this post was submitted on 15 Jan 2024
167 points (96.6% liked)

Selfhosted

40767 readers
1644 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 2 years ago
MODERATORS
 

I've been aware of pi-hole for a while now, but never bothered with it because I do most web browsing on a laptop where browser extensions like uBlock origin are good enough. However, with multiple streaming services starting to insert adds into my paid subscriptions, I'm looking to upgrade to a network blocker that will also cover the apps on my smart TV.

I run most of my self hosted services on a proxmox server, so I'd like something that'll run as an LXC container or a VM. I'm also vaguely aware that various competing applications have come out since pi-hole first gained popularity. Is pi-hole still the best thing going, or are there better options?

top 50 comments
sorted by: hot top controversial new old
[–] originalucifer@moist.catsweat.com 52 points 11 months ago

pihole is mature and very functional. i jumped in last summer, no regrets.

[–] PainInTheAES@lemmy.world 38 points 11 months ago

AdGuard Home and blocky are other popular options. I switched over to AdGuard Home a while back because it supported DNS over HTTPS although I'm not sure if that's still a relevant reason. I run AGH as a docker container but it is easy to run in a LXC or VM. There's also a tool to sync configs if you need multiple instances. Notice: AGH block lists are formatted like uBlock Origin lists so you will not be able to use PiHole style lists.

DNS based ad blockers won't work when ads are served from the same place as the content. Which is why DNS based ad blockers don't work against Twitch or YouTube. So YMMV.

If you're looking to block interface ads and select streaming service ads there are block lists available like this one. The game with smart TVs is blocking the ads breaks the TV a little because sometimes it calls back to the same servers for updates and misc info like weather.

[–] bdonvr@thelemmy.club 20 points 11 months ago (8 children)

Pi-hole is great, but unfortunately ads in YouTube or other streaming services is not one of the things it blocks.

load more comments (8 replies)
[–] Decronym@lemmy.decronym.xyz 15 points 11 months ago* (last edited 11 months ago)

Acronyms, initialisms, abbreviations, contractions, and other phrases which expand to something larger, that I've seen in this thread:

Fewer Letters More Letters
DNS Domain Name Service/System
HTTP Hypertext Transfer Protocol, the Web
HTTPS HTTP over SSL
IP Internet Protocol
IoT Internet of Things for device controllers
LXC Linux Containers
PiHole Network-wide ad-blocker (DNS sinkhole)
SSL Secure Sockets Layer, for transparent encryption
VPN Virtual Private Network

7 acronyms in this thread; the most compressed thread commented on today has 5 acronyms.

[Thread #431 for this sub, first seen 15th Jan 2024, 23:55] [FAQ] [Full list] [Contact] [Source code]

[–] plz1@lemmy.world 14 points 11 months ago (2 children)

NextDNS.

Also, be wary of relying on anything blocking ads on streaming services this way. They will likely serve them within the video stream, so not network-blockable.

[–] Kid_Thunder@kbin.social 4 points 11 months ago (5 children)

NextDNS caps your queries per month on the free account. ControlD doesn't and you can pick a various mix of their public DNS resolvers. You don't necessarily get the granular control with doing it this way for free that you can get with NextDNS though.

If you do check out these, make sure you click the Secure Resolvers if you'd prefer for DLS/DOQ/DNS over HTTPS instead of Legacy.

load more comments (5 replies)
load more comments (1 replies)
[–] Gooey0210@sh.itjust.works 12 points 11 months ago (2 children)

Adguard-home is way better than pi-hole imo

[–] Guajojo@lemmy.world 4 points 11 months ago (3 children)

Pihole user for more than 5 years,.can confirm that it is indeed better, made the switch few months ago

[–] DreadPotato@sopuli.xyz 7 points 11 months ago (1 children)

What makes adguard home better than pihole? Genuinely curious, I'm running pihole now and have been for a couple of years without issues.

load more comments (1 replies)
[–] Maximilious@kbin.social 4 points 11 months ago (1 children)

What makes it better other than the UI? I'm weary of using it because it is developed by Russian developers.

[–] Gooey0210@sh.itjust.works 3 points 11 months ago (5 children)

Encryption, UI, probably a little bit more serious development

But encryption is a big thing, DoT, DoH, Quic. And soon they will have ECH

[–] SpaceCadet@feddit.nl 3 points 11 months ago (4 children)

Just wanted to chime in and say that with a pihole you can also have encryption if you point to a local resolver like cloudflared or unbound.

My pihole forwards everything to a cloudflared service running on 127.0.0.1:5353 to encrypt all my outgoing DNS queries, it was really easy to setup: https://docs.pi-hole.net/guides/dns/cloudflared/

load more comments (4 replies)
load more comments (4 replies)
load more comments (1 replies)
[–] dan@upvote.au 3 points 11 months ago (2 children)

Plus it's easy to run multiple AdGuard Home servers and keep them in sync using https://github.com/bakito/adguardhome-sync

load more comments (2 replies)
[–] Rookeh@startrek.website 10 points 11 months ago

I use both. Pi-hole running in a docker container on one of my home servers which my gateway is configured to assign as the default DNS for all clients, and uBlock Origin on all my browsers to catch everything else.

Pihole is pretty good at catching ads on platforms that are not suited to browser based blockers (IoT devices, streaming boxes etc) but it isn't perfect and is best used in conjunction with another solution.

