Reading time: ~12 minutes Audience: Homelabbers wanting a modern, user-friendly DNS ad blocker

What Is AdGuard Home?

Overview

AdGuard Home is a network-wide DNS ad blocker that blocks ads, trackers, and adult content at the DNS level. It is similar to Pi-hole but offers a more modern web UI, better parental controls, native DNS-over-HTTPS (DoH) and DNS-over-TLS (DoT) support, and built-in DHCP server functionality.

Key Benefits

Benefit Detail
Modern UI Clean, responsive web interface with dark mode
Encrypted DNS Native DoH and DoT support without extra containers
Parental controls Block adult sites, enforce safe search, schedule internet access
Query log Fast, filterable log with client identification
Statistics Per-client stats, top queried domains, top blocked domains
Blocking modes Default hosts, NXDOMAIN, Null IP, or custom IP
DNS rewrites Local DNS records (split-horizon DNS)
Upstreams Easy load balancing and fallback DNS resolvers

Prerequisites

Hardware Requirements

  • Any device running Docker or Linux (mini PC, Raspberry Pi, NAS, VM)
  • 256MB RAM minimum (512MB recommended)
  • 100MB storage for the binary + log space

Software Requirements

  • Docker Engine 24.x+ or a Debian 12/Ubuntu 24.04 host
  • Router access to change DNS settings
  • Port 3000 free (for initial setup) and port 53 (for DNS)

Knowledge Prerequisites

  • Basic Docker or Linux commands
  • Router admin panel access
  • DNS concepts

Step 1: Install AdGuard Home with Docker Compose

Objective

Deploy AdGuard Home as a persistent container with proper volumes and network settings.

Step-by-Step Instructions

  1. Create the project directory:
mkdir -p ~/docker/adguardhome && cd ~/docker/adguardhome
mkdir -p workdir confdir
  1. Create docker-compose.yml:
services:
  adguardhome:
    container_name: adguardhome
    image: adguard/adguardhome:latest
    ports:
      - "53:53/tcp"
      - "53:53/udp"
      - "8080:80/tcp"
      - "8443:443/tcp"
      - "3000:3000/tcp"
    volumes:
      - ./workdir:/opt/adguardhome/work
      - ./confdir:/opt/adguardhome/conf
    restart: unless-stopped
    networks:
      - adguard-net

networks:
  adguard-net:
    driver: bridge
  1. Deploy:
docker compose up -d
  1. Complete the initial setup wizard:
  2. Open http://your-server-ip:3000
  3. Set admin username and a strong password
  4. Choose interface and port (keep 0.0.0.0:53 for DNS, 80 for web UI)
  5. Set upstream DNS resolvers (Cloudflare, Quad9, or custom)

  6. Create filters and click “Open Dashboard”

  7. After setup, the web UI moves to port 80:

  8. Access at http://your-server-ip:8080

Step 2: Configure DNS and Upstream Resolvers

Objective

Set up reliable upstream DNS with encryption and fallback options.

Step-by-Step Instructions

  1. Go to Settings → DNS settings
  2. Upstream DNS servers:
# DNS-over-HTTPS (DoH)
https://dns.cloudflare.com/dns-query
https://dns.quad9.net/dns-query

# DNS-over-TLS (DoT)
tls://dns.google

# Plain DNS (fallback)
1.1.1.1
1.0.0.1
  1. Bootstrap DNS servers:
1.1.1.1
1.0.0.1
  1. Rate limiting: 20 requests per second per client
  2. Enable DNSSEC validation
  3. Save and apply

Step 3: Configure DNS Rewrites (Local DNS)

Objective

Point local hostnames to internal IPs so you can access services by name (e.g., http://proxmox.local).

Step-by-Step Instructions

  1. Go to Filters → DNS rewrites
  2. Add entries:
Domain Answer
proxmox.local 192.168.1.10
nas.local 192.168.1.20
pihole.local 192.168.1.30
jellyfin.local 192.168.1.40
  1. Test:
nslookup proxmox.local 192.168.1.10

Step 4: Router Configuration

Objective

Point your entire network to AdGuard Home for DNS.

