Since I started migrating most of the services I run from various TrueNAS jails/VMs to the Proxmox instance, I have also set up a WireGuard® server since I find it way easier to set up than OpenVPN for example, and my router’s implementation of WireGuard® is not the finest at this moment. Some earlier benchmarks that I’ve done on my home network, using two identical jails, one for OpenVPN and the other for WireGuard®, the WireGuard® instance could serve at least twice the bandwidth (tested using iperf from another external 1Gbit connection) while using less resources (relatively), and the peering was a bit better.

A while ago I made a post regarding setting up a DNS adblocker on a FreeBSD jail by manually setting up dnsmasq and configuring the forwarding DNS servers, as well as the adlists in hosts1 file format. While it is still a (somewhat) valid instruction set, over the time I found myself in need of an all-in-one solution for handling the update of the adlists, as well as an easier way to whitelist and blocklist various domains.

We all heard about adblocking at DNS level, implemented by services like Pi-hole, or maybe just setting an external custom DNS server like Cloudflare's 1.1.1.1 (fast & more private, not necessarily blocking requests), or Quad9.

These are all great options, but in my opinion they all lack a little bit of something, or provide too much. For example, external, custom DNS servers are good for a quick & easy setup, but you lack the ability of customizing the sources or manually whitelisting or blacklisting domains, and so on. On the other hand, a service like Pi-hole is great, it allows you to set up custom sources, you can whitelist and blacklist custom domains, you can set your own provider for the upstream DNS server, but it kinda requires a Debian-based distro in order to offer an easy setup via their own installer, in order to get the web ui.