How to setup Adguard Home to protect your network

BigBearBlog
1

Last Updated: 2023-05-28

AdGuard Home is a powerful network-wide ad-blocking and privacy protection solution that enhances your online browsing experience. It acts as a local DNS server, filtering out unwanted advertisements, trackers, and malicious websites before they reach your devices. By deploying AdGuard Home on your network, you gain comprehensive control over the content that enters your home or office, offering a wide range of benefits.

AdGuard Home provides a convenient way to block ads, malware, and undesirable websites without relying on browser extensions or device-specific solutions. By implementing it on your router, you can effectively block these elements at the DNS level, offering several benefits:

  1. Ad Blocking: AdGuard Home allows you to eliminate ads from all devices connected to your network. It works across various platforms, including smartphones, tablets, computers, and IoT devices, without requiring individual installations or configurations. With AdGuard Home, you can enjoy an ad-free browsing experience, free from annoying pop-ups, banners, and video ads.
  2. Malware Protection: By using AdGuard Home, you can enhance your network’s security by preventing access to known malicious websites. It actively blocks connections to sites that are associated with malware, phishing attempts, or other online threats. This helps safeguard your devices and data from potential harm.
  3. DNS-Level Filtering: AdGuard Home operates at the DNS level, meaning it intercepts and filters out unwanted content before it even reaches your devices. This approach ensures consistent and network-wide protection against ads, malware, and harmful websites, regardless of the browser or application you are using.
  4. Easy Implementation: AdGuard Home can be set up on your router, making it a centralized solution for all devices on your network. Once configured, it automatically applies ad-blocking and content filtering rules to every connected device, streamlining the process and eliminating the need for individual installations or maintenance.
  5. Customization: With AdGuard Home, you have the flexibility to customize your filters and rules based on your preferences. You can create whitelists and blacklists, define specific blocking categories or domains, and fine-tune the ad-blocking settings according to your needs. This empowers you to have greater control over the content that is allowed or blocked on your network.

Finding DNS filters

How AdGuard is able to block all this for you is that you have to add filters to it by adding lists that people have made, which is the easier way, or you can add custom filters like this:

  1. ||example.org^:block access to example.org and all its subdomains;
  2. @@||example.org^:unblock access to example.org and all its subdomains;
  3. 127.0.0.1 example.org:respond with 127.0.0.1 for example.org (but not for its subdomains);
  4. ! Here goes a comment.:just a comment;
  5. # Also a comment.:just a comment;
  6. /REGEX/:block access to domains matching the specified regular expression.

The custom filters help you narrow down the blocking, and if the filtering lists block something important, like when apps require you to unblock Google Analytics to work, you would add:

Which would override the filter list and unblock it on the DNS level.

How would you install this?

There are several ways to install AdGuard Home, depending on your technical expertise and the device or platform you intend to use. Here are some common installation methods:

  1. Dedicated Hardware: AdGuard Home can be installed on dedicated hardware devices like Raspberry Pi or similar single-board computers. This method provides a stable and always-on solution for running AdGuard Home. You would need to follow the installation instructions specific to your chosen hardware.
  2. Virtual Machine: If you have experience with virtualization software like VirtualBox or VMware, you can set up a virtual machine and install AdGuard Home on it. This allows you to run AdGuard Home within a virtualized environment, providing flexibility and compatibility across various operating systems.
  3. Docker: Docker is a popular containerization platform that simplifies the installation and management of applications. AdGuard Home has an official Docker image available, allowing you to deploy it easily using Docker on supported platforms. This method is particularly useful if you are familiar with Docker or have an existing Docker infrastructure.
  4. Linux Distribution Packages: AdGuard Home offers installation packages for various Linux distributions, such as Debian, Ubuntu, Fedora, and CentOS. These packages streamline the installation process and integrate AdGuard Home with the package manager of your chosen Linux distribution, simplifying updates and maintenance.
  5. Windows, macOS, and FreeBSD: AdGuard Home also provides pre-compiled binaries for Windows, macOS, and FreeBSD. You can download the appropriate binary for your operating system and execute it to start using AdGuard Home. This method is straightforward and suitable for those using these operating systems.
  6. Home Network Routers: Some advanced home routers offer built-in support for AdGuard Home. In such cases, you can directly enable AdGuard Home functionality through your router’s firmware or settings. This method may vary depending on your specific router model, so consult your router’s documentation or manufacturer’s website for instructions.

I went with two dedicated servers that is running Proxmox on two of my Proxmox clusters. Ok, why did I say two clusters? Because you need to run two Adguard Homes if you want to have a stable system that can use the other Adguard Home in case one of them goes down. In networking, you don’t need a single point of failure, especially when your devices will be relying on this to access the internet and translate domains to IPs.

I installed it on my two Proxmox’s with this handy script.

bash -c "$(wget -qLO - https://github.com/tteck/Proxmox/raw/main/ct/adguard.sh)"

DNS Blocklists > Add Block List (Green Button) > Choose from the list."]]],[1,“p”,[[0,,0,“Now you need to figure out which works for you, but I’ve been perfecting my lists for awhile, and I can give you some good ones:”]]]]}'>

You can checkout the other scripts at Proxmox VE Helper Scripts | Scripts for Streamlining Your Homelab with Proxmox VE

Run this script in the Node shell, and it will walk you through the setup.