[–] unwillingsomnambulist@midwest.social 9 points 11 months ago (3 children)

Pi-Hole’s great. Got my primary instance on a Pi 4 and three secondaries (one per vlan) on LXCs. Works so well it feels weird seeing ads when I’m not at home, I’m actually considering using Tailscale to route all my queries through my home connection.

[–] zylinderhut@feddit.de 7 points 11 months ago

I second that, turns out 90% of the queries on my network come from my Libratone speakers and they seem to desperately try and reach China (.com.cn)

[–] Arkhive@lemmy.blahaj.zone 3 points 11 months ago

I do this and it works great. Ad block on all my devices regardless of proprietary sandboxes. I also use Syncthing over my tailnet IP addresses so that traffic never leaves my “grounds”. I’m slowly building out a whole suite of services I host only within my tailnet, jellyfin, calibre, invidious, it been a great learning experience. I’m about to set up a proper home lab, finally moving everything off an old laptop.

[–] rentar42@kbin.social 3 points 11 months ago* (last edited 11 months ago)

Hint: you don't need to route all your traffic through your VPN to make use of the pihole adblocking: Just DNS. If your at home internet is even moderately stable/good then this should barely affect your roaming internet experience, since DNS traffic is such a small part of all traffic.

Also, since I'm already mirroring the configuration of my PiHole instance to a secondary one, I'm considering putting a tertiary one on some forever-free cloud server instance and just using that when not at home (put it into the same wireguard vpn to prevent security nightmares). That way my roaming private DNS wouldn't even depend on my home internet.

[–] Darkassassin07@lemmy.ca 7 points 11 months ago

DNS based ad blocking does not block video ads served by streaming services. You'll need a modified client specific to the service you want to block ads for to achieve that.

[–] philpo@feddit.de 7 points 11 months ago

If you are more into a full DNS solution that can also block Technitium DNS is a reasonable choice. It is fairly userfriendly, can be run in an LXC easily (I am doing exactly that), able to use multiple block lists in any combination you want, can be controlled by an API, is regularly updated,etc.

I couldn't be happier with it, even though the learning curve is somewhat steep, when you are new to DNS. It is a fully fledged DNS server after all.

[–] Codilingus@sh.itjust.works 7 points 11 months ago (1 children)

Adguard home is like pihole, but has built in encrypted DNS options. For easy mode NextDNS.

They pretty much all have the same block lists to choose from.

[–] KyuubiNoKitsune@lemmy.blahaj.zone 4 points 11 months ago

I use 2 cloudflare containers that the pihole points to. That gives me DNS over https but it's more of a mission to set up.

[–] lemming741@lemmy.world 7 points 11 months ago (9 children)

I run pihole on proxomox, and also opnsense in the same box. Then you can forward all port 53 traffic to your pihole. Some devices have hard-coded DNS that will bypass the DHCP DNS.

load more comments (9 replies)
[–] StreetKid@reddthat.com 6 points 11 months ago

I am very happy with Blocky https://github.com/0xERR0R/blocky

No UI, just a simply config file if that is your thing.

[–] dandroid@dandroid.app 4 points 11 months ago (1 children)

I set up pihole a few months ago. I added a few dozen of the highest recommended block lists, but I wasn't impressed at all. It didn't seem very effective at blocking ads in both real world tests and tests that I found online specifically for testing your adblocker.

[–] khorak@lemmy.dbzer0.com 7 points 11 months ago (6 children)

The best test I have is my wife complaining, that ads in Google results cannot be opened. It seems to work flawlessly for me 😂

On a more serious note, what tests are these? The thing is, the ad domain is either in the blocklist or not. Ads inside apps are hard to block (I even have adaway on my android, and some slip through as eg Instagram reuses the backend domains/endpoints for ad delivery).

load more comments (6 replies)
[–] Fedegenerate@lemmynsfw.com 4 points 11 months ago (4 children)

I went with a pi running pi-hole. I got it as a project where the tool is the project. But, it's essential infrastructure now and I don't want to mess with it incase I break it. I'm an idiot with a poor history with pi guides so far, so I will break it. It's running the adblock fine, I assume it's doing the tracking and malware blocking fine too.

Sadly, that's where I leave the project for now, I had intended to give it a HDD and some... other... software but I really don't want to break it. I tried convincing the better half that I obviously need to N+1 but she wisely did not see reason.

load more comments (4 replies)
[–] m_randall@sh.itjust.works 4 points 11 months ago* (last edited 11 months ago)

There’s nothing really bad with PiHole but I moved from it to AdGuard, both on proxmox. The UI brought me in, makes management a bit easier. It also supports DoH right out of the box.

Try em both. See what you think.

[–] Father_Redbeard@lemmy.ml 4 points 11 months ago (1 children)

I ran Pi-hole for years. Switched to adguardhome running on 2 servers (primary and secondary) with AGH sync keeping the two instances identical. I like the UI better, dns rewrites, and the ability to simply block services entirely with a single click.

load more comments (1 replies)
[–] 7u5k3n@lemmy.world 3 points 11 months ago* (last edited 11 months ago) (4 children)

https://lemmy.world/post/10327372

This dude uses mini PCs for pi type tasks.

Might be easier to get a hold of.

Good luck OP

load more comments (4 replies)
[–] ajmxco@lemmy.world 3 points 11 months ago

I use knot-resolver with the big block list from https://oisd.nl/ and it works great.

[–] indigomirage@lemmy.ca 3 points 11 months ago

Pfblockerng on pfsense is very powerful.

load more comments
view more: next ›