AdGuard Home is a network-wide software for blocking ads & tracking. After you set it up, it’ll cover ALL your home devices, and you don’t need any client-side software for that.
It operates as a DNS server that re-routes tracking domains to a “black hole”, thus preventing your devices from connecting to those servers.
Compared to Pi-Hole, Adguard Home doesn’t requires additional dependencies so you can run it on OpenWrt without problems. It also supports DNS caching and encryption without additional software.
- A router with a recent version of OpenWrt installed
- At least 100MB of free RAM
- At least 20MB of free disk space
This router has an arm64 processor but you may need to replace it with the architecture that matches your router (eg armv7, mips, etc), SSH into your router and run:
opkg update && opkg install wgetmkdir /opt/ && cd /opt/wget -c https://static.adguard.com/adguardhome/release/AdGuardHome_linux_arm64.tar.gztar xfvz AdGuardHome_linux_arm64.tar.gzrm AdGuardHome_linux_arm64.tar.gz/opt/AdGuardHome/AdGuardHome -s install
192.168.1.1then replace the IP address accordingly
- Go to
- Setup the admin web interface to listen in
192.168.1.1at port 8080
- Set DNS server to listen in
192.168.1.1at port 5353
- Create an user and choose a strong password
Make your devices use AdGuard Home
Now that AGH is up and running we need to make our devices use it as their DNS server:
- Navigate to LuCi and go to Network -> DHCP and DNS
192.168.1.1#5353into DNS forwardings, then click Save & Apply
- Navigate to Resolv and Hosts Files tab and check the Ignore resolv file option to prevent the router from using the DNS servers provided by your ISP
Intercept all DNS traffic
This step is optional, however there are apps and devices that ship with a harcoded DNS server (such as 188.8.131.52) making our filtering rules useless unless we redirect those queries to our AGH instance.
Navigate to LuCI → Network → Firewall → Port Forwards
Click Add and specify:
- Protocol: TCP, UDP
- Source zone:
- External port:
- Destination zone: unspecified
- Internal IP address: any
- Internal port: any
Then click Save & Apply
# Intercept DNS trafficuci -q delete firewall.dns_intuci set firewall.dns_int="redirect"uci set firewall.dns_int.name="Intercept-DNS"uci set firewall.dns_int.src="lan"uci set firewall.dns_int.src_dport="53"uci set firewall.dns_int.proto="tcp udp"uci set firewall.dns_int.target="DNAT"# Also intercept IPv6 DNS trafficuci set firewall.dns_int.family="any"uci commit firewall/etc/init.d/firewall restart
Now that you have AdGuard Home up and running feel free to play with the settings, here are some of my recommendations:
Choose the DNS providers of your choice (Adguard Home supports both regular unencrypted DNS and encrypted DNS protocols such as DoH, DoH3, DoT and DoQ out of the box):
Upstream DNS servers:h3://cloudflare-dns.com/dns-queryh3://dns.google/dns-queryquic://dns.nextdns.io[/lan/]127.0.0.1[//]127.0.0.1
Private reverse DNS servers (for client names resolution):127.0.0.1
0(if this is your LAN I don't see any reason to limit the number of requests)
enabled(dramatically improves performance)
Adguard Home supports hosts and adblock style blocklists, you can choose from the ones provided by default or add your own.
Enjoy happy and safe browsing!