This article was first published in the wechat public account “Beauty of Operation and Maintenance”, the public account ID: Hi-Linux.

“Beauty of Operation and maintenance” is a feeling, attitude, dedicated to Linux operation and maintenance related technical articles to share the public account. The public account is dedicated to sharing all kinds of technical articles and publishing the most cutting-edge scientific and technological information for the majority of operation and maintenance workers. The core concept of the official account is: sharing, we believe that only sharing can make our group stronger. If you want to be the first to get the latest technical articles, please follow us!

Mike, the author of the public account, earns 3000 yuan a month as a handyman. Engaged in IT related work for 15+ years, keen on Internet technology field, identify with open source culture, have their own unique insights on operation and maintenance related technology. I am willing to share my accumulated experience, experience and skills with you. Don’t miss the dry goods. If you want to contact me, you can follow the public account for relevant information.

What is AdGuard Home

The AdGuard Home project is an open source DNS Server version of AdGuard, a well-known provider of AD blockers. AdGuard Home blocks ads from tracking domain names and eliminates the need to install any client software. AdGuard Home works by blocking ads on web pages during DNS domain name resolution.

Simply put, AdGuard Home is an open source public DNS service that supports AD filtering and parental control, just like Google’s public DNS service 8.8.8.8. AdGuard Home also supports DNS over TLS and DNS over HTTPS.

The address of the project: https://github.com/AdguardTeam/AdGuardHome

Introduction to the main features of AdGuard Home

  • Block ads everywhere
  • Pay attention to privacy
  • Family Protection model
  • User-defined filtering rules

Before we continue, let’s take a look at AdGuard Home’s powerful demo and admin background.

Install AdGuard Home

Developed using Golang, AdGuard Home is native and cross-platform. It can be deployed on various X86 operating systems, raspberry PI, and even Chunhui NAS with the help of Docker.

Install using a precompiled binary version

Here we are in the Linux system, for example, other systems may refer to the official documentation: https://github.com/AdguardTeam/AdGuardHome/wiki/Getting-Started#installation.

Download and unzip AdGuard Home $wget https://github.com/AdguardTeam/AdGuardHome/releases/download/v0.98.1/AdGuardHome_linux_amd64.tar.gz $tar ZXVF. - Adguardhome_linux_amd64.tar. gz $CD AdGuardHome_linux_amd64 $cp./AdGuardHome /usr/local/bin/#Copy the code

The above method obviously runs in the foreground. There are certainly some disadvantages to foreground running, such as: the current SHELL interrupt will inevitably cause the program to interrupt. If you want to run AdGuard Home consistently over the long term, a good last resort is to run AdGuard Home as a service. Deploying AdGuard Home as a service on any platform is as simple as running the following command.

Launchd is the Launchd service manager for macOS. $ AdGuardHome -s installCopy the code

Once the AdGuard Home service is installed, you can use the following commands to manage it.

$AdGuardHome -s start # Stop AdGuardHome $AdGuardHome -s stop # Restart AdGuardHome $AdGuardHome $AdGuardHome -s status # Uninstall AdGuardHome $AdGuardHome -s uninstallCopy the code

Use Docker to install

If you know anything about Docker, we certainly recommend that you use Docker to install it. While it’s easy to install from a precompiled binary, if you use Docker, you’ll find that it only takes a single command.

$docker pull adGuard/adGuardHome # -v is used to permanently store adGuard Home data files and configuration files, which can be modified as required. $ docker run --name adguardhome -v /home/mike/workdir:/opt/adguardhome/work -v /home/mike/confdir:/opt/adguardhome/conf -p 53:53/tcp -p 53:53/udp -p 67:67/udp -p 68:68/tcp -p 68:68/udp -p 80:80/tcp -p 443:443/tcp -p 853:853/tcp -p 3000:3000/tcp -d adguard/adguardhomeCopy the code

You may notice that there are two instructions on it. Didn’t we say one? Is not found to be cheated, HOW can I cheat you, this is absolutely impossible! In fact, these two instructions, you just need to directly execute the second instruction can complete all installation operations. Here I write separately just to demonstrate the whole operation process of Docker, so that some students who don’t know Docker can understand it more easily. Since the previous verbose so much, here to extend a little bit of the Docker container management operations.

