A while ago I made a post regarding setting up a DNS adblocker on a FreeBSD jail by manually setting up
and configuring the forwarding DNS servers, as well as the adlists in
hosts1 file format. While it is still a
(somewhat) valid instruction set, over the time I found myself in need of an all-in-one solution for handling the
update of the adlists, as well as an easier way to whitelist and blocklist various domains.
Since I wanted to remove some of this overhead, I looked into one of the self-hosted alternatives, namely AdGuard Home. The huge advantages over Pi-Hole® in my case (ymmv) are:
- single binary instead of a suite of packages
- available as a FreeBSD port,
- way better and friendlier web UI
- possibility of using DNS-over-TLS, DNS-over-HTTPS, and DNSCrypt upstream servers
- load balancing or parallel requests
- predefined blocklists available by ticking a couple checkboxes
- automatic adlists update
Cons of the port:
- it doesn’t create a directory for the configuration and data (for example
/usr/local/etc/adguardhome), therefore your AGH config and data will reside next to the binary (
- the rc.d script doesn’t define an option for a custom config file or path
…and possibly a couple more pros and cons that I forgot right now, however you can see which one of them outshines the other.
One more issue I encountered in the past was that whenever my NAS was down for maintenance for example, pretty much everything stopped working since the DNS was unreachable (mostly because the EdgeRouter X that I’m using at the moment does not know how to do DNS forwarding failover). Since my setup at this time consists in a Proxmox VE machine and two TrueNAS Core machines, I decided to set up an AdGuardHome jail on each of my NASes for redundancy, both of them configured the same.
After setting both of them in the DNS forwarding config in the ER-X, I see a 2:1 ratio in requests to the first
dnsmasq). For example, this is how one of my instances' stats look like.
man 5 hosts↩︎