Serious Discussion AdGuard Home users feedback!

[SerialCart]

A couple of months ago, I switched from NextDNS to Adguard Home.

Overall, I have been really happy with it, although I did have to do some tinkering to make it work with Android devices.

It's a very polished app and offers almost the same features as NextDNS, but is self-hosted!

I wonder what your experience with it is?

 

[Bot]

A couple of months ago, I switched from NextDNS to Adguard Home.

Overall, I have been really happy with it, although I did have to do some tinkering to make it work with Android devices.

It's a very polished app and offers almost the same features as NextDNS, but is self-hosted!

I wonder what your experience with it is?

AdGuard Home is generally well-regarded, especially if you want more control than a hosted DNS service like NextDNS can provide.

What it does well

• Self-hosted, so you control the server, logs, and filtering behavior
• Clean interface and fairly easy day-to-day management
• Good support for custom blocklists, per-client rules, and DNS rewrites
• Works well for home networks when you want network-wide filtering without relying on a third party

Common trade-offs compared with NextDNS

• You are responsible for uptime, maintenance, backups, and updates
• Remote use on mobile devices can take more setup, especially outside your home network
• Privacy depends partly on which upstream DNS resolvers you choose
• Some advanced features available in hosted services may be easier to manage on NextDNS

Android is often the tricky part

That matches what many users report. Android can be awkward because of Private DNS behavior, local network limitations, certificate requirements if you want encrypted DNS, and the need to make sure traffic actually reaches your AdGuard Home instance when away from home.

In general

If someone wants a low-maintenance solution with easy roaming support across devices, NextDNS is often simpler.

If someone prefers local control, customization, and self-hosting, AdGuard Home is a strong option.

So your experience sounds pretty typical: excellent once configured properly, but not always as effortless as a managed service.

 

[Zero Knowledge]

NextDNS is easier to use. Adguard is great and I have a lifetime license but don't use it. NextDNS is just set and forget.

 

[Marko :)]

If you have no problem with self-hosting and know how to set it up, then AdGuard Home is no brainier. However, if you don't want to self-host, want easy to manage solution, redundancy... AdGuard DNS, NextDNS and ControlD are way-to-go.

 

[n8chavez]

I really liked Adguard Home when I used a glinet router. It was very easy to use, yet powerful. I don't a VPN router anymore. The latest supposed wifi 7 router I used from glinet skimped on the CPU and I actually got faster speeds bypassing the router and just using a VPN client straight on my PC. But I liked Adguard home. I would still use it.

 

[Sorrento]

As my primary browser is Wolf which comes with ublock added to the fact I have had numerous issues with Adguard I don't use it at present & did not like the way version 8 was going (I don't want ANY logging) though as I have licenses I will might it a whirl again as I do from time to time, I don't feel its as useful as it once was, it was once essential I feel.

 

[Zero Knowledge]

For $10 for a lifetime license Adguard is worth keeping in reserve. If Adblockers get totally removed & neutered from browsers Adguard, NextDNs & ControlD will essential.

 

[Marko :)]

For $10 for a lifetime license Adguard is worth keeping in reserve. If Adblockers get totally removed & neutered from browsers Adguard, NextDNs & ControlD will essential.

Ad blocking DNS could never replace traditional ad blockers like uBlock Origin. They work well denying requests from servers specifically used for serving ads. Problem comes when the server used for serving ads is also used for serving legit content. Hence the reason why ads on YouTube cannot be blocked just by using DNS servers; ads come from same servers that serve normal videos and DNS doesn't have ability to find and filter out what is an ad and what video.

They are made to be complementary to regular ad blocking extensions; not to be used alone.

 

[SeriousHoax]

AdGuard Home is excellent and easy to use. If you want something more advanced, then check out Technitium DNS Server, which is more powerful with many more features. It is a bit more complex and much bigger in size.

Technitium DNS Server | An Open Source DNS Server For Privacy & Security

Technitium DNS Server is an open source authoritative as well as recursive DNS server that can be used for self hosting a DNS server for privacy & security.

technitium.com

There is also lightweight Blocky, which is a more like AdGuard Home yet has some features of Technitium's.

blocky

blocky Documentation

0xerr0r.github.io

 

[SerialCart]

NextDNS is amazing, however, it's at the same time very very scary!
You are literally giving all your browsing data to a third-party!!!

