It also reminds me of how terrible the internet is when I don’t have these protections. It’s amazing how many semi-hostile devices this found on my network (looking at you Samsung TV and devices that hard code in Google’s DNS). On PiHole it’s a little more complicated as it can’t directly forward with DNS over TLS. Everything else goes out via DNS over TLS to NextDNS. AdGuard then routes to one of two different backends: for local domains it routes to CoreDNS that gets the hosts from my UDM-Pro to give everything nice hostnames. I’ve got blocklists for DoH hosts because I can’t just block port 443. My preferred configuration is using some fairly invasive scripts to redirect all outbound DNS except to NextDNS. I’ll likely retire PiHole in favor of AdGuard Home the next time the SD card dies on that Pi. It also works a little better for configuration for some devices. After you set it up, it’ll cover ALL your home devices, and you don’t need any client-side software for that. PiHole seems to have a better landing page for analytics out of the box. AdGuard Home is a network-wide software for blocking ads & tracking. The single binary and clean configuration is nice. This means that my ISP can see the IP addresses of hosts but not their domain names unless they get aggressive with snooping. In particular it makes it much easier to control routing for queries by domain and supports forwarding over DNS over TLS, DoH, and DoQ natively. I keep both on my network running on two different raspberry pis.ĪdGuard Home is a lot cleaner to use. Although NextDNS also allows you to play with blocklists if you want. But I have no idea if they do, and outsourcing putting all that together to a service like NextDNS seems like a better solution than a locally hosted option that relies on a user figuring out the right blocklists to use. It's hard to tell how useful those features are and there's no reason blocklists couldn't incorporate all those kinds of things. This blocks a lot of stuff, but NextDNS also has options like blocking typo squatting, newly registered domains, domains that are created by domain generation algorithms, and whatever their "AI-driven threat detection" feature is doing. That's true, but functionally NextDNS also has several features AdGuardHome does not that made me switch even though I'd prefer a self-hosted solution all else being equal.ĪdGuardHome (and pi-hole) work almost entirely on domain blocklists they regularly download from configurable sources (AdGuardHome also incorporates Google safe browsing).
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |