So I’ve been a pihole user for a long long time…but seeing the advancements in AdGuard Home and some of the nicer UI facets, I was interested in giving it a try. I also have an active directory domain that I need to manage as well.
So, prior to recently, I had routed all DNS requests thought the AD DCs, and their upstream resolver was PiHole, and then Pihole routed to its internal install of cloudflared with DNS over HTTPS to the cloudflare DNS services.
More recently, I changed my DNS services in DNS to point directly to pihole, managed my local dns records in pihole and then used conditional forwarding to my AD DCs for local DNS resolution. The biggest benefit I saw in this adjustment is that I can identify what hosts are making what requests.
More recently than that, I brought Adguard Home into the environment and am using it as a secondary DNS server. I ended up taking it out of the mix for the moment. My thought process was having one DNS server on each of my active VM hosts just in case…but managing internal DNS records in adguard home is a bit of a pain in the ass, and there is no way to import in bulk.
So, the questions, 1) do you just use one or the other… pihole, vs adguard home… 2) do you use multiple dns servers or just a single one upstream…3) whats your preferred method of internal dns management in conjunction w/ pihole/adguard home?
Pinhole+unbound
for my home network, i use adguard in combination with my opnsense for dns.upstreams, if it needs to leave my network, are the usual suspects: google, cloudflare, and quad9 - selected based on performance
for my servers/domains i used to just be a regular BIND user, editing the zonefiles manually when needed… but i have since switched my dns over to cloudflare because “easy and no maintenance”
(i might be one of the weird ducks in this sub: i still do my mailserver myself, but outsourced my dns to cloudflare…)
though, to be honest, there are quite a few additional reasons i did the cloudflare move:
- the use of their cdn
- hiding the actual server IPs
- using their zero trust
Straight into Pihole with Cloudflare upstream
I use AGH on both of my servers at home and sync them with adguardhome-sync.
They are the DHCP assigned DNS servers for everyone who lives with us and all the services I run.
I use NextDNS on occasion. I used to use pihole a while back during the “Covid years” but something it was blocking royally screwed up my kid’s Google Classroom submitted schoolwork, he was turning in empty assignments and we thought it was his fault but it wasn’t. Had to apologize to multiple schoolteachers and vowed never to use that piece of shit software again.
Client >> Pinole >> unbound but gonna take a look at Adguard now reading this thread.
I use technitium as the primary server, with a pair of backup servers running bind9.
The backup servers do zone-transfers from the primary.
I’ve been using PiHole for years but just switched to NextDNS. Mainly because I use DNS to filter adult sites for my kids. NextDNS works regardless of the network they are on. I used to block YouTube etc at night but if we’re are on holiday they get no filter.
I switched to AD Guard (at home) now as I can configure DNS over TLS for devices that only support regular DNS. So for example my kids TV talks to AD Guard and then AD Guard looks at the MAC address and sends it down a specific DNS over TLS address. So that TV gets the filters of my kids NextDNS profile.
AGH with upstream lookups over DoH, and adblock list from oisd.nl.
Split-brain topology to give internal IP in preference to public IPs for my selfhosted services, and selective routing of a defined set of domains to a geo-unblocking service so I can access things like BBC iplayer etc. from my home network.
deleted by creator
