# AdGuardHome in Debian (DNS server with Adblock)

Sometimes, you might not want to use Proxy, you might want to use a custom DNS Server only. Or, you want to filter Ad after you connected to VPN

Use case: Currently, HK government is asking ISP to block sites with DNS poisoning (adding a DNS record pointing target site to blackhole). Adding a private DNS as 1.1.1.1 in mobile phone (or PC) already fixed the problem. But you can also create a DNS server with Ad block function to reduce some data traffic.

### 1. Install AdGuardHome with root permission

```bash
sudo -i
```

Check the latest release of [AdGuard Home](https://github.com/AdguardTeam/AdGuardHome/releases), current release is [v0.107.21](https://github.com/AdguardTeam/AdGuardHome/releases/tag/v0.107.21) when I write this guide, then download and install

```bash
apt install wget -y
wget https://github.com/AdguardTeam/AdGuardHome/releases/download/v0.107.21/AdGuardHome_linux_amd64.tar.gz
tar xvf AdGuardHome_linux_amd64.tar.gz
cd AdGuardHome
./AdGuardHome -s install
```

### 2. Adding cron job to restart AdGuard Server everynight (case if acem updated cert)

```
crontab -e
```

add following 

```
0 4 * * * /bin/systemctl restart AdGuardHome
```

### 3. Adding access to port 3000, 8443 and 853  in firewall

This setup depends on the VPS you use\
Note: I usually won't share port 53, you may share if you want

Name: adguard\
Priority: 1\
Direction of traffic: Ingress\
Action on match: Allow\
Target: All instances in the Network\
Source IP range: 0.0.0.0/0\
Specified protocols and ports: TCP: 3000,8443,853

### 4. Basic setup of AdGuardHome

Access the AdGuardHome setting page with browser

```
http://a.bname.com:3000
```

There is only one page need to setup (Admin Web Interface: 3000), and the password page

![](https://3913672348-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-MaOn0EOAEuL8_fS0f7A%2F-Mda2YwfExfBW5_TrQpx%2F-MdaC6yprfnv1wbnVCoq%2Fadg1.jpg?alt=media\&token=056340ae-9986-4e9c-a316-71043e4878f1)

### 5. Setup Upstream server of AGH

Go the Settings->DNS Settings, Setup Upstream DNS as follow: my case only use Cloudflare, Google.\
You can use 1.1.1.1 and 8.8.8.8 instead, but I don't like using port 53 for some reasons

```
tls://dns.google
tls://1dot1dot1dot1.cloudflare-dns.com
```

Apply Setting

### 6. Setup Blocklist of AGH

Go to Filters->DNS blocklists and add your blocklists\
The Block Lists I'm Using:

```
AdGuard DNS filter
https://adguardteam.github.io/AdGuardSDNSFilter/Filters/filter.txt

AdAway Default Blocklist
https://adaway.org/hosts.txt

Dan Pollock's List
https://someonewhocares.org/hosts/zero/hosts

NoCoin Filter List
https://raw.githubusercontent.com/hoshsadiq/adblock-nocoin-list/master/hosts.txt

CHN: anti-AD
https://anti-ad.net/easylist.txt

NeoHost-Basic
https://cdn.jsdelivr.net/gh/neoFelhz/neohosts@gh-pages/basic/hosts.txt

CoinBlocker
https://zerodot1.gitlab.io/CoinBlockerLists/hosts

StevenBlack
https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts

Yoyo List
https://pgl.yoyo.org/adservers/serverlist.php?hostformat=hosts&showintro=0&mimetype=plaintext

Content Farm Terminator
https://danny0838.github.io/content-farm-terminator/files/blocklist/content-farms.txt

Content Farm Terminator - Fake News
https://danny0838.github.io/content-farm-terminator/files/blocklist/fake-news.txt

Content Farm Terminator - Scam
https://danny0838.github.io/content-farm-terminator/files/blocklist/scam-sites.txt

EasyPrivacy
https://easylist-downloads.adblockplus.org/easyprivacy.txt

CJX's Annoyance List
https://raw.githubusercontent.com/cjx82630/cjxlist/master/cjx-annoyance.txt

ABP filters
https://easylist-downloads.adblockplus.org/abp-filters-anti-cv.txt

Easylist-ChinaList
https://easylist-downloads.adblockplus.org/easylistchina.txt
```

### 7. Setup Encrypted access (Settings->Encryption settings)

Enable Encryption (checked)\
Server name: a.bname.com\
Redirect to HTTPS automatically (checked)\
HTTPS port: 8443\
Certificates: /usr/local/etc/xray/fullchain.crt\
Private key: /usr/local/etc/xray/privkey.key

### 8. Setup Finished

For Android, you can add Private DNS as a.bname.com\
For Windows, since I don't (and not recommended to) open port 53, we need to change Windows setting to allow DoH: [reference link](http://woshub.com/enable-dns-over-https-windows)

<br>


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://intro.bunchtam.com/dns-server-with-ad-block-adguard-home.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.