Pi Hole with a few good block lists...
Which block lists?
Out of the box, pihole has a few block lists already set up. Those are pretty good already.
To add more, you can find some good block list collections online. No need to add them all. Pick a good handful, depending on the category of stuff you want to block. Here are some helpful links:
https://github.com/lightswitch05/hosts
... Once you got a few block lists set up, you'll probably want to whitelist some things specifically, that are otherwise caught up in the filter. This is a super helpful resource for that:
https://discourse.pi-hole.net/t/commonly-whitelisted-domains/212
There's a script on github (don't have the link right now) for an automated whitelist. I was expecting it to break some things or end up useless, but it was the perfect addition for me Edit: https://github.com/anudeepND/whitelist
NextDNS
Adguard Home. I find it to be more feature complete, compared to Pi-Hole. Nicer GUI, more options, built in DNS-over-HTTPS/TLS, better client controls & detection, more domain information, better domain list blocking, and so on.
I moved from NextDNS, to Adguard Home. All self hosted, and accessed with a reverse proxy.
Same, used NextDNS and Pi-Hole then move to AdGuard Home til today.
Built-in (DoH, DoT,...) servers are useful and simple to setup with client identification.
Adguard home for everything
nextdns is the most performant option I've used. it often beats our cloudflare even. adguard wasn't bad but it was a bit more cumbersome and very slow.
I don't like recommending self hosting as opening ports on a private network isn't a great idea. you could use something like cloudflare or tailscale to bridge access but you'll run into issues with network speeds.
opening ports on a private network is fine as long as you exercise a sane amount of security measures.
I just use ublock origin
NextDNS. Easy, free, and effective.
Adguard home with a few extra lists and custom rules. Just got the sync tool set up to auto replicate changes from one to another so no more copy/paste to a secondary. Great when I need to restart a VM and don't want to take out the internet while it reboots.
Used pihole some while back but the feature list was tiny by comparison, though it was a good while back so probably unfair to compare.
Also ran with pfBlocker for a while, nice to have it right on the gateway but found it a bit opaque and lacking customization for my needs.
What about Mullwad dns
nextds, feels almost like a pihole but unnecessarily crippled in some ways, which don't really matter to me.
Adguard home for everyone in the house. Externally I just use ublock Origin and Cloudflare's DoH.
NextDNS. Several years now. It’s absolutely brilliant.
Specifically DNS? I have a Pi-Hole on my home network that is configured as a recursive resolver, and a second Pi-Hole on my personal VPN server (same).
ControlD with AdGuard as backup. Might have to try Mullvad's as well. Then AhaDNS Blitz on my phone.
Controld.com
Quad9
I use two across different devices.
base.dns.mullvad.net
noads.libredns.gr
Both offer DNS over TLS and both are privacy focused which was why I decided to use them.
Does DNS over TLS have any advantages over DNS over HTTPS?
Not really and some would argue that from a local network perspective HTTPS is preferable.
The main difference is that HTTPS routes through a standard port so gets "lost" in all other Https traffic whereas TLS uses a distinct port so whilst it's encrypted you would be able to see at the local level that you're using DNS over TLS but not what you're doing.
If you are the "VPN to home, always on" user, go for pi-hole.
Adguardhome has it's strengths when it comes to DoH, DoT, Quic usage.
Blocky installed locally as a service for my PC https://github.com/0xERR0R/blocky
RethinkDNS for my phone https://rethinkdns.com/configure
Adguard Home on the homelab, with my router set to use it as DNS, alongside Tailscale with Headscale on top to reroute all traffic through the home network so that ad blocking works all the time, on all devices that can use Tailscale, and also away from home.
I use the Adblock plugin on an openwrt router to provide blocklists for the whole lan. It works rather weell.
Pihole. Default block lists
I couldn’t get AdGuard Home working properly on my server, so I have been using NextDNS.
This is a good reminder to attempt to get it set up again
PiHole with the Star Trek web UI theme. I think it looks pretty nice and has worked well for me.
I'm using controld dns, the oisd full version, legacy dns on the home router and as a private dns on android. I've tried multiple combinations, but this one has a sweetspot for both blocking and usability.
NextDNS, plus Ublock Origin on any web browser.
I use Adguard because it's pretty reliable and solid.
I would love other options but I haven't found many that rival Adguard. I'm very picky about DNS because frequently services that I use can detect them and most free providers do nothing to alleviate blocking.
Privacy
A place to discuss privacy and freedom in the digital world.
Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.
In this community everyone is welcome to post links and discuss topics related to privacy.
Some Rules
- Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
- Don't promote proprietary software
- Try to keep things on topic
- If you have a question, please try searching for previous discussions, maybe it has already been answered
- Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
- Be nice :)
Related communities
Chat rooms
-
[Matrix/Element]Dead
much thanks to @gary_host_laptop for the logo design :)