AdGuard Home $docker start AdGuardHome $Docker stop AdGuardHome # Delete AdGuard Home $docker stop AdGuardHome docker rm adguardhomeCopy the code

Using AdGuard Home

Use the default configuration to set up AdGuard Home

After running AdGuard Home, we need to initialize the AdGuard Home by opening http://IP:3000 in our browser. During the initial initialization, you are required to set the service port, account, and password. Remember the password set during the configuration. The password will be used for the next login to the management background.

First, we click “Start configuration” to set the port for the web management interface and DNS service.

Second, after clicking Next, set a user name and password for the AdGuard Home Web page administration interface.

Finally, after clicking Next, AdGuard Home displays a summary of the above configuration.

At this point, the setup using the default configuration of AdGuard Home is complete.

With the default configuration of AdGuard Home set up, we can see the number of DNS queries, websites blocked by filters, client IP addresses for querying DNS requests, and more on the dashboard.

Advanced AdGuard Home configuration

The default configuration of AdGuard Home is relatively simple, but we can optimize the AdGuard Home configuration for stronger AD blocking.

  1. General setup

The default configuration of AdGuard Home only checks the “use filters and Hosts files to block specified domain names” option, You can decide if you want to enable secure Web browsing with AdGuard, Parental control with AdGuard, and Mandatory secure search.

Not only that, you can easily block some of the more popular sites. Of course, these sites are not available to us, so there is no need to set up, ha ha!

  1. Setting the Upstream DNS

AdGuard Home uses Cloudflare’s DNS over HTTPS as its upstream server by default. If you use Cloudflare DNS as upstream DNS in your country, the latency may be high.

We can set it to the domestic public DNS, such as Tencent’s 119.29.29.29, Ali’s 223.5.5.5 and 114.114.114, but the disadvantage is that these domestic public DNS do not support DNS over TLS for the time being.

A compromise solution here is to speed up resolution by enabling the “speed resolution with parallel query by querying all upstream servers at the same time” option to query all upstream DNS at the same time on each query.

  1. The filter

Although AdGuard Home itself has built-in well-known AdGuard and AdAway advertising filtering rules, these rules are obviously a little uncomfortable in China. Fortunately, AdGuard Home is compatible with the Adblock filter syntax. This way, you can easily use some of the well-known Adblock filtering rules, such as EasyList, which is maintained by the Adblock Plus team.

At present, there are many good advertising filtering rules, they are for different purposes. Here are some common ones:

1 EasyList China: the main rules of domestic website advertising filtering.

Link: https://easylist-downloads.adblockplus.org/easylistchina.txt

EasyPrivacy: EasyPrivacy is privacy protection, not to be tracked.

Link: https://easylist-downloads.adblockplus.org/easyprivacy.txt

3. CJX’s leans List: Filter annoying self-promotion, and supplement EasyPrivacy privacy rules.

Link: https://raw.githubusercontent.com/cjx82630/cjxlist/master/cjx-annoyance.txt

4. Advertising purifier rules: support the advertising filtering of most domestic video websites.

Link: http://tools.yiclear.com/ChinaList2.0.txt

I don’t care about cookies. I don’t care about cookies.

Link: https://www.i-dont-care-about-cookies.eu/abp/

In addition to using existing filtering rules, you can also customize filtering rules according to your own requirements. It is also very easy to customize filtering rules.

Here are some syntax instructions for custom filtering rules.

Intercept ^ | | example.org - example.org domain name and all the subdomain @ @ | | example.org example.org ^ - release and any subdomain 127.0.0.1 example.org - will take Example.org (but not its subdomain) resolves to 127.0.0.1. ! This is also a comment symbol, which also means this is a comment line /REGEX/ -- regular expression patternCopy the code

More rules can refer to the official documentation: https://kb.adguard.com/en/general/dns-filtering-syntax

  1. Query log

The AdGuard Home management interface also provides DNS request log query, where we can see the latest 5000 DNS request logs of all devices. You can also use DNS request logs to quickly block and pass a domain name.

