AdGuard Home vs. PiHole – Best adblocker?

There are two popular solutions to getting rid of ads in the home network, AdGuard Home and PiHole. Which one is best? What are the pros and cons of each?

What is Adguard?

AdGuard provides network-wide ad-blocking and content-filtering. It uses DNS filtering to intercept block ads, trackers, and malicious sites for admins before these sites and resources even load on the end-user client.

DNS resolver

DNS is like the “phone book” for your network. Since AdGuard acts like the phonebook, it can “hang up” on any calls out to resources that you don’t want found in your blocklists like ads and trackers.

Adguard has many solutions

Adguard is not just a single solution company. They actually offer many different products. These include browser extension, mobile apps, and the self-hosted solution that is the subject of this blog post – AdGuard Home solution.

The commercial products include:

• Android app

• Browser extension

• IOS app

• Windows App

• macOS App

In addition, they offer an Adguard VPN and DNS server solution.

AdGuard Home Features

Note the variety of features, including:

1. Network-wide ad blocking: Blocks ads and trackers for all devices connected to your network.

2. Custom filtering rules: Add specific rules to block or whitelist certain domains.

3. Parental control: Force safe search on search engines and block adult content.

4. Encrypted DNS: Support for DNS over HTTPS and DNS over TLS to encrypt DNS queries.

5. DHCP server: Built-in DHCP server for easier network configuration.

AdGuard Home Admin Web Interface

I like the AdGuard Home interface. It is not too busy and has the information you want to see at your fingertips. You can manage settings, monitor blocks and DNS queries easy enough and you can create custom filtering rules.

Note the Adguard Home Dashboard below.

AdGuard Home DNS

Like Pi-Hole AdGuard Home is a DNS server that sinkholes DNS queries to unwanted ads and trackers. It can be configured as an upstream DNS server and supports encrypted DNS as well.

AdGuard Home Hardware Requirements

The DNS server can run on various devices, including Raspberry Pi, virtual machines, and dedicated hardware. It has relatively low hardware requirements:

1. CPU: A 1GHz or faster processor is recommended.

2. RAM: 512MB or more is recommended.

3. Disk space: At least 100MB of free disk space is required for installation and operation.

AdGuard Home Setup

After installing AdGuard Home DNS server, access the web interface to complete the initial setup. During this process, you’ll configure upstream DNS servers, enable encrypted DNS (if desired), and set up any additional options, such as custom filtering rules or parental control settings.

AdGuard Home installation

There are several ways to install AdGuard Home edition as you can install it on a full operating system, or run it as a Docker container. You can run the container using either the Docker run command or using Docker compose code.

Setting up AdGuard Home DNS server is a simple process:

1. Download the installation script or package for your platform.

2. Run the installation script or package, following the prompts to complete the installation.

3. Access the web interface to configure settings like upstream DNS servers and encrypted DNS.

Install Adguard Home with Docker Compose

You can also use Docker Compose to install Adguard.

adguard:
    image: adguard/adguardhome
    restart: always
    ports:
      - 53:53/tcp
      - 53:53/udp
      - 67:67/udp
      - 853:853/tcp
      - 853:853/udp
      - 3000:3000/tcp
      - 5443:5443/tcp
      - 5443:5443/udp
      - 8853:8853/udp
    networks:
      traefik:
        ipv4_address: 172.19.0.53
    volumes:
      - '~/homelabservices/adguard/work:/opt/adguardhome/work'
      - '~/homelabservices/adguard/conf:/opt/adguardhome/conf'
    container_name: adguard

Adguard setup options

During setup, you’ll have the option to configure various settings, such as:

1. Upstream DNS server: Choose the upstream DNS servers that AdGuard Home should use to resolve non-blocked DNS queries.

2. Encrypted DNS upstream servers: Enable DNS over HTTPS (DoH) or DNS over TLS (DoT) to encrypt your DNS queries.

3. DHCP server: Enable the built-in DHCP server if needed, or configure your existing DHCP server to use AdGuard Home as the DNS resolver.

Configuring clients to point to Adguard Home

How do you configure your clients? It is a simple matter of changing client DNS server settings to point to the IP address of the Adguard Home server as the primary DNS server.

After pointing your first client to the Adguard Home server, you should start seeing the DNS queries in Adguard. It also provides a quick and easy way to disable protection, which is a nice feature.

Adguard Home cons

Note the following cons of AdGuard Home server:

1. Compatibility: Some routers or network devices may not be compatible with AdGuard Home

2. Performance: As it operates at the DNS level, it might lead to slightly increased latency in DNS queries

3. False Positives: The filtering can sometimes lead to false positives, where legitimate websites or content may be blocked due to overzealous filtering rules

4. Regular Updates: To maintain optimal performance and security, it requires regular updates, which may include changes to the filtering rules, software improvements, and bug fixes

5. No Conditional forwarding – While you can configure the upstream DNS server, there is no conditional forwarding

What is Pi-Hole?

Pi-Hole is another very popular ad blocking solution for use at home . It functions as a DNS sinkhole ad blocker that intercepts DNS requests and then it drops the DNS request for the ad URL or tracking url

By doing this, it can protect all the devices connected to your home or office network. This includes not only devices like computers and laptops, but also smartphones, tablets, and even IoT devices.

Friendly web interface

Pi-Hole has a very intuitive web interface that most like. The interface is informative and gives you the information you are looking for, but at the same time it is not too busy.

Pi-Hole has a lot of great features and the ad-blocking and malware protection of the solution with the blocklists is something that most find to be just what they were looking for in the home environment.

