I use Pi-Hole and works great. I’ve heard about AdGuard and seems the same thing as PiHole, but you have to install an app/extension. Everyone in this community recommend NextDNS. Whats the difference between them?

  • narc0tic_bird@lemm.ee
    link
    fedilink
    arrow-up
    20
    arrow-down
    2
    ·
    1 year ago

    All kind of achieve the same thing, but in different ways.

    Pi-Hole is the completely free way of doing ad and tracker blocking at the DNS level. Free as in free beer and free as in free speech.

    AdGuard is free as in free beer but not as in free speech.

    Both solutions mentioned above have to be self-hosted.

    NextDNS is a managed service for which you have to pay a (very small) monthly fee for. The advantage is that - once setup - it pretty much just works (exception being custom updates to filter lists, but that applies to the other two as well). What’s cool about that is that it’s reachable from outside your local network, so you can use it on your phone or whatever even when you’re not at home (they offer apps and profiles for easy setup). You can expose your Pi-Hole/AdGuard DNS to the outside world, but this has some caveats and probably higher latency/worse availability.

    Opinions differ when it comes to privacy, but I’d say they (NextDNS) are trustworthy/not selling your data as this doesn’t seem to be their business model. Obviously, with Pi-Hole you don’t have to trust anyone (except the code authors unless you study the code yourself), so when in doubt Pi-Hole wins in this regard.

    Be careful when setting up either of these as the default DNS service in your home network, especially when other users are in your network, as the default configuration of either of these will break some websites, services and apps to stop working and you (the admin) would have to handle the errors your users are getting by adding exceptions and/or different filters. The good news is that there are more conservative filter settings available that will still block most ads and trackers while being way less likely to break anything.

      • narc0tic_bird@lemm.ee
        link
        fedilink
        arrow-up
        7
        ·
        1 year ago

        Free beer is freeware, but it can be closed source.

        Free speech is freeware that’s also open source with a permissive license, so you can create an opinionated version of it.

  • citizen@sh.itjust.works
    link
    fedilink
    arrow-up
    18
    arrow-down
    1
    ·
    edit-2
    1 year ago

    Pihole is most popular among self holsters. It has nice GUI, it’s capable and its solid. It’s basic in sense of DNS features. You need to use config files to customize from terminal and even then it’s limited.

    Adguard in my experience has more advanced blocking features. DNS also allows you little more flexibility like wildcard records. You can have separate config for different clients (like guest/kids network blocking)

    NextDNS is SaaS only. It has most advanced blocking features but free account only gets you limited queries monthly. You can choose to keep your logs on specific servers or not to keep at all… from privacy perspective it’s arguably worse because you have to trust another company but it’s a good middle ground. Self hosted still needs upstream DNS but it could be tunneled through VPN which would anonymize traffic. NextDNS is upstream dns and it can’t distinguish internal network source.

    I would throw zenarmor to the mix. Paid home license costs 10$/month and allows 3 different profiles. It is more advanced as it sniffs all network packets and not only DNS. It’s not replacing dns. It has great reports/dashboards.

    For best DNS capabilities I would recommend technicium. It’s free. You have gui, dns blocking and full DNS capability with some advanced plugins. It’s not as fancy for dashboards like pihole or Adguard.

    You would use combination of solutions and nextDNS could be your upstream if you don’t mind paying them. If privacy is your thing you want to have more generic upstream that everyone uses like quad9.

  • Vexz@kbin.social
    link
    fedilink
    arrow-up
    14
    arrow-down
    1
    ·
    1 year ago

    I use Pi-Hole and works great. I’ve heard about AdGuard and seems the same thing as PiHole

    Only if you’re talking about AdGuard Home, then yes. When you talk about AdGuard you usually just mean the adblocker app which is something completely different.

    I used all three of them. While AdGuard Home has some nice features that Pi-hole doesn’t, it in my experience has much more problems and has been unstable on some updates. So since you prefer stability for your DNS server I’d recommend Pi-hole over AdGuard Home.
    NextDNS doesn’t need to be self-hosted because it’s a service on the internet. The disadvantage is that you are offered a list of blocklists from which you can choose but unlike Pi-hole or AdGuard Home you cannot add more lists. But they offer many lists so that’s not a big problem. If you need more than 300k queries a month you need to pay for their service. But since NextDNS is a service on the internet it means that you can use it on all of your devices no matter where you are.

    • DigitalDilemma@lemmy.ml
      link
      fedilink
      arrow-up
      4
      ·
      1 year ago

      Strange we’ve had differing experiences. I’ve only been using Adguard for a couple of months, but the reason I left Pihol was because of its instability! Or at least, the database would constantly get chowned elsewhere when running in docker so I couldn’t whitelist any domains.

      Adguard’s been 100% stable so far for me.

