So I’ve been a pihole user for a long long time…but seeing the advancements in AdGuard Home and some of the nicer UI facets, I was interested in giving it a try. I also have an active directory domain that I need to manage as well.

So, prior to recently, I had routed all DNS requests thought the AD DCs, and their upstream resolver was PiHole, and then Pihole routed to its internal install of cloudflared with DNS over HTTPS to the cloudflare DNS services.

More recently, I changed my DNS services in DNS to point directly to pihole, managed my local dns records in pihole and then used conditional forwarding to my AD DCs for local DNS resolution. The biggest benefit I saw in this adjustment is that I can identify what hosts are making what requests.

More recently than that, I brought Adguard Home into the environment and am using it as a secondary DNS server. I ended up taking it out of the mix for the moment. My thought process was having one DNS server on each of my active VM hosts just in case…but managing internal DNS records in adguard home is a bit of a pain in the ass, and there is no way to import in bulk.

So, the questions, 1) do you just use one or the other… pihole, vs adguard home… 2) do you use multiple dns servers or just a single one upstream…3) whats your preferred method of internal dns management in conjunction w/ pihole/adguard home?

  • cmnybo@discuss.tchncs.deEnglish
    2·
    11 months ago

    I use Unbound as a DNS resolver and pfBlockerNG for ad blocking. My firewall blocks external DNS, DoH, & DoT servers except for dns.adguard-dns.com, which I use on my phone.

    • pea_gravel@alien.topBEnglish
      1·
      11 months ago

      Wait, is your unbound querying the root servers directly? Aren’t services that use cdn having their performance affected ?

    • zingbat@alien.topBEnglish
      1·
      11 months ago

      Same. Although I really wish Pihole supported wildcard domains in local DNS. I haven’t quite figured out how to add wildcard domain with unbound.

      • king_hreidmar@alien.topBEnglish
        1·
        11 months ago

        If you use helm charts this is really easy!! The one I use from mojo exposes this in the helm chart / config.

      • Terroractly@alien.topBEnglish
        1·
        11 months ago

        It does, but you have to tinker a bit more than usual. Because pihole uses dnsmasq, you can modify the dnsmasq configuration file to allow for wildcard subdomains. Unfortunately, while this will be picked up by pihole, you can view or modify it through their Web interface, so it’s much less convenient.

  • sarkyscouser@alien.topBEnglish
    2·
    11 months ago

    I use nextdns as I can use that when mobile but if you want a local solution adguard home has DOH/DOT built in and a nicer interface than pihole IMHO

  • WetFishing@alien.topBEnglish
    1·
    11 months ago

    I stopped using pihole years ago because it didn’t support wildcards. Technitium DNS server is fantastic. The dev is super responsive and keeps things updated.

    • CrustyBatchOfNature@alien.topBEnglish
      1·
      11 months ago

      Another vote for Technitium DNS. I used PiHole then Adguard Home and Technitium is much better for me. I actually run two of them so I never have more than one down outside of power outages. One on my Pi and one on my server that runs my Docker containers for my other services.

      • Luigi311@alien.topBEnglish
        1·
        11 months ago

        My biggest issue with pihole is that you can’t really sync between multiple servers natively. Does technetium support this?

        • CrustyBatchOfNature@alien.topBEnglish
          1·
          11 months ago

          I know others pointed to it a way to partly do this, but I wanted to just say that I don’t replicate mine on purpose at this point. The one running on my Pi updates automatically and the other one does not. That allows me to test new releases on one DNS without borking my whole setup. Then I update the other manually once I know the Pi is working fine.

    • Jonteponte71@alien.topBEnglish
      1·
      11 months ago

      I think that was the longest feature list I have ever seen! 😁This looks more complete then any of the other popular ones. Do you agree?

  • RuffKez@alien.topBEnglish
    1·
    11 months ago

    Adguard Home with Unbound. And Unbound uses root.hints file to resolve

    Edit: I use Hagezi Pro, Oisd.nl as blocklists as the are very well maintained

  • jimmyhoke@alien.topBEnglish
    1·
    11 months ago

    I have a rather complex setup. I have a PiHole that is accessible over a VPN, but I only route DNS traffic over the VPN.

  • Dhrystone@infosec.pubEnglish
    1·
    11 months ago

    I use NextDNS on occasion. I used to use pihole a while back during the “Covid years” but something it was blocking royally screwed up my kid’s Google Classroom submitted schoolwork, he was turning in empty assignments and we thought it was his fault but it wasn’t. Had to apologize to multiple schoolteachers and vowed never to use that piece of shit software again.

  • Kltpzyxmm@alien.topBEnglish
    1·
    11 months ago

    Client >> Pinole >> unbound but gonna take a look at Adguard now reading this thread.

  • thewcc@alien.topBEnglish
    1·
    11 months ago

    I use Adguard. I dumped pi-hole a long time ago and never looked back.

    • MyTechAccount90210@alien.topOPBEnglish
      1·
      11 months ago

      I get it…it’s awesome. Just took a second to wrap my head around some of the nuances that I needed for my environment. But hellz yea, works great. I wish the dashboard had automatic ajax refreshing though.

    • t3abagger@alien.topBEnglish
      1·
      11 months ago

      I dumped Pi-hole for Adguard and two technitium dns servers. Personally, I found /r/pihole community toxic. Adguard is also way easier to back up and replicate since the config file is a single yaml file.

      • kumbaya_03802@alien.topBEnglish
        1·
        11 months ago

        Also dumped Pi-hole & moved to AGH over a year now. It’s easier to set up. Encrypted DNS (DoT, DoH, DoQ, etc.) supported with no added install. On Pi-hole I have to install Cloudflared for DoH. AGH also has a large number of blocklists to choose from on DNS blocklists setting. You don’t have to Google search for it like that of Pi-hole. Adding a blocklist is as simple as clicking on the check box & checking for updates. On Pi-hole you have to go through a couple of steps (gui >tools>update gravity). AGH software update also is very simple. An update notice will show up on top if there’s a new update & you just need to click it to update. On Pi-hole you have to login via SSH & issue a pihole -up command to update.

      • ripnetuk@alien.topBEnglish
        1·
        11 months ago

        I moved away from pihole because every time I had a fiddle, I bought down the DNS of my whole house, resulting in lots of stressed children :) the solution I switched to is against the ethos of this sub, but it’s good and worth the cost.

  • adamshand@alien.topBEnglish
    1·
    11 months ago

    I use AGH on both of my servers at home and sync them with adguardhome-sync.

    They are the DHCP assigned DNS servers for everyone who lives with us and all the services I run.

  • zfa@alien.topBEnglish
    1·
    11 months ago

    AGH with upstream lookups over DoH, and adblock list from oisd.nl.

    Split-brain topology to give internal IP in preference to public IPs for my selfhosted services, and selective routing of a defined set of domains to a geo-unblocking service so I can access things like BBC iplayer etc. from my home network.