AdGuard Home
Safe Internet
Safe internet usage with AdGuard Home instead of old PeerBlock / PeerGuardian lists.
Beyond IP Blocklists
Older tools such as PeerBlock, PeerGuardian, iplist or ipblock were based mainly on IP blocklists. This approach can still block selected IP ranges, but it is no longer the best general solution for home network protection, ad blocking and tracker blocking.
A more modern and practical solution is AdGuard Home.
AdGuard Home is a network-wide DNS filtering server. It can block ads, trackers, telemetry domains, malware domains and unwanted DNS requests before the client device connects to them.
What AdGuard Home does
- Blocks ads on DNS level
- Blocks tracking domains
- Blocks known malicious domains
- Blocks selected telemetry domains
- Can apply custom blocklists
- Can apply custom allowlists
- Can show DNS query logs
- Can show which client requested which domain
- Can protect the whole LAN when used as the main DNS server
What AdGuard Home does not do
- It does not replace a firewall
- It does not block traffic by packet content
- It does not inspect encrypted HTTPS content
- It does not replace antivirus software
- It does not replace system updates
- It does not replace safe browser habits
- It does not fully protect against phishing if the domain is not blocked
Platforms & Network Design
Why AdGuard Home is useful
AdGuard Home works on the DNS level. When a computer, phone, smart TV or another device asks for a blocked domain, AdGuard Home can refuse the DNS answer. The blocked connection is then usually never created.
This can reduce unwanted advertising, tracking, telemetry and malicious domain access across the whole local network.
The best place to use AdGuard Home is usually one central device in the local network:
- home server
- NAS
- TrueNAS SCALE / TrueNAS Community Edition
- Raspberry Pi
- mini PC
- Linux server
- Docker host
- virtual machine
- container platform
Supported platforms
AdGuard Home can be used on many platforms:
- Linux, Windows, macOS
- Raspberry Pi
- Docker / container platforms
- TrueNAS SCALE / TrueNAS Community Edition Apps
- Proxmox VM or LXC
- NAS / homelab server
- x86 / x64 hardware
- ARM hardware
AdGuard also provides client applications and browser extensions for common end-user platforms: Windows, macOS, Android, iOS, browser extensions.
For whole-network blocking, use AdGuard Home. For protection on one specific device outside your network, use the AdGuard client app or AdGuard DNS configuration.
AdGuard Home on TrueNAS
For current TrueNAS systems, the recommended way is to use TrueNAS SCALE / TrueNAS Community Edition Apps or run AdGuard Home as a container.
TrueNAS SCALE / TrueNAS Community Edition has AdGuard Home available in the Apps catalog as a community application.
For older TrueNAS CORE systems, old plugin-based installation is not recommended for a new setup. TrueNAS CORE plugins are an old/deprecated direction. If you want a clean modern setup, use TrueNAS SCALE / TrueNAS Community Edition Apps, a Docker/container host, or a dedicated VM.
Typical AdGuard Home network design
|
Router / firewall
|
LAN switch / Wi-Fi
|
AdGuard Home DNS server
|
PC, notebook, phone, TV, NAS, IoT devices
The usual setup is simple:
- Install AdGuard Home on one always-running device.
- Give this device a static IP address.
- Set your router DHCP server to give this IP as the DNS server.
- All LAN clients start using AdGuard Home for DNS.
- AdGuard Home filters DNS requests according to selected rules.
Example LAN setup:
AdGuard Home IP: 192.168.1.10
DNS for clients: 192.168.1.10
In the router DHCP settings, set:
Secondary DNS: optional fallback or empty
If you set a public DNS server as secondary DNS, some clients may bypass AdGuard Home. For strict filtering, the router/firewall should force LAN DNS traffic to AdGuard Home or block direct DNS traffic to external servers.
Installation Guides
Basic installation on Linux
Download and install AdGuard Home from the official release package for your operating system.
After unpacking the archive, enter the AdGuardHome directory and install it as a service:
Start, Stop, Restart and Status:
sudo ./AdGuardHome -s stop
sudo ./AdGuardHome -s restart
sudo ./AdGuardHome -s status
After installation, open the setup wizard in a browser:
# Example:
http://192.168.1.10:3000
Docker installation example
Create persistent directories:
sudo mkdir -p /opt/adguardhome/conf
Run AdGuard Home in Docker:
–restart unless-stopped \
-v /opt/adguardhome/work:/opt/adguardhome/work \
-v /opt/adguardhome/conf:/opt/adguardhome/conf \
-p 53:53/tcp \
-p 53:53/udp \
-p 3000:3000/tcp \
-d adguard/adguardhome
Open setup wizard:
# For example:
http://192.168.1.10:3000
For advanced use, AdGuard Home can also expose ports for DNS-over-TLS, DNS-over-HTTPS, DNS-over-QUIC, DNSCrypt or DHCP. Do not expose these ports to the public internet unless you know exactly what you are doing.