  1. Adjust configuration parameters to improve QPS capability

All configuration parameters for AdGuardHome are saved in a configuration file named adGuardhome.yaml. The default configuration file path is usually AdGuard Home AdGuardHome binary file directory, such as: / usr/local/bin/AdGuardHome yaml.

We only need to adjust the following two parameters to significantly improve the QPS capability of AdGuard Home.

  • ratelimit : DDoSProtection, number of packets received per second by the client. The default value is 20. You are advised to disable this parameter (change the value to 0).
  • blockedresponsettl : TTLCache duration. The default value is 10. You are advised to set this parameter to 60.

The full version of the AdGuard Home configuration file is also shown here, so you can explore the use of other parameters on your own. .

Yaml bind_host: 0.0.0.0 bind_port: 80 AUTH_name: Mike Auth_pass: "123456" language: Zh-cn rlimit_nofile: 0 DNS: bind_host: 0.0.0.0 port: 53 protection_enabled: true filtering_enabled: true blocking_mode: nxdomain blocked_response_ttl: 60 querylog_enabled: true ratelimit: 0 ratelimit_whitelist: [] refuse_any: True bootSTRap_dns: -1.1.1.1:53-1.0.0.1:53 all_Servers: true allowed_clients: [] disallowed_clients: [] blocked_hosts: [] parental_block_host: "" safebrowsing_block_host: "" blocked_services: [] parental_sensitivity: 13 parental_enabled: true safesearch_enabled: true safebrowsing_enabled: true resolveraddress: "" rewrites: [] upstream_dns: - https://1.1.1.1/dns-query - https://1.0.0.1/dns-query - 119.29.29.29-223.5.5.5 TLS: enabled: false server_name: "" force_https: false port_https: 443 port_dns_over_tls: 853 certificate_chain: "" private_key: "" filters: - enabled: true url: https://adguardteam.github.io/AdGuardSDNSFilter/Filters/filter.txt name: AdGuard Simplified Domain Names filter id: 1 - enabled: false url: https://adaway.org/hosts.txt name: AdAway id: 2 - enabled: false url: https://hosts-file.net/ad_servers.txt name: hpHosts - Ad and Tracking servers only id: 3 - enabled: false url: https://www.malwaredomainlist.com/hostslist/hosts.txt name: MalwareDomainList.com Hosts List id: 4 - enabled: true url: https://easylist-downloads.adblockplus.org/easylistchina.txt name: EasyList China id: 1569209532 user_rules: - '@@mps.ts' dhcp: enabled: false interface_name: "" gateway_ip: "" subnet_mask: "" range_start: "" range_end: "" lease_duration: 86400 icmp_timeout_msec: 1000 clients: [] log_file: "" verbose: false schema_version: 4Copy the code

Example Set the client DNS

With all of the above Settings in place, the final step, of course, is to change the DNS Settings of all clients to take advantage of AdGuard Home’s powerful de-advertising capabilities.

I really don’t need to write this, I think you should be smart enough to know how to set this. This title is only for document integrity, if you really don’t know how to set it, use a “good” search engine.

conclusion

AdGuard Home supports multiple platforms, including macOS, Windows, Linux, and Raspberry PI, as well as binary and Docker deployments, making installation easy. AdGuard Home’s own powerful and intuitive management and statistics system makes it very easy to use. If you’re going to build your own public DNS that supports unadvertising, AdGuard Home is a great choice to try.

Reference documentation

  1. https://www.google.com
  2. https://zhuanlan.zhihu.com/p/56804257
  3. https://www.xiaoz.me/archives/12318
  4. https://www.yangcs.net/posts/adguard-home/
  5. https://github.com/AdguardTeam/AdGuardHome#getting-started