• Platform27@lemmy.ml
    link
    fedilink
    English
    arrow-up
    27
    ·
    edit-2
    1 year ago

    Adguard Home. I find it to be more feature complete, compared to Pi-Hole. Nicer GUI, more options, built in DNS-over-HTTPS/TLS, better client controls & detection, more domain information, better domain list blocking, and so on.

    I moved from NextDNS, to Adguard Home. All self hosted, and accessed with a reverse proxy.

    • American_Jesus@lemm.ee
      link
      fedilink
      arrow-up
      8
      ·
      1 year ago

      Same, used NextDNS and Pi-Hole then move to AdGuard Home til today.
      Built-in (DoH, DoT,…) servers are useful and simple to setup with client identification.

      • anytimesoon@lemmy.ml
        link
        fedilink
        arrow-up
        2
        ·
        edit-2
        1 year ago

        Are you guys not concerned about losing complete access to the internet if something drops on your server?

        I realise these will be very rare cases, but shit happens sometimes, and always seems to happen at the worst possible moments.

        What’s your recovery plan?

        Edit to add that this is the reason I’m on nextdns… Make it someone else’s problem

        • spudwart@spudwart.com
          link
          fedilink
          English
          arrow-up
          2
          ·
          1 year ago

          You do have two DNS options on most devices. A Primary and a Secondary. If you’re worried about your primary’s stability/reliability, put a different dns as your secondary that you trust.

        • tristan@aussie.zone
          link
          fedilink
          arrow-up
          1
          ·
          1 year ago

          It’s not hard to setup a pi as a backup DNS on your local network, but how I’ve setup a few friends who have limited hardware is to have the primary DNS as the local adguard and the secondary DNS as adguards public adblock DNS

          That way if the local falls over, you still get some as ad blocking from their public one. If your setup allows it, they also have a public doh and dot encrypted dns for a bit of privacy

        • The Doctor@beehaw.org
          link
          fedilink
          English
          arrow-up
          1
          ·
          1 year ago

          Not really. I maintain backups (one local, one offsite, one snapshotted and stored on a flash drive I carry around with me) of everything at home, including my OpenWRT devices and the configuration of my Pi-Hole. The Pi-Hole is running on an SBC so I also periodically take local images of it with dd in case I need to write a new microSD card and boot it up. I’m not the only one at home that relies on a net.connection every day, so I have to take other folks into account for resilience.

      • u/lukmly013 💾 (lemmy.sdf.org)@lemmy.sdf.org
        link
        fedilink
        English
        arrow-up
        14
        ·
        1 year ago

        I was able to test it out first without having to create an account and I liked it. It has simple Ad/Tracking blocklists and supports both DoT and DoH. Also it has rewrites (like /etc/hosts).

      • Tibert@jlai.lu
        link
        fedilink
        arrow-up
        10
        ·
        1 year ago

        For me, Nextdns. It’s mostly because I can choose which list is used by the dns blocking. If adguard has a lost blocking what I use, I can’t do anything about it. Or maybe like allow a lot of domains.

        Using the Hagezi pro++ list currently and it works damn well without any issues for me.

        Also, there is a free way to use it (not sure about adguard).

  • zwekihoyy@lemmy.ml
    link
    fedilink
    arrow-up
    14
    ·
    edit-2
    1 year ago

    nextdns is the most performant option I’ve used. it often beats our cloudflare even. adguard wasn’t bad but it was a bit more cumbersome and very slow.

    I don’t like recommending self hosting as opening ports on a private network isn’t a great idea. you could use something like cloudflare or tailscale to bridge access but you’ll run into issues with network speeds.

    • spudwart@spudwart.com
      link
      fedilink
      English
      arrow-up
      4
      ·
      1 year ago

      opening ports on a private network is fine as long as you exercise a sane amount of security measures.

      • zwekihoyy@lemmy.ml
        link
        fedilink
        arrow-up
        2
        ·
        1 year ago

        most people don’t nor do the aforementioned measures have substantial documentation that is easily accessible by the average user.

        they aren’t even meant for enthusiasts but rather, in industry professionals

        • spudwart@spudwart.com
          link
          fedilink
          English
          arrow-up
          1
          ·
          1 year ago

          enthusiasts become industry professionals.

          And if substantial documentation were the only thing that kept networks from security and absolute anarchy, then all of the internet would be lost.

          It’s not documentation, nor is it absolute knowledge that brings someone to understand a sane amount of security. But also trial and error.

          One of the most important first rules of security is, start testing in applications that pose the least amount of risk.

          If you’re looking into hosting your own DNS server, you’ve already proven you understand a lot more than the average user does about networking in general.

      • IrrerPolterer@lemmy.world
        link
        fedilink
        arrow-up
        3
        ·
        1 year ago

        Sure! If you’ve got that pi on all the time. I previously did that and it worked well. My current setup is multiple pi’s though, cause the octo pi is switched off with the printer now…

        • SokathHisEyesOpen@lemmy.ml
          link
          fedilink
          English
          arrow-up
          1
          ·
          1 year ago

          Yes, I leave it running all the time. So do I just install PiHole as a package on the server and then connect to it to configure?

          • IrrerPolterer@lemmy.world
            link
            fedilink
            arrow-up
            2
            ·
            1 year ago

            I had it setup using docker at the time. Both pihole and octoprint as individual containers…

            But I assume you should be able to just install and run the package locally on the octopi distro.

  • Monkey With A Shell@lemmy.socdojo.com
    link
    fedilink
    arrow-up
    9
    ·
    1 year ago

    Adguard home with a few extra lists and custom rules. Just got the sync tool set up to auto replicate changes from one to another so no more copy/paste to a secondary. Great when I need to restart a VM and don’t want to take out the internet while it reboots.

    Used pihole some while back but the feature list was tiny by comparison, though it was a good while back so probably unfair to compare.

    Also ran with pfBlocker for a while, nice to have it right on the gateway but found it a bit opaque and lacking customization for my needs.

  • voxel@sopuli.xyz
    link
    fedilink
    arrow-up
    8
    ·
    1 year ago

    nextds, feels almost like a pihole but unnecessarily crippled in some ways, which don’t really matter to me.

  • toxicyeti@sh.itjust.works
    link
    fedilink
    arrow-up
    8
    arrow-down
    1
    ·
    edit-2
    1 year ago

    Adguard home for everyone in the house. Externally I just use ublock Origin and Cloudflare’s DoH.

  • railsdev@programming.dev
    link
    fedilink
    arrow-up
    6
    ·
    edit-2
    1 year ago

    I roll my own. I created a Docker image that periodically downloads tons of blocklists, smashes them into an Unbound configuration file then runs Unbound with TLS enabled.

    On my iPhone and macOS devices I just connect to the encrypted service using .mobileconfig files to apply it system-wide. My home router also uses it as an upstream server (again with TLS) so all connected clients benefit from it as well.