      • Vexz@kbin.social
        link
        fedilink
        arrow-up
        3
        ·
        1 year ago

        As long as it works fine for you I’m glad. :)
        If you’re interested here are my three bad experiences with AGH:

        • The “use AdGuard browsing security web service” option made all DNS queries so slow after a week to the point where nothing was resolved anymore. (That was 2 years ago, maybe fixed now)
        • They removed some library with an update which caused a panic when booting AGH so it wouldn’t start anymore. That library was needed to use the DoH encryption of one of my upstream DNS servers. I had to remove that one from my config.
        • The next update didn’t fix this issue but added another one: A few hours of running this version ( I don’t remember the version number) the AGH service suddenly crashed. I started it again but 5 minutes later it would crash again. That was the point where I stopped using AGH because it didn’t feel reliable anymore and updates only made it worse.
    • Glareascum@lemmy.ml
      link
      fedilink
      arrow-up
      3
      ·
      1 year ago

      I currently selfhost AdGuard Home and it works very efficiently. I added custom lists plus personal filters, and as a plus, I exposed the DoT on the web, so I can use the device I “authorized” no matter where I am. Big plus for me

  • Tippon@lemmy.dbzer0.com
    link
    fedilink
    English
    arrow-up
    3
    ·
    1 year ago

    Just to clarify, you don’t need to install an app or extension to use AdGuard, you can just use its dns servers. I use their own dns for my phone, so that it works everywhere, but I use my self hosted AdGuard instance at home.

    I haven’t needed to change anything in the filters yet, but by self hosting, I’ve got the option if it’s ever needed.

    • jlow (he/him)@beehaw.org
      link
      fedilink
      arrow-up
      1
      ·
      1 year ago

      Ah, Portmaster. I tried to use this about three times over the past years but I find it extremely complicated and unituitive. Might be just me, though.

      I can see the appeal of blocking stuff on network level with Adguard/Pihole (though I’ve never succeeded implementing them into my home network), so you just have to install it once and not on every device but you’re argument that it doesn’t work on the road is obvie true.

    • Vexz@kbin.social
      link
      fedilink
      arrow-up
      1
      ·
      1 year ago

      Maybe because that’s just a firewall that can be installed on Windows, Debian/Ubuntu and Fedora. What about your mobile devices? This is where Pi-hole, AGH, NextDNS etc. win.

        • Vexz@kbin.social
          link
          fedilink
          arrow-up
          1
          ·
          1 year ago

          Read the whole sentence. That “just” belongs to the fact that it’s only available on a few selected OSes and none of them are for mobile devices.

        • Vexz@kbin.social
          link
          fedilink
          arrow-up
          0
          ·
          1 year ago

          … any app can bypass easily your DHCP DNS provided…

          In my network it can only do that if the app has a hardcoded encrypted DNS server because I use NAT rules to force all unencrypted DNS to be processed by my OPNsense (which uses NextDNS as upstream DNS servers). And I highly doubt many apps even have a hardcoded DNS server anyway (no matter if unencrypted or encrypted).

          and as I said, I don’t install any weird app on my phone, I just use it as a phone, to communicate, chat and to download podcasts to listen on night.

          That’s your personal use case but not everyone elses. I do much more with my phone. For example browsing. And I think most people do it too. Anyway, as long as you use mobile internet even your OS on your phone could spy on you with tracker domains. Most people don’t use a custom ROM so you’re just one of few people who this doesn’t apply to.

          While you just win at your local home network… xD

          Wrong. I use NextDNS so I have it everywhere. ;)

            • Vexz@kbin.social
              link
              fedilink
              arrow-up
              1
              ·
              1 year ago

              and I was talking about Pi-Hole

              Well, you said “you” so I thought you were talking about me since you replied to my comment.

              Firefox and Telegram for example has built-in DNS if I’m not wrong. (you can disable it easily)

              Right. I don’t know about Telegram but in Firefoxes case I think it’s disabled by default. I specifically checked that on my Firefox so it won’t bypass my OPNsense.

              We are sharing our use cases. And my context was “I don’t understand why people even talks about Pi-Hole”

              You don’t see it, do you? First you talk about your use case but then you talk about other people. So not your use case anymore. In their use case a Pi-hole, AdGuard Home, NextDNS or whatever else maybe makes sense and isn’t a bad choice.

              EDIT: Also, I think using your phone for other things is wrong, they aren’t really designed for that, they aren’t that secure as a PC can be.

              Erm… what?? Smartphones are designed for many different things. Browsing the internet is just one of many things it’s made for. It’s called “smartphone” for a reason.

        • tuhriel@infosec.pub
          link
          fedilink
          arrow-up
          0
          ·
          1 year ago

          It can’t bypass my network DNS if only my DNS server is allowed to send out via port 53.

          It’s really fun to see how some devices are completely panicking. (I only have some chromecast music devices which do not need any internet) Anyway, I do hate that there are manufacturers who hardcode a dns into MY devices.

          For the time I’m outside my network I do have a VPN which allows me to acces my pi-hole from outside (I never felt that the speed or latency is especially low)

          There are even routers which allow you to re-route specific ports to specific devices. So, even if the device wants 8.8.8.8 the firewall would reroute it to my dns server

          If you want a privacy friendly option that works from in/and outside your network without all the hassle above I can also recommend proton VPN which also procides tracker and ad blocking.

  • meseek #2982@lemmy.ca
    link
    fedilink
    arrow-up
    0
    arrow-down
    12
    ·
    edit-2
    1 year ago

    Adguard is a VPN. And does what essentially Mullvad does by sending ads or malware or anything they have marked malicious into a void. Pi-hole works very similarly.

    NextDNS works similarly by funnelling all your requests through their DNS which has been set up to remove some of the bad stuff out there. Cloudflare (1.1.1.1) also has a similar service (though they just stick to malware): https://avoidthehack.com/best-dns-privacy