I self host a lot of things, pihole and adguard is one thing I no longer self host for about five years now. $20/year for NextDNS for the whole family is worth every penny and most importantly spouse approved. My spouse doesn’t mind what we self host as long as the friction to use it is not too high.
I have two pi-holes running concurrently, mainly so it doesn’t ruin the internet for my wife if one goes down. In 4-5 years of running pi-hole I’ve had I think 3 complete failures, 2 were due to cheap SD card corruption and one due to a failed upgrade to pihole v6.
I also excluded most of her devices from any filtering by the pihole because she wants to be able to click the sponsored links and ads on Google. Whatever.
I want to make a few points to help clarify some of the choices and why I made them. This is very helpful and I appreciate all the comments as it highlights how some things are clear in our head but we don't end up sharing that with anyone reading. So:
1. I looked at AdGuardHome but I preferred PiHole because I found its documentation a bit more helpful for my purpose (the Unbound sample, the Wireguard setup, etc)
2. I saw the docker compose package, but I wanted something that runs at the OS level. There are docker packages for Wireguard too and I had also a look at Mistborn (https://gitlab.com/cyber5k/mistborn)
3. The VPN is the main thing I wanted setup to reach resources on my home network, adblocking and DNS came a bit later, so you can run this without a VPN, but its central for my setup.
4. I really wanted this setup at the OS level and to hopefully learn more about the whole process.
> 1. I looked at AdGuardHome but I preferred PiHole because I found its documentation a bit more helpful for my purpose (the Unbound sample, the Wireguard setup, etc)
Probably the right call, but funnily enough, I had to go the other way. PiHole started using 100% of the CPU on my Raspberry Pi 1B after an update to version 6.x, which then obviously slowed the entire network to a crawl and made it unusable. Although later versions supposedly fixed that, whatever was the latest version at the time still had that problem for me, even on a completely fresh install.
AdGuardHome worked for me without any hassle, but I would never have even considered it, given I'd been happy with PiHole for 5+ years, if it hadn't been for the fact that whatever update PiHole did completely borked its usability.
I just use blocklists in Unbound without having to bother with Pi-Hole. Nothing against Pi-Hole, I just find it easier long-term to maintain fewer services.
I have looked at that briefly, I think I had gone with pihole in the end for the ability of having a UI to easily see any resolution issues and local dns management (which, I think, is also present in Unbound but not in a UI but via configs).
I have a similar setup, but with AdGuardHome. I used Pi-Hole in the past, but AdGuardHome's UI is from this century at least. That, and the fact that with Pi-Hole it was very difficult have IPv6 working.
I have an instance on my router in my home network for covering all devices by default, and a hosted one to which I connect when outside via mobile network. Split-tunneling with only the DNS routed, so that I don't have to push all traffic through the VPN.
You don't need a VPN! I host an AdguardHome instance and just expose TCP/853. I put my domain name in the Private DNS settings of my Android and I get 24/7 adblocking without the hassle and battery drain of my Wireguard VPN (which I still use to access private stuff)
I self host a lot of things, pihole and adguard is one thing I no longer self host for about five years now. $20/year for NextDNS for the whole family is worth every penny and most importantly spouse approved. My spouse doesn’t mind what we self host as long as the friction to use it is not too high.
I have two pi-holes running concurrently, mainly so it doesn’t ruin the internet for my wife if one goes down. In 4-5 years of running pi-hole I’ve had I think 3 complete failures, 2 were due to cheap SD card corruption and one due to a failed upgrade to pihole v6.
I also excluded most of her devices from any filtering by the pihole because she wants to be able to click the sponsored links and ads on Google. Whatever.
I want to make a few points to help clarify some of the choices and why I made them. This is very helpful and I appreciate all the comments as it highlights how some things are clear in our head but we don't end up sharing that with anyone reading. So:
1. I looked at AdGuardHome but I preferred PiHole because I found its documentation a bit more helpful for my purpose (the Unbound sample, the Wireguard setup, etc)
2. I saw the docker compose package, but I wanted something that runs at the OS level. There are docker packages for Wireguard too and I had also a look at Mistborn (https://gitlab.com/cyber5k/mistborn)
3. The VPN is the main thing I wanted setup to reach resources on my home network, adblocking and DNS came a bit later, so you can run this without a VPN, but its central for my setup.
4. I really wanted this setup at the OS level and to hopefully learn more about the whole process.
Thanks again for the suggestions though!
> 1. I looked at AdGuardHome but I preferred PiHole because I found its documentation a bit more helpful for my purpose (the Unbound sample, the Wireguard setup, etc)
Probably the right call, but funnily enough, I had to go the other way. PiHole started using 100% of the CPU on my Raspberry Pi 1B after an update to version 6.x, which then obviously slowed the entire network to a crawl and made it unusable. Although later versions supposedly fixed that, whatever was the latest version at the time still had that problem for me, even on a completely fresh install.
AdGuardHome worked for me without any hassle, but I would never have even considered it, given I'd been happy with PiHole for 5+ years, if it hadn't been for the fact that whatever update PiHole did completely borked its usability.
Sadly, the Wireguard protocol is easily identified and blocked, and need to add obfuscation layer to make it work.
I just use blocklists in Unbound without having to bother with Pi-Hole. Nothing against Pi-Hole, I just find it easier long-term to maintain fewer services.
I have looked at that briefly, I think I had gone with pihole in the end for the ability of having a UI to easily see any resolution issues and local dns management (which, I think, is also present in Unbound but not in a UI but via configs).
May be helpful for others. Fully packaged version
https://github.com/IAmStoxe/wirehole
I have a similar setup, but with AdGuardHome. I used Pi-Hole in the past, but AdGuardHome's UI is from this century at least. That, and the fact that with Pi-Hole it was very difficult have IPv6 working.
I have an instance on my router in my home network for covering all devices by default, and a hosted one to which I connect when outside via mobile network. Split-tunneling with only the DNS routed, so that I don't have to push all traffic through the VPN.
> I used Pi-Hole in the past, but AdGuardHome's UI is from this century at least.
I like Pi-Hole's UI. It's functional and simple.
I didn’t have a problem with IPv6 necessarily with pihole as much as my ISP, AT&T, didn’t play well with me wanting to use another DNS for IPv6.
I ended up just going to NextDNS. All my devices are Apple so I could install the certificate and it works away from home too.
You don't need a VPN! I host an AdguardHome instance and just expose TCP/853. I put my domain name in the Private DNS settings of my Android and I get 24/7 adblocking without the hassle and battery drain of my Wireguard VPN (which I still use to access private stuff)
Another solution to consider is Tailscale. There is a vast free tier and it makes securing your network really simple.
I mentioned that as an alternative along with Headscale and Nebula. Not for me though! At least not now.
Ah you are right, sorry. Somehow I learned on the networks section and stuff for there. Sorry for that.
I went through the journey of having multiple technologies VPNs to my home lab and cross-places. This is fun, a rewarding exercice.
I switched to first Headscale, and then Tilescale for the ease of setting this up, which frees time for other home lab activities