AdGuard then routes to one of two different backends: for local domains it routes to CoreDNS that gets the hosts from my UDM-Pro to give everything nice hostnames. I’ve got blocklists for DoH hosts because I can’t just block port 443. My preferred configuration is using some fairly invasive scripts to redirect all outbound DNS except to NextDNS. I’ll likely retire PiHole in favor of AdGuard Home the next time the SD card dies on that Pi. It also works a little better for configuration for some devices. PiHole seems to have a better landing page for analytics out of the box. The single binary and clean configuration is nice. This means that my ISP can see the IP addresses of hosts but not their domain names unless they get aggressive with snooping. In particular it makes it much easier to control routing for queries by domain and supports forwarding over DNS over TLS, DoH, and DoQ natively. I keep both on my network running on two different raspberry pis.ĪdGuard Home is a lot cleaner to use. Although NextDNS also allows you to play with blocklists if you want. But I have no idea if they do, and outsourcing putting all that together to a service like NextDNS seems like a better solution than a locally hosted option that relies on a user figuring out the right blocklists to use. It's hard to tell how useful those features are and there's no reason blocklists couldn't incorporate all those kinds of things. This blocks a lot of stuff, but NextDNS also has options like blocking typo squatting, newly registered domains, domains that are created by domain generation algorithms, and whatever their "AI-driven threat detection" feature is doing. That's true, but functionally NextDNS also has several features AdGuardHome does not that made me switch even though I'd prefer a self-hosted solution all else being equal.ĪdGuardHome (and pi-hole) work almost entirely on domain blocklists they regularly download from configurable sources (AdGuardHome also incorporates Google safe browsing).
0 kommentar(er)
