How ads work with DNS?
Before we block ads and malware, we need to understand how they work through DNS. When you visit a website, your device queries a DNS server to resolve domain names (like diariolibre.com) into IP addresses. However, websites also load third-party ads and trackers that require additional DNS lookups. The screenshots below illustrate this process: first, we see DNS queries sent from a client (10.0.0.162) to a local DNS resolver (10.0.0.1). The nslookup test confirms that diariolibre.com resolves to Amazon AWS IPs, but we also see multiple requests to advertising domains, like securepubads.g.doubleclick.net. By using a DNS sinkhole such as AdGuard Home, we can intercept and block these unwanted queries, preventing ads and trackers from loading across all devices on our network. In this guide, I’ll show you how I set up AdGuard Home on my home server to block ads and malware network-wide.
How AdGuard will block ads?
When you visit a website, your browser makes multiple DNS requests—not just for the main site, but also for third-party resources like advertisements, trackers, and analytics scripts. Normally, the DNS resolver returns the actual IP address of the requested domain, allowing your browser to load the content.
However, with AdGuard Home acting as a DNS sinkhole, things work differently. When our browser requests an ad, instead of the resolver returning the IP address of a known ad domain, it returns 0.0.0.0. Essentially, it doesn’t tell us where the ad was supposed to go—it just throws it into a black hole. :)
Installing AdGuard on home server
Usually, these types of projects are installed on a Raspberry Pi and use alternative DNS sinkholes like Pi-hole. However, in this case, I’ll be using a spare computer to act as my DNS sinkhole.
Step 1: Installing AdGuard Home on Ubuntu Server
I have Ubuntu Server installed on my home server, so I’ll be setting up AdGuard Home on Ubuntu Server 22.04.
If you need help installing Ubuntu Server, you can refer to my other blog section, where I cover the installation process in detail.
After having ubuntu server setup run the following commands
Firs update your list with
sudo apt update
Then copy and paste this command to install adguard home:
curl -s -S -L https://raw.githubusercontent.com/AdguardTeam/AdGuardHome/master/scripts/install.sh | sh -s -- -v
On output, we can see we can access a GUI at port 3000:
Next Steps after Accessing AdGuard Home GUI
After you've successfully accessed your AdGuard Home web interface (usually at http://your-adguard-ip:3000), you should follow these recommended steps to complete the setup:
Step 1: Complete the Initial Setup Wizard
Once logged in, AdGuard Home guides you through an easy setup wizard.
Set your administrator username and strong password.
Choose the network interface AdGuard Home should listen to (typically leave it as default).
Step 2: Configure Your Network to Use AdGuard Home
Now that your AdGuard Home server is set up, direct your devices to use it as their DNS server:
Recommended: Configure at the Router Level
- Access your router's settings.
- Navigate to the DHCP/DNS settings section.
- Enter your Ubuntu server IP address as the primary DNS server.
You need to use your Ubuntu Server's IP address (where AdGuard Home is actually installed and running) instead of the address you might be using to access the GUI, because your network devices rely directly on the server handling DNS queries, not on the GUI interface itself. The AdGuard GUI is simply a web-based administration panel that could be accessed through various network routes or IPs, especially in scenarios involving virtualization or NAT. However, the DNS functionality occurs directly at the server level, precisely at the Ubuntu server hosting AdGuard. Therefore, setting your router's primary DNS to the Ubuntu Server IP ensures all devices on your network forward their DNS requests to the correct location, allowing AdGuard Home to intercept and block ads properly at a network-wide level.
Alternative:
Set the DNS server manually on each individual device. (Not recommended, as it’s more tedious and less efficient.)
Step 3: Add DNS Blocklists (Recommended)
AdGuard Home comes preloaded with a default blocklist. But to maximize ad and malware blocking:
Click Filters → DNS Blocklists.
Click on Add blocklist and use recommended blocklists
Step 4: Add DNS Upstream (Recommended)
AdGuard Home acts as a local DNS server, but it still forwards DNS queries to external servers, known as "upstream DNS servers." By default, DNS queries are unencrypted, meaning your browsing activity could be viewed by ISPs or anyone else monitoring your network. To enhance privacy and security, it's strongly recommended to use encrypted DNS, specifically DNS-over-HTTPS (DoH), which encrypts DNS queries, keeping your browsing activity private and secure.
AdGuard provides a detailed list of recommended secure DNS providers that support DNS-over-HTTPS. Some of the most privacy-oriented and trusted providers on this list include AdGuard DNS, Cloudflare, and Quad9. I recommend using the following:
To configure your secure DNS, log in to your AdGuard Home GUI, navigate to Settings → DNS settings, and go to the "Upstream DNS servers" section. Here, remove any existing default servers and input your preferred DNS-over-HTTPS server endpoint from the recommended list on the image below or from the list URL.
Testing AdGuard adblock capabilities
Now that AdGuard is set as our DNS resolver, let's verify if it's successfully blocking ads and trackers. To confirm AdGuard's functionality, we'll conduct the following tests:
1. Visit a Website Known to Display Ads
We'll use CNET.com for this demonstration, as it's well-known for showing many ads.
Before enabling AdGuard Home (Ads visible):
After enabling AdGuard Home (Ads blocked):
As you can see, the ads on the page are no longer present, indicating that AdGuard Home is effectively blocking ad domains.
2. Running Dedicated Ad-block Tests
To further validate the effectiveness, let's run dedicated tests with specialized tool [superadblocktest]:
Results with AdGuard active:
AdGuard Query Log showing blocked domains:
Using Artem Sherbachuk’s Adblock Test
Conclusion
In this guide, we've successfully set up AdGuard Home as a DNS sinkhole on an Ubuntu server, providing effective ad-blocking and protection against tracking and malicious domains across your entire home network. Feel free to customize your blocklists and DNS rules to further enhance your privacy and security. Happy browsing! 🌐
Top comments (0)