Pi-Hole Setup Options

Pi-Hole installs are simple and easy and involve the following steps:

1. Download the Pi-Hole installation script from the official website or GitHub repository.

2. Run the script in the command line and follow the prompts to complete the installation.

3. Configure your devices or router to use Pi-Hole as the DNS server.

4. Alternatively, without running the script, you can download the Docker container for Pi-Hole

Note the following steps with the installation script deploying Pi-Hole on an Ubuntu Server.

Web Interface

Both AdGuard Home and Pi-Hole offer user-friendly web interfaces for administration and configuration. These interfaces allow users to manage settings, view statistics on blocked DNS queries, and add custom filtering rules or specific domains to block or whitelist.

Install Pi-Hole with Docker Compose

You can use the following Docker Compose code to deploy Pi-Hole using Docker Compose.

pihole:
    image: pihole/pihole:latest
    container_name: pihole
    ports:
      - "53:53/tcp"
      - "53:53/udp"
      - "80:80/tcp
    dns:
      - 127.0.0.1
      - 1.1.1.1
    environment:
      TZ: 'America/Chicago'
      WEBPASSWORD: 'password'
      PIHOLE_DNS_: 1.1.1.1;9.9.9.9
      DNSSEC: 'false'
      VIRTUAL_HOST: piholetest.cloud.local # Same as port traefik config
      WEBTHEME: default-dark
      PIHOLE_DOMAIN: lan
    volumes:
      - '~/homelabservices/pihole/pihole:/etc/pihole/'
      - '~/homelabservices/pihole/dnsmasq.d:/etc/dnsmasq.d/'
    restart: always
    networks:
      traefik:
        ipv4_address: 172.19.0.13

Pi-Hole Cons

While Pi-Hole is an excellent DNS ad blocker, there are some downsides:

1. Lack of “officially” supported encryption: Pi-Hole doesn’t natively support DNS over HTTPS or DNS over TLS

2. Limited parental control features: Pi-Hole lacks advanced parental control options, like forcing safe search

3. Resource usage: I have seen reports that Pi-Hole might consume more resources on your device than AdGuard

Clients Configuration

To start using AdGuard or Pi-Hole, you must configure your devices to use them as DNS servers. This can be done on individual devices or at the router level, depending on your network setup.

1. Router configuration: Update your router’s DNS settings to point to the IP address of your AdGuard or Pi-Hole installation.

2. Device configuration: If you prefer to configure specific devices, update the DNS settings on each device to use the IP address of your AdGuard Home or Pi-Hole installation.

Lack of “officially” supported encryption

Pi-Hole does not officially support encrypted DNS protocols like DNS over HTTPS or DNS over TLS out-of-the-box. However, it is possible to configure Pi-Hole with additional software, such as a third-party DoH or DoT proxy, to encrypt DNS queries.

Quickly Block Well-Known Services

Both AdGuard Home and Pi-Hole offer built-in block lists that help users quickly block well-known services, such as social media trackers, analytics platforms, and popular ad networks. Users can enable or disable specific blocklists based on their preferences and add custom lists as needed.

Resource Usage

AdGuard Home and Pi-Hole have different resource usage profiles. AdGuard Home tends to be lighter on system resources than Pi-Hole, making it a more suitable choice for devices like the Raspberry Pi. However, both solutions can run efficiently on most hardware, including virtual machines and dedicated servers.

Encrypted DNS upstream servers

DNS over HTTPS (DoH), DNS over TLS (DoT), and DNS over QUIC (DoQ) are encrypted DNS protocols that provide additional security and privacy by preventing eavesdropping and tampering of DNS queries. AdGuard Home supports both DoH and DoT out-of-the-box, while Pi-Hole requires additional configuration or software to enable encrypted DNS.

1. DoH: Encrypts DNS queries using the HTTPS protocol, which is widely supported and can bypass network restrictions.

2. DoT: Encrypts DNS queries using the TLS protocol, providing similar security benefits to DoH but with less compatibility and potential for bypassing restrictions.

3. DoQ: A newer protocol that encrypts DNS queries using the QUIC protocol, offering improved performance and security compared to DoH and DoT but with more limited support and adoption.

AdGuard Home vs PiHole

AdGuard Home and Pi-Hole are excellent network-wide ad-blocking solutions offering similar functionality, but with slight differences in how they operate. Some key differences include the following:

1. Encryption: AdGuard Home natively supports DNS over HTTPS and DNS over TLS, while Pi-Hole requires additional configuration or software for encrypted DNS.

2. Parental control: AdGuard Home offers more advanced parental control features than Pi-Hole.

3. Resource usage: AdGuard Home is generally lighter on system resources than Pi-Hole, making it a better choice for devices like the Raspberry Pi.

Ultimately, the choice between AdGuard Home and Pi-Hole depends on your specific requirements, preferences, and hardware constraints.

Differences Between AdGuard and Pi-Hole

While Pi-hole and Adguard share many similarities, there are some key differences:

1. Encryption support: AdGuard Home supports encrypted DNS out-of-the-box, while Pi-Hole requires additional configuration or software.

2. Parental control features: AdGuard Home offers more robust parental control options compared to Pi-Hole.

3. Resource usage: AdGuard Home is generally more resource-efficient than Pi-Hole, making it a better choice for devices with limited resources.

Comparing the differences

Wrapping up

Both of these solutions are great for doing what you want them to do, block ads, and other unwanted types of traffic. I think Pi-Hole has the edge overall in terms of interface, ease of use, and just overall popularity of the solution which tells you something about how it works and what others think about it. However, don’t count out AdGuard. It also has great features. I think for most it is one of those things that you will want to stand up both in your environment and try them out to see which one you like the best.