Pi-hole is a bloated mess compared to this IMO. At the end of the day pi-hole is still just a fork of dnsmasq with a load of scripts and a bootstrap gui whacked on top. You need to add on extra bits and pieces to get anything like modern tech whereas AGH has https gui, multi-user support, DoH/DoT/dnscrypt/etc, toggles for quick blocks, access to a 'realtime' blocklist for emergent threats all baked in. It's also a single self-updating binary with a single config file instead of spraying bits all over your OS. Runs on pretty much anything you can think of, too.
pi-hole was great back in the day but unless you're just keeping on keeping on with an existing install there's better options available now.. AdGuard Home, Blocky, Technitium DNS etc.
I often compare pi-hole to DD-WRT inasmuch as it was awesome back in the day but times have changed and you probably wouldn't use it as first choice these days given what else is now available to you.
I keep both on my network running on two different raspberry pis.
AdGuard Home is a lot cleaner to use. In particular it makes it much easier to control routing for queries by domain and supports forwarding over DNS over TLS, DoH, and DoQ natively. SSL support is a breeze. This means that my ISP can see the IP addresses of hosts but not their domain names unless they get aggressive with snooping. The single binary and clean configuration is nice.
PiHole seems to have a better landing page for analytics out of the box. It also works a little better for configuration for some devices.
I’ll likely retire PiHole in favor of AdGuard Home the next time the SD card dies on that Pi.
My preferred configuration is using some fairly invasive scripts to redirect all outbound DNS except to NextDNS. I’ve got blocklists for DoH hosts because I can’t just block port 443. AdGuard then routes to one of two different backends: for local domains it routes to CoreDNS that gets the hosts from my UDM-Pro to give everything nice hostnames. Everything else goes out via DNS over TLS to NextDNS. On PiHole it’s a little more complicated as it can’t directly forward with DNS over TLS.
It’s amazing how many semi-hostile devices this found on my network (looking at you Samsung TV and devices that hard code in Google’s DNS). It also reminds me of how terrible the internet is when I don’t have these protections.
rjgonza|3 years ago
Ocha|3 years ago
zfa|3 years ago
pi-hole was great back in the day but unless you're just keeping on keeping on with an existing install there's better options available now.. AdGuard Home, Blocky, Technitium DNS etc.
I often compare pi-hole to DD-WRT inasmuch as it was awesome back in the day but times have changed and you probably wouldn't use it as first choice these days given what else is now available to you.
pridkett|3 years ago
AdGuard Home is a lot cleaner to use. In particular it makes it much easier to control routing for queries by domain and supports forwarding over DNS over TLS, DoH, and DoQ natively. SSL support is a breeze. This means that my ISP can see the IP addresses of hosts but not their domain names unless they get aggressive with snooping. The single binary and clean configuration is nice.
PiHole seems to have a better landing page for analytics out of the box. It also works a little better for configuration for some devices.
I’ll likely retire PiHole in favor of AdGuard Home the next time the SD card dies on that Pi.
My preferred configuration is using some fairly invasive scripts to redirect all outbound DNS except to NextDNS. I’ve got blocklists for DoH hosts because I can’t just block port 443. AdGuard then routes to one of two different backends: for local domains it routes to CoreDNS that gets the hosts from my UDM-Pro to give everything nice hostnames. Everything else goes out via DNS over TLS to NextDNS. On PiHole it’s a little more complicated as it can’t directly forward with DNS over TLS.
It’s amazing how many semi-hostile devices this found on my network (looking at you Samsung TV and devices that hard code in Google’s DNS). It also reminds me of how terrible the internet is when I don’t have these protections.
vanillax|3 years ago
simooooo|3 years ago