I am hosting my Adguard Home on a cheap VPS with a static IP, additionally I installed "Unbound" not to use any other upstream server.

Of course there is a huge chance of your server being hijacked for DDOS attacks against other server, so I have implemented many measures. Since then it has been working great.. I just wish it had a better solution for Android devices....

In my opinion - apart from the self-hosting part - Adguard is as easy to use as NextDNS and it almost offers the same featues.

OF COURSE, in addition to Adguard I am using uBlock as well..

uBlock and DNS Blocking are two completely different things and neither replaced the other one. I have set my Adguard-Home's DNS Over TLS in my router and I am blocking many things even before they reach my uBlock... and with uBlock I block the rest (as much as possible of course).

I have 90+ block lists (I KNOW IT'S OVERKILL) ... but I surprisingly I have not had many issues with it..

And for those websites which are not loading and I need, I use Mullvad Browser and Mullvad VPN...

 

[n8chavez]

Wait. It seems some people are confused. Adguard home is not and adblocker, per se. Adguard home is not an extension, nor is it Adguard for Windows. Adguard Home, which what was asked about, is a DNS filtering hosted platform that does not run locally on your system. Please understand the difference before commenting.

 

[FALLEN]

Like others said, it's a good option if you want to use a self-hosted DNS resolver.

I use Control D. Their full control plan combines DNS filtering with built-in traffic redirection. It's very useful for me because I no longer enable VPN on my router nor set up VPN app for my TVs and streaming devices.

 

[Digmor Crusher]

I use it on my phone and really like it.

 

[Marko :)]

NextDNS is amazing, however, it's at the same time very very scary!
You are literally giving all your browsing data to a third-party!!!

I am hosting my Adguard Home on a cheap VPS with a static IP, additionally I installed "Unbound" not to use any other upstream server.

This is how internet works, and no matter what you do, you can't change that. It's just the question which third party you trust the most.

You can install AdGuard Home on VPS server and you can set it not to log any traffic, but this is just AdGuard. Your VPS provider can still hold logs from your server as they have total control over their server.

Of course there is a huge chance of your server being hijacked for DDOS attacks against other server, so I have implemented many measures. Since then it has been working great.. I just wish it had a better solution for Android devices....

What do you mean? Just enter your DoT address to Private DNS setting on Android and it should work. Can't get any simpler than this.
You can also download any DNS app and enter your DoH/DoT/DoQ address in it and use it that way as well.

OF COURSE, in addition to Adguard I am using uBlock as well..

uBlock and DNS Blocking are two completely different things and neither replaced the other one. I have set my Adguard-Home's DNS Over TLS in my router and I am blocking many things even before they reach my uBlock... and with uBlock I block the rest (as much as possible of course).

This is exactly how you achieve maximum ad blocking.

I have 90+ block lists (I KNOW IT'S OVERKILL) ... but I surprisingly I have not had many issues with it..

Just a quick reminder; the more blocklists you use, the slower response time of your DNS resolver gets. There's no point in using multiple blocklists because all of them use each other. Take Hagezi's blocklists for example; it combines various other blocklists and adds some of his own rules.

 

[SerialCart]

Dear @Marko :) , thanks for your feedback...

This is how internet works, and no matter what you do, you can't change that. It's just the question which third party you trust the most.

I agree with you but not completely!
Having your own VPS is way different than using a third-party DNS provider like ControlD or NextDNS.

I am getting my VPS from our mother company which hosts our servers in several largest datacenters in Germany and Austria. If a data center with more than 8 million customers has that much time to come and breach my Adguard home password, and check my browsing data, then first, I must be really an important person, and second I should look for a higher risk model like hosting my server at home or other solutions. But in case of NextDNS and ControlD, you are literally giving your data to a ready-to-use system, which then can be categorized and profiled for marketing and advertisement purposes.

What do you mean? Just enter your DoT address to Private DNS setting on Android and it should work. Can't get any simpler than this.
You can also download any DNS app and enter your DoH/DoT/DoQ address in it and use it that way as well.

Private DNS function in Android does not accept ports or slashes (e.g. domain.com/dns-query).
For this, I had to install NGiNX and add a second subdomain pointing to Adguard. Something like dns.domain.com.

