• Platform27@lemmy.mlEnglish
    27·
    1 year ago

    Adguard Home. I find it to be more feature complete, compared to Pi-Hole. Nicer GUI, more options, built in DNS-over-HTTPS/TLS, better client controls & detection, more domain information, better domain list blocking, and so on.

    I moved from NextDNS, to Adguard Home. All self hosted, and accessed with a reverse proxy.

    • American_Jesus@lemm.ee
      8·
      1 year ago

      Same, used NextDNS and Pi-Hole then move to AdGuard Home til today.
      Built-in (DoH, DoT,…) servers are useful and simple to setup with client identification.

      • anytimesoon@lemmy.ml
        2·
        1 year ago

        Are you guys not concerned about losing complete access to the internet if something drops on your server?

        I realise these will be very rare cases, but shit happens sometimes, and always seems to happen at the worst possible moments.

        What’s your recovery plan?

        Edit to add that this is the reason I’m on nextdns… Make it someone else’s problem

        • The Doctor@beehaw.orgEnglish
          1·
          1 year ago

          Not really. I maintain backups (one local, one offsite, one snapshotted and stored on a flash drive I carry around with me) of everything at home, including my OpenWRT devices and the configuration of my Pi-Hole. The Pi-Hole is running on an SBC so I also periodically take local images of it with dd in case I need to write a new microSD card and boot it up. I’m not the only one at home that relies on a net.connection every day, so I have to take other folks into account for resilience.

  • zwekihoyy@lemmy.ml
    13·
    1 year ago

    nextdns is the most performant option I’ve used. it often beats our cloudflare even. adguard wasn’t bad but it was a bit more cumbersome and very slow.

    I don’t like recommending self hosting as opening ports on a private network isn’t a great idea. you could use something like cloudflare or tailscale to bridge access but you’ll run into issues with network speeds.

    • spudwart@spudwart.comEnglish
      1·
      1 year ago

      opening ports on a private network is fine as long as you exercise a sane amount of security measures.

      • zwekihoyy@lemmy.ml
        1·
        1 year ago

        most people don’t nor do the aforementioned measures have substantial documentation that is easily accessible by the average user.

        they aren’t even meant for enthusiasts but rather, in industry professionals

        • spudwart@spudwart.comEnglish
          1·
          1 year ago

          enthusiasts become industry professionals.

          And if substantial documentation were the only thing that kept networks from security and absolute anarchy, then all of the internet would be lost.

          It’s not documentation, nor is it absolute knowledge that brings someone to understand a sane amount of security. But also trial and error.

          One of the most important first rules of security is, start testing in applications that pose the least amount of risk.

          If you’re looking into hosting your own DNS server, you’ve already proven you understand a lot more than the average user does about networking in general.

      • IrrerPolterer@lemmy.world
        3·
        1 year ago

        Sure! If you’ve got that pi on all the time. I previously did that and it worked well. My current setup is multiple pi’s though, cause the octo pi is switched off with the printer now…

        • SokathHisEyesOpen@lemmy.mlEnglish
          1·
          1 year ago

          Yes, I leave it running all the time. So do I just install PiHole as a package on the server and then connect to it to configure?

          • IrrerPolterer@lemmy.world
            2·
            1 year ago

            I had it setup using docker at the time. Both pihole and octoprint as individual containers…

            But I assume you should be able to just install and run the package locally on the octopi distro.

  • Monkey With A Shell@lemmy.socdojo.com
    9·
    1 year ago

    Adguard home with a few extra lists and custom rules. Just got the sync tool set up to auto replicate changes from one to another so no more copy/paste to a secondary. Great when I need to restart a VM and don’t want to take out the internet while it reboots.

    Used pihole some while back but the feature list was tiny by comparison, though it was a good while back so probably unfair to compare.

    Also ran with pfBlocker for a while, nice to have it right on the gateway but found it a bit opaque and lacking customization for my needs.

  • voxel@sopuli.xyz
    8·
    1 year ago

    nextds, feels almost like a pihole but unnecessarily crippled in some ways, which don’t really matter to me.

  • toxicyeti@sh.itjust.works
    81·
    1 year ago

    Adguard home for everyone in the house. Externally I just use ublock Origin and Cloudflare’s DoH.

  • railsdev@programming.dev
    6·
    1 year ago

    I roll my own. I created a Docker image that periodically downloads tons of blocklists, smashes them into an Unbound configuration file then runs Unbound with TLS enabled.

    On my iPhone and macOS devices I just connect to the encrypted service using .mobileconfig files to apply it system-wide. My home router also uses it as an upstream server (again with TLS) so all connected clients benefit from it as well.