Important ports
53/udp DNS
3000/tcp Initial setup web interface
80/tcp Web interface or DNS-over-HTTPS, depending on configuration
443/tcp HTTPS / DNS-over-HTTPS
853/tcp DNS-over-TLS
853/udp DNS-over-QUIC
67/udp DHCP server, only if AdGuard Home is used as DHCP
68/udp DHCP client/server related traffic
For a normal home network, the most important ports are:
53/udp
3000/tcp during initial setup
TrueNAS SCALE / Community Edition installation idea
In TrueNAS Apps:
Available Applications
Search: AdGuard Home
Install
Set storage for configuration and working data
Set network ports
Start the application
Recommended TrueNAS notes:
- Use a static IP address for the NAS or for the app.
- Make sure port 53 is not already used by another DNS service.
- Keep AdGuard Home configuration on persistent storage.
- Do not expose the admin interface directly to the internet.
- Use a strong admin password.
- After setup, point router DHCP DNS to the AdGuard Home IP.
Router, Blocklists & Local DNS
Using AdGuard Home with a router
The best method is to configure the router DHCP server to advertise AdGuard Home as the DNS server.
Example router DHCP DNS setting:
If the router supports firewall rules, it is also useful to block or redirect direct DNS traffic from clients to outside DNS servers. This prevents devices from bypassing AdGuard Home by using public DNS servers directly.
Useful firewall idea:
Block LAN clients from using external DNS directly.
Optionally redirect all LAN DNS traffic to AdGuard Home.
This is especially useful for devices such as smart TVs, IoT devices and mobile applications that may try to use their own DNS servers.
AdGuard Home blocklists
AdGuard Home can use multiple DNS blocklists. Start with a reasonable default list and do not activate too many lists blindly. Too many blocklists can cause false positives and break websites, applications, banking, streaming services or device updates.
Recommended approach:
- Start with the default AdGuard DNS filter.
- Add one or two trusted privacy/security lists.
- Watch the query log.
- If something breaks, use the allowlist.
- Avoid adding random huge lists without checking their quality.
Common custom filter examples
Block a domain:
Allow a domain:
Block a specific hostname:
Redirect a local hostname:
AdGuard Home as local DNS
AdGuard Home can also be useful for local names.
Examples:
nas.local -> 192.168.1.2
server.local -> 192.168.1.10
printer.local -> 192.168.1.50
This makes home network administration easier because you do not need to remember every IP address.
Security & Upstream DNS
Security recommendations
- Do not expose AdGuard Home admin interface to the public internet.
- Use a strong admin password.
- Keep AdGuard Home updated.
- Keep the host OS updated.
- Use firewall rules on the server.
- Use router firewall rules for DNS enforcement if needed.
- Do not enable public open DNS resolver behavior.
- Use encrypted upstream DNS only if you understand the privacy and trust model.
- Backup AdGuard Home configuration.
Recommended upstream DNS examples
You can use your ISP DNS, router DNS, or public DNS resolvers. Examples of public resolvers:
Quad9: 9.9.9.9 / 149.112.112.112
Google: 8.8.8.8 / 8.8.4.4
For better privacy, AdGuard Home can also use encrypted upstream DNS such as DNS-over-HTTPS or DNS-over-TLS.
Choose the upstream resolver according to your trust preference, location, latency and privacy expectations.
Difference between old PeerBlock style and AdGuard Home
– IP blocklist based
– blocks selected IP ranges
– older approach
– can be noisy and inaccurate
– may block legitimate networks
– not ideal for modern HTTPS and CDN-based internet
– DNS filtering based
– blocks domains before connection
– network-wide protection
– useful logs and statistics
– easier to manage
– works well with routers, NAS and homelab servers
– modern solution for ads, trackers and telemetry domains
The best practical setup is not only AdGuard Home alone, but a combination:
+
AdGuard Home DNS filtering
+
regular OS updates
+
safe browser habits
+
good password and account security
+
backup strategy
Final Summary & Commands
AdGuard Home is a modern replacement for the old idea of using PeerBlock-style IP blocklists as the main protection layer. It is not a firewall, but it is an excellent DNS filtering solution for a home network, NAS, Raspberry Pi, Linux server, Docker host or TrueNAS SCALE installation.
For best results, run AdGuard Home on an always-on device, set it as the DNS server in your router DHCP configuration, and combine it with a real firewall on the router or server.
Quick command summary
sudo ./AdGuardHome -s install
Start:
sudo ./AdGuardHome -s start
Stop:
sudo ./AdGuardHome -s stop
Restart:
sudo ./AdGuardHome -s restart
Status:
sudo ./AdGuardHome -s status
Docker:
docker run –name adguardhome \
–restart unless-stopped \
-v /opt/adguardhome/work:/opt/adguardhome/work \
-v /opt/adguardhome/conf:/opt/adguardhome/conf \
-p 53:53/tcp \
-p 53:53/udp \
-p 3000:3000/tcp \
-d adguard/adguardhome