AdGuardHome in Debian (DNS server with Adblock)

Sometimes you want a DNS Server with Adblock function

Sometimes, you might not want to use Proxy, you might want to use a custom DNS Server only. Or, you want to filter Ad after you connected to VPN

Use case: Currently, HK government is asking ISP to block sites with DNS poisoning (adding a DNS record pointing target site to blackhole). Adding a private DNS as 1.1.1.1 in mobile phone (or PC) already fixed the problem. But you can also create a DNS server with Ad block function to reduce some data traffic.

1. Install AdGuardHome with root permission

sudo -i

Check the latest release of AdGuard Home, current release is v0.107.21 when I write this guide, then download and install

apt install wget -y
wget https://github.com/AdguardTeam/AdGuardHome/releases/download/v0.107.21/AdGuardHome_linux_amd64.tar.gz
tar xvf AdGuardHome_linux_amd64.tar.gz
cd AdGuardHome
./AdGuardHome -s install

2. Adding cron job to restart AdGuard Server everynight (case if acem updated cert)

crontab -e

add following

0 4 * * * /bin/systemctl restart AdGuardHome

3. Adding access to port 3000, 8443 and 853 in firewall

This setup depends on the VPS you use Note: I usually won't share port 53, you may share if you want

Name: adguard Priority: 1 Direction of traffic: Ingress Action on match: Allow Target: All instances in the Network Source IP range: 0.0.0.0/0 Specified protocols and ports: TCP: 3000,8443,853

4. Basic setup of AdGuardHome

Access the AdGuardHome setting page with browser

http://a.bname.com:3000

There is only one page need to setup (Admin Web Interface: 3000), and the password page

5. Setup Upstream server of AGH

Go the Settings->DNS Settings, Setup Upstream DNS as follow: my case only use Cloudflare, Google. You can use 1.1.1.1 and 8.8.8.8 instead, but I don't like using port 53 for some reasons

tls://dns.google
tls://1dot1dot1dot1.cloudflare-dns.com

Apply Setting

6. Setup Blocklist of AGH

Go to Filters->DNS blocklists and add your blocklists The Block Lists I'm Using:

AdGuard DNS filter
https://adguardteam.github.io/AdGuardSDNSFilter/Filters/filter.txt

AdAway Default Blocklist
https://adaway.org/hosts.txt

Dan Pollock's List
https://someonewhocares.org/hosts/zero/hosts

NoCoin Filter List
https://raw.githubusercontent.com/hoshsadiq/adblock-nocoin-list/master/hosts.txt

CHN: anti-AD
https://anti-ad.net/easylist.txt

NeoHost-Basic
https://cdn.jsdelivr.net/gh/neoFelhz/neohosts@gh-pages/basic/hosts.txt

CoinBlocker
https://zerodot1.gitlab.io/CoinBlockerLists/hosts

StevenBlack
https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts

Yoyo List
https://pgl.yoyo.org/adservers/serverlist.php?hostformat=hosts&showintro=0&mimetype=plaintext

Content Farm Terminator
https://danny0838.github.io/content-farm-terminator/files/blocklist/content-farms.txt

Content Farm Terminator - Fake News
https://danny0838.github.io/content-farm-terminator/files/blocklist/fake-news.txt

Content Farm Terminator - Scam
https://danny0838.github.io/content-farm-terminator/files/blocklist/scam-sites.txt

EasyPrivacy
https://easylist-downloads.adblockplus.org/easyprivacy.txt

CJX's Annoyance List
https://raw.githubusercontent.com/cjx82630/cjxlist/master/cjx-annoyance.txt

ABP filters
https://easylist-downloads.adblockplus.org/abp-filters-anti-cv.txt

Easylist-ChinaList
https://easylist-downloads.adblockplus.org/easylistchina.txt

7. Setup Encrypted access (Settings->Encryption settings)

Enable Encryption (checked) Server name: a.bname.com Redirect to HTTPS automatically (checked) HTTPS port: 8443 Certificates: /usr/local/etc/xray/fullchain.crt Private key: /usr/local/etc/xray/privkey.key

8. Setup Finished

For Android, you can add Private DNS as a.bname.com For Windows, since I don't (and not recommended to) open port 53, we need to change Windows setting to allow DoH: reference link

PreviousTips for upload own website with WinSCP NextWireGuard Server in Debian

Last updated 2 years ago

Was this helpful?