AdGuard Home is a network-wide software for blocking ads & tracking. After you set it up, it’ll cover ALL your home devices, and you don’t need any client-side software for that.
It operates as a DNS server that re-routes tracking domains to a “black hole”, thus preventing your devices from connecting to those servers.
Compared to Pi-Hole, Adguard Home doesn’t requires additional dependencies so you can run it on OpenWrt without problems. It also supports DNS caching and encryption without additional software.
System requirements
- A router with a recent version of OpenWrt installed
- At least 100MB of free RAM
- At least 20MB of free disk space
Installation
This router has an arm64 processor but you may need to replace it with the architecture that matches your router (eg armv7, mips, etc), SSH into your router and run:
Initial configuration
192.168.1.1
then replace the IP address accordingly- Go to
192.168.1.1:3000
- Setup the admin web interface to listen in
192.168.1.1
at port 8080 - Set DNS server to listen in
192.168.1.1
at port 5353 - Create an user and choose a strong password
Make your devices use AdGuard Home
Now that AGH is up and running we need to make our devices use it as their DNS server:
- Navigate to LuCi and go to Network -> DHCP and DNS
- Add
192.168.1.1#5353
into DNS forwardings, then click Save & Apply - Navigate to Resolv and Hosts Files tab and check the Ignore resolv file option to prevent the router from using the DNS servers provided by your ISP
Intercept all DNS traffic
This step is optional, however there are apps and devices that ship with a harcoded DNS server (such as 8.8.8.8) making our filtering rules useless unless we redirect those queries to our AGH instance.
-
Navigate to LuCI → Network → Firewall → Port Forwards
-
Click Add and specify:
- Name:
Intercept-DNS
- Protocol: TCP, UDP
- Source zone:
lan
- External port:
53
- Destination zone: unspecified
- Internal IP address: any
- Internal port: any
- Name:
-
Then click Save & Apply
CLI instructions
Final notes
Now that you have AdGuard Home up and running feel free to play with the settings, here are some of my recommendations:
DNS
Choose the DNS providers of your choice (Adguard Home supports both regular unencrypted DNS and encrypted DNS protocols such as DoH, DoH3, DoT and DoQ out of the box):
-
Upstream DNS servers:
h3://cloudflare-dns.com/dns-query h3://dns.google/dns-query quic://dns.nextdns.io [/lan/]127.0.0.1 [//]127.0.0.1
-
Parallel requests:
enabled
(improves performance) -
Private reverse DNS servers (for client names resolution):
127.0.0.1
-
Rate limit:
0
(if this is your LAN I don't see any reason to limit the number of requests) -
Optimistic caching:
enabled
(dramatically improves performance)
Filters
Adguard Home supports hosts and adblock style blocklists, you can choose from the ones provided by default or add your own.
Personally, I use the HaGeZi Light blocklist but OISD Big is another good alternative for a set and forget setup.
Enjoy happy and safe browsing!