🛡️ Setup AdGuard Home — Network-Wide Ad Blocker
Deploy AdGuard Home as a network-wide DNS server that blocks ads, trackers, and malware for every device on your network — no client software needed.
📦 Resources & Setup Scripts
Grab the automated bash script from GitHub to follow along.
Quick Install:
wget https://raw.githubusercontent.com/mhmdali94/Docker/main/networking/adguardhome/adguardhome-ubuntu.sh
chmod +x adguardhome-ubuntu.sh
sudo bash adguardhome-ubuntu.shTutorial Steps
1 Download & Run the Script
The script installs Docker, pulls the AdGuard Home image, and starts the DNS and web UI. Port 53 is configured for DNS queries.
wget https://raw.githubusercontent.com/mhmdali94/Docker/main/networking/adguardhome/adguardhome-ubuntu.sh
chmod +x adguardhome-ubuntu.sh
sudo bash adguardhome-ubuntu.sh2 Run Initial Setup
Open your browser and navigate to the setup wizard. Choose your admin UI port and DNS port, then create an admin account:
http://YOUR-SERVER-IP:30003 Configure Blocklists
In the Dashboard, go to Filters → DNS Blocklists. Add popular lists like AdGuard DNS filter or EasyList. Enable or disable individual rules as needed.
4 Point Devices to Your DNS
Set your router's DNS server to your server's IP address so all network devices use AdGuard Home automatically. Alternatively, configure DNS per device manually.
Ports Used
| Port | Protocol | Purpose |
|---|---|---|
| 53 | TCP/UDP | DNS Queries |
| 80 | TCP | Admin Web UI (HTTP) |
| 443 | TCP | Admin Web UI (HTTPS) |
| 3000 | TCP | Initial Setup Wizard |
Files Location
/root/docker/adguardhome/docker-compose.ymlOverview
AdGuard Home is a network-wide ad and tracker blocking DNS server that you run on your own hardware. Once configured as the DNS server for your router, every device on your network — phones, TVs, smart devices — gets ad filtering automatically with no client-side software required.
Why Use It
AdGuard Home provides network-wide ad and tracker blocking at the DNS level without requiring browser extensions or client-side software on any device. Because it intercepts DNS queries, it blocks ads on devices that cannot run extensions — smart TVs, gaming consoles, IoT devices, and mobile apps. Beyond ad blocking, it offers parental control categories, custom DNS rewrites for internal services, and per-client query history for network visibility. The setup wizard runs in minutes and takes effect across your entire network the moment you update your router's DNS.
When You Need It
Who Should Use It
Real Use Cases
Main Features
How to Use After Installation
Security Best Practices
Ports and Firewall Notes
AdGuard Home uses port 53 (UDP and TCP) for standard DNS queries from devices on your network — this port must be open on the server's local interface. Port 3000 (TCP) is the admin web UI during initial setup — restrict this to your local network. Ports 80 and 443 are optional, used if you configure AdGuard Home to serve DoH on its own HTTPS listener. If your server also runs systemd-resolved, disable its stub listener on port 53 before starting AdGuard Home.
Backup and Maintenance
Common Mistakes
Troubleshooting
Alternatives
Pi-hole is the most comparable alternative — also a DNS sinkhole with a web UI, but based on dnsmasq and historically requiring Raspberry Pi hardware (though it runs on any Linux). AdGuard Home is written in Go, uses less RAM, has DoH/DoT built in without plugins, and has a more modern UI. Technitium DNS Server is a more full-featured DNS server with ad blocking that also supports authoritative zones for complex lab setups. Blocky is a lightweight Go-based DNS blocker with YAML configuration designed for containerized environments. For cloud-managed filtering, NextDNS and Cloudflare Gateway provide similar functionality as managed services.
