Hey guys, I recently bought an orange pi zero 2 and, as the title suggests, I want to put an ad blocker on it. Those are the options. I also will put openvpn for external connection to my network. Does anyone have experience with them? What would you suggest?
Used Pihole for years. Gave AdGaurd Home a try and never looked back.
Every few months you’ll have to fiddle with your Pihole config as an upgrade breaks it. Unbound is a whole separate beast. Refreshing the lists seem to take a lot of processing. You need a second instance, just because.
AdGaurd Home just works. DNS over HTTPS and DoH for your upstream all built in. Upstream can be fail over or fastest response. Upgrades work in browser in a matter of seconds. And to date, has never fallen over (on the exact same hardware and OS as my Piholes).
AdGaurd Home’s service blocking, and Safe Search enforcement is a useful add on for kids devices too.
You should really run 2 instances anyway, for fail over, so why not run one of each and decide for yourself which you prefer?
Every few months you’ll have to fiddle with your Pihole config as an upgrade breaks it. Unbound is a whole separate beast. Refreshing the lists seem to take a lot of processing. You need a second instance, just because.
What are you talking about. None of that is true.
Well, congrats to you. But as I said - on the same hardware, AGH runs so much smoother and more reliably. Maybe piHole is more reliable now - but back when I was using it, upgrades would kill configs, you’d have to reinstall – it was a common thing every few months. Forgot to mention, AGH also runs on BSD, which means you can run it on your Opsense / pFsense box too if you run one.
This is what I did, too. Used Pi-Hole for a year or so, and it required regular tinkering and repairing. Planned to test AGH for a short time in Docker container on a Pi4B, and it’s been running that way for 2 years without any issues.
Easier to administer, more functionality and rock solid. I’ve never looked back.
As a counterpoint I’ve had pihole running in various configurations for 7 or 8 years and the only problem I’ve had was a log file got too big or something. Works great.
Logrotate is your friend
It also depends what else you are trying to do, but I love PiHole’s ability to act as a proper DNS server for my LAN with support for A and CNAME records
With AdGuard Home you don’t even need to have log files, there’s built in options to store it in-memory.
My experience exactly. I keep telling myself I should set a cron job or something to purge the logs after some time, but it happens infrequently enough that it’s not a big deal.
Lots of love for Adguard home, I’m inclined to go for that. Thanks all
Tried all three over the years… I have to say AdGuard Home due to how feature-rich it is. Currently have two instances running, one at home the other for remote usage. AGH is better than the other two at nearly everything.
I liked the statistics in Pihole a little bit more, but the functions and easyness in adguard are much better.
I started on PiHole, but when I found AdGuard Home I tried it and it’s so much better. My group chat that self hosts ended up swapping too.
The interface is so much cleaner and easier to use, anecdotally it’s so much more reliable. And have more features built in from the get go.
Plus you can edit it without having to refresh Gravity like in PiHole. Nothing major but it saves me a few seconds of time.
+1 to AdguardHome. Set it up on a Synology NAS via docker following some written guides found online. Been rock solid for years.
I may try this (again). I find that even with DNS level blocking, I still end up using Adguard for Windows and Android, because it removes whitespaces left behind by DNS blockers. Do you also find this to be the case?
I do find that to be the case. Also some ADs just can’t seem to get filtered by DNS blockers…. DNS blocker still helps for devices that can’t have their own AD blocker though.
DNS blocker still helps for devices that can’t have their own AD blocker though.
Yes! I actually use Adguard DNS (public) on my TV/game console to cut down on some ads.
Heey iam using pihole for a few years now i realy like that it works good with no problems so far. Even have unbound pared wirh it and for tunneling home i use wireguard never tried adguard or blocky
Another vote for PiHole.
Also, thanks for turning me on to Unbound. Which Pi are you running those services on and how’s the performance?
Iam running it a raspberry 3b its doing fine we are with 3 ppl in house so there are not that many request
No the one you asked, but I’m running pihole on a lenovo M93 (fedora server) with 8Gb of ram. No kill like overkill, I guess.
The only time any of the cpu cores pops above 1% is when I’m updating the config, and at the moment it is hovering at 293 MB of RAM used according to the
freecommand.Ha — no kill like overkill. Indeed! Thanks for sharing!
I’m currently running pihole on a Pi 3B. It’s been solid for about a year on that hardware.
I’m going to do a little digging on the compute needed per WireGuard connection. Cheers!
I’ve read about unbound but not knowledgeable enough to understand what it does. Could you king of eli5 it to me? Also, is wireguard better than openvpn?
Wireguard is very lightweight and it just works. No overly complex setup, tools, matching protocols, algorithms, versions, etc. It just works and it’s simple UDP traffic. It’s the first self hosted VPN that I actually love and that works on all my machines, mobiles, VMs with just a config file to fine tune what should go over the line.
This is the reason indeed its lightweight and installation and connecting other clients was easy with the qr code
AFAIK, instead of forwarding your DNS requests to an upstream DNS provider (eg. 1.1.1.1), it resolves the domain step by step. First, it asks the root nameserver “where’s org.?”, the returned server is asked “where’s example.org.?”, the returned server is asked “where’s www.example.org.?” and so on until you get your target IP.
See also https://en.wikipedia.org/wiki/Domain_Name_System#Address_resolution_mechanism
Edit: there is also a good explaination on https://docs.pi-hole.net/guides/dns/unbound/#what-does-this-guide-provide
I’ve used Pihole and Adguard. Liked them both, but ultimately went back to Pihole.
I’ve been using adgaurd home from the official truenas apps. Running for about 3 or 4 months. It’s doing it’s job but it’s no silver bullet. Also added a good few custom lists.
Two instances of AdGuardHome … though tempted to switch to the new Gravity.
I use AGH myself, it runs great and stays out of the way. I have not tried pihole so can’t speak on it
I also started on pihole, but switched to Blocky because Blocky is way more DevOps friendly (I run this stuff on microk8s on a Pi cluster).
Then I just ditched it altogether and now use NextDNS. Well worth paying the small fee for. But you obviously don’t get the same DIY satisfaction out of it.
But NextDNS is closed source isn’t it? Personally I wouldn’t trust proprietary software with my entire DNS request history.
Well it’s a service I’m paying for, so yes a bit of trust is required. Their privacy policy looks decent as well. As it stands, I trust them more with it than I would my ISP, Google or Microsoft.
You can choose what region to log to (I chose Switzerland) and you can also configure the retention period.
Started on PiHole a long time ago, went to AdGuardhome, then have moved over to Technitium DNS (https://technitium.com/dns/). That might be another option to investigate, it allows Ad blocking as well as a lot more than AdGuardhome and Pihole.
Last I tried Technitium, it took over 100ms to resolve domain names that take 1ms otherwise.
Hmmm…I’ve never noticed any lag on my end, but then again, I don’t time my DNS ms resolutions myself. :) Good to know though!
This might not be a factor you care about, but Adguard is developed in Russia.
Even if that were true, it would not matter since the source code is open and you can take a look at it to put this phobia of yours to rest.
Also FYI, AdGuard is based in Cyprus.
It’s not just about trusting the code (which anyway isn’t a small task to review it, and all future PRs, and run your own builds from reviewed code) but also there are some people who will avoid Russian developed stuff at the moment for moral reasons, you know, because of the whole Ukraine thing.
Which I don’t find reasonable tbh, at least for open source stuff. You are not actively supporting the Russian government, and a lot of Russians also don’t support the war. But to each their own.
