DNS Sinkholes and Blocklists

Adguard Home as DNS Middleman Link to heading

Another one of the most common, but immensely useful, selfhosted applications to run is a DNS sinkhole application like Adguard Home or Pihole. Despite its name, Pihole can be run on any VM or as a container and is a very powerful tool. Similarly, Adguard Home is an alternative free and open source network-wide ad and tracker blocking DNS server. The concept is fairly simple, set Pihole or Adguard Home as your network’s primary DNS server and it will re-direct tracking domains and ads to a “black hole” which prevents devices from resolving those domains. Within the application itself, you then setup upstream DNS providers which will conduct DNS resolution for domains that are not blocked.

In my network, I originally ran Pihole within a LXC on Proxmox when I was using PFsense. However, once I switched to OPNsense I configured the [mimugmail repository] from routerperformance.net. Once installed, the AdguardHome web application runs on port 3000 on the same address as your OPNsense firewall. Another nice feature which can be configured is a fairly extensive list of DNS Blocklists which prevent known malicious URLs, Spyware, Scams, and a variety of other “Bad Websites” from resolving in your network.