So I’ve been a pihole user for a long long time…but seeing the advancements in AdGuard Home and some of the nicer UI facets, I was interested in giving it a try. I also have an active directory domain that I need to manage as well.

So, prior to recently, I had routed all DNS requests thought the AD DCs, and their upstream resolver was PiHole, and then Pihole routed to its internal install of cloudflared with DNS over HTTPS to the cloudflare DNS services.

More recently, I changed my DNS services in DNS to point directly to pihole, managed my local dns records in pihole and then used conditional forwarding to my AD DCs for local DNS resolution. The biggest benefit I saw in this adjustment is that I can identify what hosts are making what requests.

More recently than that, I brought Adguard Home into the environment and am using it as a secondary DNS server. I ended up taking it out of the mix for the moment. My thought process was having one DNS server on each of my active VM hosts just in case…but managing internal DNS records in adguard home is a bit of a pain in the ass, and there is no way to import in bulk.

So, the questions, 1) do you just use one or the other… pihole, vs adguard home… 2) do you use multiple dns servers or just a single one upstream…3) whats your preferred method of internal dns management in conjunction w/ pihole/adguard home?

  • sarkyscouser@alien.topB
    link
    fedilink
    English
    arrow-up
    2
    ·
    1 year ago

    I use nextdns as I can use that when mobile but if you want a local solution adguard home has DOH/DOT built in and a nicer interface than pihole IMHO

    • zingbat@alien.topB
      link
      fedilink
      English
      arrow-up
      1
      ·
      1 year ago

      Same. Although I really wish Pihole supported wildcard domains in local DNS. I haven’t quite figured out how to add wildcard domain with unbound.

      • Terroractly@alien.topB
        link
        fedilink
        English
        arrow-up
        1
        ·
        1 year ago

        It does, but you have to tinker a bit more than usual. Because pihole uses dnsmasq, you can modify the dnsmasq configuration file to allow for wildcard subdomains. Unfortunately, while this will be picked up by pihole, you can view or modify it through their Web interface, so it’s much less convenient.

      • king_hreidmar@alien.topB
        link
        fedilink
        English
        arrow-up
        1
        ·
        1 year ago

        If you use helm charts this is really easy!! The one I use from mojo exposes this in the helm chart / config.

    • pea_gravel@alien.topB
      link
      fedilink
      English
      arrow-up
      1
      ·
      1 year ago

      Wait, is your unbound querying the root servers directly? Aren’t services that use cdn having their performance affected ?

  • cmnybo
    link
    fedilink
    English
    arrow-up
    2
    ·
    1 year ago

    I use Unbound as a DNS resolver and pfBlockerNG for ad blocking. My firewall blocks external DNS, DoH, & DoT servers except for dns.adguard-dns.com, which I use on my phone.

  • king_hreidmar@alien.topB
    link
    fedilink
    English
    arrow-up
    1
    ·
    1 year ago

    I run 2 pihole containers on my k8s cluster. They serve up DNS to the rest of my network. This is extremely easy as I can just use helm to launch the pihole containers into two different namespaces using 2 different site specific files. Then I use teleport to keep them in sync when I change something, which is seldom. I run 2 because DNS is important and I like automated patching / reboots. This requires I have redundant services.

  • mjh2901@alien.topB
    link
    fedilink
    English
    arrow-up
    1
    ·
    1 year ago

    I have two piholes setup as full recursive dns servers (unbound) DHCP is handled by TP link Omada and the piholes are the two dns servers. The top of the DNS chain is cloudflare 1.1.1.1

  • wiseguy9317@alien.topB
    link
    fedilink
    English
    arrow-up
    1
    ·
    1 year ago

    2 instances of Adguard Home (VM and Raspberry PI with adguard sync) using DOH upstream servers (currently Cloudflare, Quad 9, and Mullvad). Works like a champ, have not touched it in over a year.

  • HTTP_404_NotFound@alien.topB
    link
    fedilink
    English
    arrow-up
    1
    ·
    1 year ago

    I use technitium as the primary server, with a pair of backup servers running bind9.

    The backup servers do zone-transfers from the primary.

  • Kltpzyxmm@alien.topB
    link
    fedilink
    English
    arrow-up
    1
    ·
    1 year ago

    Client >> Pinole >> unbound but gonna take a look at Adguard now reading this thread.

  • Swarfega@lemm.ee
    link
    fedilink
    English
    arrow-up
    1
    ·
    edit-2
    1 year ago

    I’ve been using PiHole for years but just switched to NextDNS. Mainly because I use DNS to filter adult sites for my kids. NextDNS works regardless of the network they are on. I used to block YouTube etc at night but if we’re are on holiday they get no filter.

    I switched to AD Guard (at home) now as I can configure DNS over TLS for devices that only support regular DNS. So for example my kids TV talks to AD Guard and then AD Guard looks at the MAC address and sends it down a specific DNS over TLS address. So that TV gets the filters of my kids NextDNS profile.

  • sdR-h0m13@alien.topB
    link
    fedilink
    English
    arrow-up
    1
    ·
    1 year ago

    Clients (LAN or VPN) -> PiHole -> DNScrypt-proxy. All hosted on a RPi3 B+. So all my DNS requests are passing through my ISP encrypted.