So I’ve been a pihole user for a long long time…but seeing the advancements in AdGuard Home and some of the nicer UI facets, I was interested in giving it a try. I also have an active directory domain that I need to manage as well.
So, prior to recently, I had routed all DNS requests thought the AD DCs, and their upstream resolver was PiHole, and then Pihole routed to its internal install of cloudflared with DNS over HTTPS to the cloudflare DNS services.
More recently, I changed my DNS services in DNS to point directly to pihole, managed my local dns records in pihole and then used conditional forwarding to my AD DCs for local DNS resolution. The biggest benefit I saw in this adjustment is that I can identify what hosts are making what requests.
More recently than that, I brought Adguard Home into the environment and am using it as a secondary DNS server. I ended up taking it out of the mix for the moment. My thought process was having one DNS server on each of my active VM hosts just in case…but managing internal DNS records in adguard home is a bit of a pain in the ass, and there is no way to import in bulk.
So, the questions, 1) do you just use one or the other… pihole, vs adguard home… 2) do you use multiple dns servers or just a single one upstream…3) whats your preferred method of internal dns management in conjunction w/ pihole/adguard home?
You must log in or register to comment.
Opnsense Unbound
Me three.
clients>pihole>unbound
Same. Although I really wish Pihole supported wildcard domains in local DNS. I haven’t quite figured out how to add wildcard domain with unbound.
If you use helm charts this is really easy!! The one I use from mojo exposes this in the helm chart / config.
It does, but you have to tinker a bit more than usual. Because pihole uses dnsmasq, you can modify the dnsmasq configuration file to allow for wildcard subdomains. Unfortunately, while this will be picked up by pihole, you can view or modify it through their Web interface, so it’s much less convenient.
Wait, is your unbound querying the root servers directly? Aren’t services that use cdn having their performance affected ?
Not that I’ve noticed
This!
I use Unbound as a DNS resolver and pfBlockerNG for ad blocking. My firewall blocks external DNS, DoH, & DoT servers except for
dns.adguard-dns.com, which I use on my phone.Pinhole+unbound
I use nextdns as I can use that when mobile but if you want a local solution adguard home has DOH/DOT built in and a nicer interface than pihole IMHO
Clients (LAN or VPN) -> PiHole -> DNScrypt-proxy. All hosted on a RPi3 B+. So all my DNS requests are passing through my ISP encrypted.
I run 2 pihole containers on my k8s cluster. They serve up DNS to the rest of my network. This is extremely easy as I can just use helm to launch the pihole containers into two different namespaces using 2 different site specific files. Then I use teleport to keep them in sync when I change something, which is seldom. I run 2 because DNS is important and I like automated patching / reboots. This requires I have redundant services.
Clients -> dnsmasq -> PiHole -> Unbound
for my home network, i use adguard in combination with my opnsense for dns.upstreams, if it needs to leave my network, are the usual suspects: google, cloudflare, and quad9 - selected based on performance
for my servers/domains i used to just be a regular BIND user, editing the zonefiles manually when needed… but i have since switched my dns over to cloudflare because “easy and no maintenance”
(i might be one of the weird ducks in this sub: i still do my mailserver myself, but outsourced my dns to cloudflare…)
though, to be honest, there are quite a few additional reasons i did the cloudflare move:
- the use of their cdn
- hiding the actual server IPs
- using their zero trust
I was using two instances of Pihole, one on a Pi and one via WSL on my Win10 host. Unfortunately my Win10 host no longer works, it’s randomly stopped and I haven’t had the time to try and fix it. I’ve got backups of the config luckily, but to be honest if I can do a more friendly local install with Adguard I’m probably going to give that a go on windows instead. Never tried it but I’m willing to give it a shot if it means it’s not going to break. My Pi install has been bulletproof so far and kept my network running whilst my Windows install has been broken.
Clients>Bind>pihole>unbound
deleted by creator
I use AGH on both of my servers at home and sync them with adguardhome-sync.
They are the DHCP assigned DNS servers for everyone who lives with us and all the services I run.
I use Adguard. I dumped pi-hole a long time ago and never looked back.
I get it…it’s awesome. Just took a second to wrap my head around some of the nuances that I needed for my environment. But hellz yea, works great. I wish the dashboard had automatic ajax refreshing though.
ugh. this is my sign, but I’m not happy about it
If one rando/shill says something sucks you bail out? Hmm.
What made you move away from Pi-Hole?
I moved away from pihole because every time I had a fiddle, I bought down the DNS of my whole house, resulting in lots of stressed children :) the solution I switched to is against the ethos of this sub, but it’s good and worth the cost.
Also dumped Pi-hole & moved to AGH over a year now. It’s easier to set up. Encrypted DNS (DoT, DoH, DoQ, etc.) supported with no added install. On Pi-hole I have to install Cloudflared for DoH. AGH also has a large number of blocklists to choose from on DNS blocklists setting. You don’t have to Google search for it like that of Pi-hole. Adding a blocklist is as simple as clicking on the check box & checking for updates. On Pi-hole you have to go through a couple of steps (gui >tools>update gravity). AGH software update also is very simple. An update notice will show up on top if there’s a new update & you just need to click it to update. On Pi-hole you have to login via SSH & issue a pihole -up command to update.
What was your reasoning for dumping pi-hole?
I dumped Pi-hole for Adguard and two technitium dns servers. Personally, I found /r/pihole community toxic. Adguard is also way easier to back up and replicate since the config file is a single yaml file.
Straight into Pihole with Cloudflare upstream
