AdGuardHome in Debian (DNS server with Adblock)

Sometimes you want a DNS Server with Adblock function

Sometimes, you might not want to use Proxy, you might want to use a custom DNS Server only. Or, you want to filter Ad after you connected to VPN

Use case: Currently, HK government is asking ISP to block sites with DNS poisoning (adding a DNS record pointing target site to blackhole). Adding a private DNS as 1.1.1.1 in mobile phone (or PC) already fixed the problem. But you can also create a DNS server with Ad block function to reduce some data traffic.

1. Install AdGuardHome with root permission

sudo -i

Check the latest release of AdGuard Home, current release is v0.107.21 when I write this guide, then download and install

apt install wget -y
wget https://github.com/AdguardTeam/AdGuardHome/releases/download/v0.107.21/AdGuardHome_linux_amd64.tar.gz
tar xvf AdGuardHome_linux_amd64.tar.gz
cd AdGuardHome
./AdGuardHome -s install

2. Adding cron job to restart AdGuard Server everynight (case if acem updated cert)

crontab -e

add following

0 4 * * * /bin/systemctl restart AdGuardHome

3. Adding access to port 3000, 8443 and 853 in firewall

This setup depends on the VPS you use Note: I usually won't share port 53, you may share if you want

Name: adguard Priority: 1 Direction of traffic: Ingress Action on match: Allow Target: All instances in the Network Source IP range: 0.0.0.0/0 Specified protocols and ports: TCP: 3000,8443,853

4. Basic setup of AdGuardHome

Access the AdGuardHome setting page with browser

http://a.bname.com:3000

There is only one page need to setup (Admin Web Interface: 3000), and the password page

5. Setup Upstream server of AGH

Go the Settings->DNS Settings, Setup Upstream DNS as follow: my case only use Cloudflare, Google. You can use 1.1.1.1 and 8.8.8.8 instead, but I don't like using port 53 for some reasons

tls://dns.google
tls://1dot1dot1dot1.cloudflare-dns.com

Apply Setting

6. Setup Blocklist of AGH

Go to Filters->DNS blocklists and add your blocklists The Block Lists I'm Using:

AdGuard DNS filter
https://adguardteam.github.io/AdGuardSDNSFilter/Filters/filter.txt

AdAway Default Blocklist
https://adaway.org/hosts.txt

Dan Pollock's List
https://someonewhocares.org/hosts/zero/hosts

NoCoin Filter List
https://raw.githubusercontent.com/hoshsadiq/adblock-nocoin-list/master/hosts.txt

CHN: anti-AD
https://anti-ad.net/easylist.txt

NeoHost-Basic
https://cdn.jsdelivr.net/gh/neoFelhz/neohosts@gh-pages/basic/hosts.txt

CoinBlocker
https://zerodot1.gitlab.io/CoinBlockerLists/hosts

StevenBlack
https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts

Yoyo List
https://pgl.yoyo.org/adservers/serverlist.php?hostformat=hosts&showintro=0&mimetype=plaintext

Content Farm Terminator
https://danny0838.github.io/content-farm-terminator/files/blocklist/content-farms.txt

Content Farm Terminator - Fake News
https://danny0838.github.io/content-farm-terminator/files/blocklist/fake-news.txt

Content Farm Terminator - Scam
https://danny0838.github.io/content-farm-terminator/files/blocklist/scam-sites.txt

EasyPrivacy
https://easylist-downloads.adblockplus.org/easyprivacy.txt

CJX's Annoyance List
https://raw.githubusercontent.com/cjx82630/cjxlist/master/cjx-annoyance.txt

ABP filters
https://easylist-downloads.adblockplus.org/abp-filters-anti-cv.txt

Easylist-ChinaList
https://easylist-downloads.adblockplus.org/easylistchina.txt

7. Setup Encrypted access (Settings->Encryption settings)

Enable Encryption (checked) Server name: a.bname.com Redirect to HTTPS automatically (checked) HTTPS port: 8443 Certificates: /usr/local/etc/xray/fullchain.crt Private key: /usr/local/etc/xray/privkey.key

8. Setup Finished

For Android, you can add Private DNS as a.bname.com For Windows, since I don't (and not recommended to) open port 53, we need to change Windows setting to allow DoH: reference link

PreviousTips for upload own website with WinSCP NextWireGuard Server in Debian

Last updated 3 years ago

hashtag1. Install AdGuardHome with root permission

hashtag2. Adding cron job to restart AdGuard Server everynight (case if acem updated cert)

hashtag3. Adding access to port 3000, 8443 and 853 in firewall

hashtag4. Basic setup of AdGuardHome

hashtag5. Setup Upstream server of AGH

hashtag6. Setup Blocklist of AGH

hashtag7. Setup Encrypted access (Settings->Encryption settings)

hashtag8. Setup Finished