reading this The Register article about PiHole 6 and the whys and wherefors for setting it up. I've been using AdGuard Home(AGH) for over a year now as a network based ad-blocker, in addition to uBlock Origin in my browsers.

As with GoToSocial and Writefreely, I have AGH set up on my virtual machine/server [^1] running Yunohost. The program is here.

Additional benefit is that AGH is available as a snap package if you run any of the Linux distributions that have it enabled. This may prove easier than running it via a virtual machine.

Once setup I pointed the DNS on my router to the local IP of the device running the AGH program.

My set up

I'll go page by page in the screen to keep the settings easier to implement.

General Settings

Latter two I have set to 24hrs just to make sure I'm able to spot and resolve problems.

DNS settings

Upstream DNS servers: * https://dns.quad9.net/dns-query * https://dns.mullvad.net/dns-query * [x] Parallel requests

Fallback DNS servers:

Bootstrap DNS Servers * 9.9.9.9 * 149.112.112.112 * 194.242.2.2 * 2620:fe::fe * 2620:fe::9 * 2a07:e340::2

DNS Server Configuration * Rate Limit: 50 * [x] Enable EDNS client subnet * [x] Enable DNSSEC * Blocking Mode: Default * Blocked Response TTL: 10

DNS Cache Configuration: * DNS Cache size: 21000000 * Override Minimum TTL: 2400 * Override Maximum TTL: 86400 * [x] Optimistic Caching

Encryption Settings

The 'DNS over...' setting is toggled in the Yunhost admin settings > It's really important to use the configuration panel included in the YunoHost Webadmin interface to activate or deactivate this setting, and NOT the built-in setting in the AdGuardHome interface. This is because YunoHost needs to perform actions such as automatically opening or closing the server's ports and refresh the IP to provide to AdGuard Home, which cannot be done without going through the configuration panel. > >If you host your machine at home, for using DoT or DoQ, you have to open the following ports on your router by yourself: > > * 853 in TCP & UDP (for DNS over TLS) > * 784 in UDP (for DNS over QUIC)

DNS Blocklists

I use Hagezi's lists a lot. I think they're the best that currently exist for relatively problem free browsing and keeping the hands of big-tech at bay. I always try to use the Codeberg mirror as Codeberg is vastly preferrable to both GitHub and GitLab.

The only other blocker I use, specifically for smart tv's is perflyst.

The few that I ticked that are supplied are: * AdGuard DNS Filter * Dandelion Sprout's Game Console Adblock List * Stalkerware Indicators * NoCoin Filter * Dandelion Sprout's Anti-Malware List

DNS Allowlist

These two, surprisingly, do not cause many ads to be allowed, they're well curated and do smooth over the blocks that come with intended clicks that are also trackers.

The Thanks

When I started running AGH, I had these huge lookup times and it was a serious drag. Now my lookup time is somewhere between 3ms and 5ms, and there are very few, if ever, lookups on the fallback DNS servers. Quad9 and Mullvad do a pretty decent job with their speedy DNS.

A few comments from this thread helped with settings.

This thead has a top comment from the maintainer of the OISD blocklist, which is another very good list to follow, which resolved the lookup times by pointing out optimistic caching.

So I must thank the folk whose comments I stumbled across, the maintainers of the blocklists and programs I utilise.

[^1]: My server is an old laptop running Yunohost via VirtualBox. It seemed the simplest method and one that re-used an old and kinda broken machine.

Best followed by your favoured RSS reader: https://blog.eunach.scot/feed/ Following via @cuiseag@blog.eunach.scot on the fediverse may or may not work. Fedi main: @ruari@gts.eunach.scot