This is not ideal and needs medium to advanced tinkering... and since it goes outside the scope of Adguard app, you will need to maintain it in addition to Adguard itself!

Just a quick reminder; the more blocklists you use, the slower response time of your DNS resolver gets. There's no point in using multiple blocklists because all of them use each other. Take Hagezi's blocklists for example; it combines various other blocklists and adds some of his own rules.

You are right, however, unfortunately I need them all. I am for example blocking majority of the companies and I also have my own custom blocklists.

I must say, so far Adguard and my VPS have been handling it VERY good.. Adguard has done magic with this software!

---

I however, recommend you not to host Adguard home on a VPS with a static public IP address IF you do not have experience with server administration. I am using linux since 10 years ago and have been managing servers since. I installed Adguard in 2 minutes but it took me 2 hours hardening my server.

You can easily install it on a second hand minipc with a weak CPU and ram at home.

 

[Marko :)]

Having your own VPS is way different than using a third-party DNS provider like ControlD or NextDNS.

I am getting my VPS from our mother company which hosts our servers in several largest datacenters in Germany and Austria. If a data center with more than 8 million customers has that much time to come and breach my Adguard home password, and check my browsing data, then first, I must be really an important person, and second I should look for a higher risk model like hosting my server at home or other solutions. But in case of NextDNS and ControlD, you are literally giving your data to a ready-to-use system, which then can be categorized and profiled for marketing and advertisement purposes.

It is, using ControlD or NextDNS has it pros and cons, so does using VPS server from some provider.

They certainly can't breach your AdGuard Home password, it's probably encrypted so they can't get to it. However, you're using the VPS server they physically own. The VPS server is connected to their network which means, if they wanted they have ability to see where requests come and go from your VPS server. So just because you disabled logging in the AdGuard Home, that doesn't mean VPS server provider doesn't log what comes and leaves your VPS server. The logging setting applies only to AdGuard Home software, not the VPS server and this is where people think privacy is guaranteed.

And I agree, they have a lot of customers and chances someone is looking at your traffic are really, really low. But that also applies to NextDNS, ControlD or any other popular service. I'm using free ControlD with Hagezi list on my network, so they have even less data on me.
The main benefit of using NextDNS for example is it's easy to set up for average users, while AdGuard Home on rented VPS you need to know how to set up. Redundancy is also a big one; ControlD, NextDNS, AdGuard DNS and similar providers use anycast network which means if one server goes down, your traffic goes to the next nearest one without any interruptions. When you host AdGuard Home on a rented VPS server, you're limited to it. If server goes down, your DNS goes down as well. That's how it works.

The most ideal scenario would be hosting AdGuard Home at home. All you need is Raspberry Pi and DDNS. But then again, your ISP still sees your traffic flowing from and in your network. The question really only is whom you trust the most.

Private DNS function in Android does not accept ports or slashes (e.g. domain.com/dns-query).
For this, I had to install NGiNX and add a second subdomain pointing to Adguard. Something like dns.domain.com.

This is not ideal and needs medium to advanced tinkering... and since it goes outside the scope of Adguard app, you will need to maintain it in addition to Adguard itself!

It doesn't because it only supports DoT addreses. DoT addresses don't have /dns-query part; just the domain name. DoH on Android is only supported for Cloudflare and Google DNS if I remember correctly. Something about safety, yada, yada, yada.

You don't have to tinker with NGiNX for this. Just install any DNS changer app and add your DoH address there. App will create local VPN connection and transfer all the traffic through the virtual VPN server set up on your device. That's what I did. Even though I'm just testing using DoT with Private DNS feature and it is somewhat faster than DoH.

 

[SerialCart]

@Marko :) Thanks for your reply...

It is, using ControlD or NextDNS has it pros and cons, so does using VPS server from some provider.

They certainly can't breach your AdGuard Home password, it's probably encrypted so they can't get to it. However, you're using the VPS server they physically own. The VPS server is connected to their network which means, if they wanted they have ability to see where requests come and go from your VPS server. So just because you disabled logging in the AdGuard Home, that doesn't mean VPS server provider doesn't log what comes and leaves your VPS server. The logging setting applies only to AdGuard Home software, not the VPS server and this is where people think privacy is guaranteed.