Step-by-Step Instructions

Option A: Router DHCP (Recommended) 1. Log into your router (192.168.1.1 or 192.168.0.1) 2. Find DHCP Server or LAN Settings 3. Set Primary DNS to AdGuard Home IP (e.g., 192.168.1.10) 4. Secondary DNS: leave blank or use a backup AdGuard instance 5. Save and reboot the router

Option B: AdGuard Home DHCP Server If your router is locked (ISP-provided), let AdGuard Home handle DHCP: 1. Go to Settings → DHCP settings 2. Enable DHCP server 3. Set range: 192.168.1.100 to 192.168.1.200 4. Set gateway: 192.168.1.1 5. Set subnet mask: 255.255.255.0 6. Disable DHCP on your router 7. Renew all client leases

Pro Tips

Tip 1: Enable DNSSEC

In Settings → DNS settings, enable “DNSSEC validation.” This prevents DNS spoofing and ensures domain authenticity.

Tip 2: Use Per-Client Filtering

Go to Settings → Client settings and add clients by IP or MAC. You can assign different filtering rules to kids’ devices vs. adult devices.

Tip 3: Enable Safe Search

In Filters → DNS blocklists, enable the safe search option. This forces Google, Bing, YouTube, and DuckDuckGo to use safe search modes.

Tip 4: Add Custom Filtering Rules

AdGuard Home supports custom rules in AdGuard syntax:

# Block a specific domain
||example.com^

# Block a subdomain
||ads.example.com^

# Allow an exception
@@||safe.example.com^

# Redirect a domain
192.168.1.10 proxmox.local

Tip 5: Backup Your Configuration

# Backup the config directory
cd ~/docker/adguardhome
tar czvf adguard-backup-$(date +%F).tar.gz confdir workdir

# Restore: extract and restart container
tar xzvf adguard-backup-2026-06-05.tar.gz
docker compose restart

Troubleshooting Common Issues

Problem 1: “Dashboard Not Accessible After Setup”

Cause: Port 3000 is only for the initial setup wizard. After configuration, the UI runs on port 80 inside the container (mapped to 8080 on host).

Fix: Access http://your-server-ip:8080 after setup.

Problem 2: “DNS Queries Not Being Blocked”

Cause: Router not using AdGuard Home as DNS, or devices using hardcoded DNS.

Fix: - Check router DNS settings - For devices with hardcoded DNS (some Android TVs, Chromecast), use AdGuard Home’s “force safe search” or block port 53 outbound on your firewall

Problem 3: “Port 53 Already in Use”

Cause: systemd-resolved or another DNS service is bound to port 53.

Fix:

systemctl stop systemd-resolved
systemctl disable systemd-resolved
rm -f /etc/resolv.conf
ln -s /run/systemd/resolve/resolv.conf /etc/resolv.conf

Conclusion

Summary

AdGuard Home is a modern, powerful DNS ad blocker with built-in encrypted DNS, parental controls, and local DNS rewriting. The Docker Compose setup takes under 10 minutes and immediately improves privacy and ad blocking across your entire network.

Next Steps

  1. Compare with Pi-hole to see which fits your style
  2. Set up Unbound as a recursive resolver for complete DNS independence
  3. Monitor your network with Prometheus and Grafana

Affiliate Opportunities

  • Beelink Mini S12 Pro: Mini PC for running AdGuard Home + other services
  • TP-Link Omada router: Router with flexible DNS/DHCP settings

Internal Linking Strategy

  • intropihole-vs-adguard-home for blocker comparison
  • step-2pihole-unbound-dns for recursive DNS setup
  • conclusiondocker-compose-for-beginners for Docker basics

CTA

  • [comment] Are you using AdGuard Home or Pi-hole? Share your filtering stats and favorite blocklists!
  • [newsletter] Subscribe for weekly privacy and DNS setup guides.