Static IP

To ensure uninterrupted functioning of the DNS servers for AdGuard Home, it is necessary to assign a static IP address to the server’s MAC address within your router settings. This step is crucial because if the IP addresses assigned to the DNS servers were to change dynamically, it would result in the servers going offline or becoming inaccessible.

By associating a static IP address with the server’s MAC address, you create a fixed reference point within your network. This allows your router to consistently direct DNS traffic to the correct IP address, ensuring that the AdGuard Home DNS servers remain operational and accessible.

Assigning a static IP address to the server’s MAC address typically involves accessing your router’s administration interface and locating the DHCP (Dynamic Host Configuration Protocol) settings. Within these settings, you can manually map the MAC address of the AdGuard Home server to a specific IP address that will remain unchanged.

By establishing this static IP assignment, you provide a stable foundation for AdGuard Home to function optimally and maintain continuous DNS resolution and ad-blocking capabilities within your network.

Setting up filter lists

This is trial and error because you might use a service that could be on these lists. In the Adguard Home admin panel, you would go to

Filters > DNS Blocklists > Add Block List (Green Button) > Choose from the list.

Now you need to figure out which works for you, but I’ve been perfecting my lists for awhile, and I can give you some good ones:

AdGuard DNS filter
https://adguardteam.github.io/AdGuardSDNSFilter/Filters/filter.txt

Online Malicious URL Blocklist
https://malware-filter.gitlab.io/malware-filter/urlhaus-filter-agh-online.txt

NoCoin Filter List
https://adguardteam.github.io/HostlistsRegistry/assets/filter_8.txt

OISD Blocklist Big
https://adguardteam.github.io/HostlistsRegistry/assets/filter_27.txt

Dan Pollock's List
https://adguardteam.github.io/HostlistsRegistry/assets/filter_4.txt

Fanboy's Social Blocking List
https://easylist.to/easylist/fanboy-social.txt

Scam Blocklist by DurableNapkin
https://adguardteam.github.io/HostlistsRegistry/assets/filter_10.txt

The Big List of Hacked Malware Web Sites
https://adguardteam.github.io/HostlistsRegistry/assets/filter_9.txt

Malicious URL Blocklist (URLHaus)
https://adguardteam.github.io/HostlistsRegistry/assets/filter_11.txt

Fanboy's Annoyance List
https://secure.fanboy.co.nz/fanboy-annoyance.txt

Phishing URL Blocklist (PhishTank and OpenPhish)
https://adguardteam.github.io/HostlistsRegistry/assets/filter_30.txt

Dandelion Sprout's Anti-Malware List
https://adguardteam.github.io/HostlistsRegistry/assets/filter_12.txt

As the admin of the AdGuard home, you would now need to watch the query log and top blocked domains to see if anything is being blocked that you need. If it is being blocked, you would need to create the custom filter list that I explained above.

Upstream DNS servers

So when Adguard Home listens on port 53, it gets a DNS request, runs it through the filters, and then sends it to the DNS upstream servers that you can change.

Settings > DNS Settings > Text Box

You can see a list of DNS upstream settings here: Known DNS Providers | AdGuard DNS Knowledge Base

Recommended List

https://dns.cloudflare.com/dns-query
https://dns.quad9.net/dns-query

So these two servers seem to be the fastest and most stable. You can play around and see if there are better ones in your region.

Now you have three choices for how it interacts with the upstream servers. I have picked Paralel Requests, but you can play around with this setting and see which is faster for you.

Once you have set all that up, test the upstreams, and then press Apply to save.

Get Started

Once you have configured your filters and prepared AdGuard Home for integration into your network, the next step is to update the DNS server settings on your router. By changing the DNS servers to the static IP address you previously assigned, you ensure that all network devices benefit from AdGuard Home’s functionalities.

To make this adjustment, access your router’s settings through its administration interface. Look for the DNS server settings section, which may be located in the network or internet settings. Replace the existing DNS server addresses with the static IP address you set up for AdGuard Home.

To find the specific IP address to enter, you can refer to the AdGuard Home administration panel’s Setup Guide. The setup guide typically provides clear instructions on where to locate the necessary DNS server information.

By modifying the DNS server settings in your router, all devices connected to your network will automatically utilize AdGuard Home for DNS resolution, ad-blocking, and content filtering. This ensures consistent protection and an improved browsing experience across your entire network.

Remember to save the changes made to the router’s DNS server settings to apply the updates effectively.

Conclusion

In conclusion, deploying AdGuard Home provides an effective means of protecting the devices in your network from malicious sites and URLs. It offers a valuable layer of defense against potential threats. However, it’s important to note that no solution is entirely foolproof, and regular maintenance and adjustments are necessary.

By continuously fine-tuning the filters according to your preferences, you can ensure an optimal browsing experience while maintaining adequate protection. It’s crucial to regularly review and update the filters, as they are periodically updated to address new threats and improve performance.

Remember that the ultimate goal is to strike a balance between security and accessibility. While blocking harmful content is important, it’s equally vital to ensure that legitimate websites and services are not inadvertently blocked. Regular monitoring and adjustment of the filters help achieve this equilibrium.

AdGuard Home is just one tool in the arsenal of protecting your home and family from the potential risks and tracking prevalent on the internet. It complements other security measures and promotes a safer online environment.

By being proactive, staying informed about emerging threats, and regularly maintaining and fine-tuning your filters, you can enhance the protection of your network, ensuring a safer browsing experience for your home and family.

1 Like