If you encrypt your traffic, basically this will be also very difficult.

My main issue with NextDNS and ControlD is that you are basically connecting your email address and your payment information to your traffic and there is no way around it.

With a VPS it is compeltely different. With the VPN, the biggest challenge is the management of your server and security of your server.

I now remember, to be able to secure the admin section of Adguard, I installed NGiNX so that I forward the login address to a specific port, which I later protect by the the datacenter's firewall. That said, only a few ip addresses are able to access the SSH and Adguard login page.

 

[Marko :)]

No need to thank me, I love well argumented and civil discussions.

If you encrypt your traffic, basically this will be also very difficult.

You can encrypt the traffic in AdGuard software, not in their router. Router, to do its job, still needs to know exact destination to process your requests.

My main issue with NextDNS and ControlD is that you are basically connecting your email address and your payment information to your traffic and there is no way around it.

With a VPS it is compeltely different. With the VPN, the biggest challenge is the management of your server and security of your server.

Isn't that the same case with VPS?

In order to rent one, you need to pay for it. And in order to pay for it, you have to give them your e-mail address, credit card info and in a lot of cases even more data.

 

[rashmi]

@Bot, Most modern Android apps use hardcoded DoHs, proprietary DoHs, and hardcoded IPs to bypass Android's Private DNS or systemwide DNS. Can a service using a local VPN effectively redirect traffic from such apps and embedded browsers? Would it be possible to reroute traffic from these apps and embedded browsers successfully using AdGuard Home?

 

[Bot]

@Bot, Most modern Android apps use hardcoded DoHs, proprietary DoHs, and hardcoded IPs to bypass Android's Private DNS or systemwide DNS. Can a service using a local VPN effectively redirect traffic from such apps and embedded browsers? Would it be possible to reroute traffic from these apps and embedded browsers successfully using AdGuard Home?

It can help in some cases, but not reliably in all cases.

Short answer

A local VPN-based app on Android can often force DNS for apps that still rely on the system resolver or send plain DNS in a way the VPN can intercept.

It usually cannot fully override apps that use:

• Hardcoded DoH or DoT to their own servers
• Certificate-pinned encrypted connections
• Hardcoded IP addresses with no DNS lookup at all
• QUIC or other traffic patterns the app does not specifically block or reroute

So no, AdGuard Home by itself cannot reliably reroute traffic from all such apps and embedded browsers.

Why AdGuard Home is limited here

AdGuard Home is a DNS server and filter. It works only when a device actually sends DNS queries to it.

If an app:

• Uses its own DoH endpoint
• Uses its own resolver inside the app
• Connects directly to hardcoded IPs

then AdGuard Home may never see the relevant DNS request at all.

That is the key limitation. DNS filtering only works when DNS is still part of the path you control.

What a local VPN app can do

A local VPN app on Android can be more effective than plain Private DNS because it can inspect and steer traffic on the device.

Depending on the app, it may be able to:

• Capture normal DNS requests and redirect them to your chosen resolver
• Block access to known third-party DNS endpoints
• Block QUIC/UDP 443 so some apps fall back to HTTPS/TCP, which may be easier to handle
• Apply per-app filtering rules

But there are still limits:

• It is not a guaranteed bypass of app-level encrypted DNS
• It cannot magically decrypt pinned HTTPS traffic
• It cannot replace DNS filtering when the app uses direct IP connections

In practice

For Android, the usual effectiveness order is roughly:

• System DNS or Private DNS: good for normal apps, weak against apps with their own resolver
• Local VPN filtering app: better coverage, but still not universal
• Root-based firewalling or deep packet control: more control, but also more complexity and risk

About embedded browsers

Embedded browsers can be inconsistent because behavior depends on the app and the web component being used.

Some will respect system DNS.

Others may inherit the host app’s networking behavior, including custom DNS handling or direct connections.

So again, success is possible, but not guaranteed.

Best conclusion

If your goal is broad filtering on Android, combining methods is usually more effective:

• AdGuard Home for network-wide DNS filtering
• A reputable local VPN-based blocker on Android for app-level coverage
• A browser content blocker where possible for in-browser ads and scripts

That layered approach is much more realistic than expecting AdGuard Home alone to control every Android app’s traffic.