When Not to Use It
If you need a full authoritative DNS server with zone management, delegation, and DNSSEC signing, a proper DNS server like BIND or PowerDNS is more appropriate. For pure performance in high-query-per-second environments, a dedicated resolver like Unbound scales better. If your network is too small to justify a server — a single user or two devices — browser extensions like uBlock Origin are simpler. If your router already supports DNS filtering (e.g. pfSense with pfBlockerNG), adding a separate server may be redundant.
Need Help Setting Up AdGuard Home?
PrismaTechWork provides end-to-end infrastructure services — from initial deployment and security hardening to ongoing monitoring, automated backups, and dedicated support. Whether you need a single-server setup or a multi-site network, our team ensures your infrastructure is built right, secured properly, and maintained reliably.
Frequently Asked Questions
What is the difference between AdGuard Home and Pi-hole?
Both are self-hosted DNS sinkholes that block ads network-wide. Key differences: AdGuard Home is written in Go with DoH/DoT support built in and a more modern dashboard; Pi-hole is based on dnsmasq, requires plugins for DoH/DoT, and has a larger community with more third-party integrations. AdGuard Home uses less RAM and is easier to install on minimal systems. Pi-hole has a longer track record and more extensive blocklist community. Both are excellent — the choice often comes down to personal preference.
Will AdGuard Home slow down my internet?
No — it typically makes browsing faster. AdGuard Home caches DNS responses, so repeated lookups for the same domains resolve instantly from local memory. By blocking ad domains, pages load with fewer DNS lookups and fewer external requests. The DNS query overhead for non-blocked domains is under 1ms on local hardware. On a Raspberry Pi 4 or any modern server, AdGuard Home handles thousands of queries per second without any noticeable impact on browsing speed.
Can AdGuard Home block YouTube ads?
No, not reliably. YouTube serves ads from the same domains as its video content — blocking those domains would break YouTube entirely. DNS-level ad blocking cannot distinguish between a video request and an ad request to the same domain. For YouTube ad blocking you need a browser extension like uBlock Origin or a specialized app like SmartTube on Android TV. AdGuard Home is effective for traditional banner ads, tracker pixels, and telemetry — not video ad injection.
How do I add custom domain names for my home services?
Use DNS Rewrites under Filters > DNS Rewrites. Add a new rewrite entry with the domain name (e.g. plex.home) and the IP address it should resolve to (e.g. 192.168.1.10). Click Save. Any device using AdGuard Home as DNS will now resolve that name to your specified IP. You can also use wildcard rewrites like *.home to create a whole subdomain zone pointing to one IP.
Can I whitelist specific websites or domains?
Yes. Go to Filters > DNS Allowlists and add the domain you want to always allow. You can also whitelist directly from the Query Log by clicking the Allow button next to any blocked entry. Allowlist rules take precedence over blocklists. For per-client exceptions, use Client Settings under Settings > Client Settings to assign different filtering rules per device.
Does AdGuard Home work with IPv6?
Yes. AdGuard Home listens on both IPv4 and IPv6 interfaces. To ensure all device queries go through AdGuard Home on IPv6, configure your router's DHCPv6 to push your server's IPv6 address as the DNS server. Devices that use IPv6 DNS without being redirected through AdGuard Home will bypass filtering. Check the listening addresses in AdGuard Home's settings to confirm it is bound to your server's IPv6 address.
How do I update AdGuard Home to the latest version?
AdGuard Home has a built-in update mechanism. Go to Settings > Update and click Update if a new version is available. Alternatively, run the install script again — it detects an existing installation and updates it. For manual updates: stop the service, download the new binary from GitHub, replace the existing binary, and start the service. Always back up AdGuardHome.yaml before updating in case the new version changes the config format.
Can I run AdGuard Home in Docker?
Yes. The official Docker image is adguard/adguardhome. Use network_mode: host or map ports 53/udp, 53/tcp, and 3000/tcp explicitly. With host networking, the container uses the host's network stack directly which simplifies DNS binding. The Prisma setup script installs AdGuard Home as a native service rather than Docker for better port 53 binding compatibility, but Docker works well for those who prefer containerization.