So I’m a bit new to the homenetworking and homelab situation but I have a Unifi DM-SE as my router and I’m trying to establish the best way to block ads at home and away.
So I am currently primarily using either extensions or content blocking apps on my devices to block ads but I’ve been looking into DNS based solutions lately.
I’ve looked into setting up PiHole and it looks pretty simple to do and I have a dedicated small computer with Proxmox that I use for things like Homebridge, Scrypted and I think could set it up easily on there. But it looks like it only works at home. A lot of people say you can set up a VPN but I’d rather not have to turn on and off my VPN on my phone whenever I leave home.
I also looked into Next DNS which seems also pretty easy to setup, but I couldn’t tell if it’s better to set this up per device or network wide via my router.
There’s also the extensions and content blocking apps which would be device specific.
Which is the fastest, performance wise, and easiest to interact with daily?
Pihole v6 Beta (and I have a fallback to v5). Runs together with unbound in recoursive mode. Super slick and fast!
If you’re on android you can use tasker to automatically connect to VPN when not at home
uBlock origin + Pihole. uBlock covers just about everything on your PC but I mainly use Pihole for mobile devices and as a “catch all net”
I’m running unbound. I have a cronjob (bash+python) that downloads StevenBlack’s blacklist (https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts), turns it into an unbound config file, and restarts unbound.
Happy to provide a copy if anyone is interested.
I just use basic DNS ad/scam/spam/etc-blocking, via technetium.
I mostly relays on ublock/sponsorblock, as they are much more effective, and tend to “break” less of the internet.
DNS block-lists tend to do a nuke-from-orbit approach, while not being nearly as effective as you would want. (For example- its not going to effectively hide most youtube ads, facebook ads, etc.), while ublock, is extremely effective at the task.
I use DNS blocking as addons are not really a thing on all mobile devices, but I also roll out uBlock Origin via GPO on Windows as it can better target scripts instead of blocking whole domains and is most of the time able to block detection scripts. The best of both worlds I guess.
AGH on a raspberry pi. Super fast with caching and other setting enabled.
Made an entire video about how to do this with your pihole and unbound.
I just use AdGuard Home. For me it works better then PiHole and runs native on my opnsense box.
I like blocky adblocker (https://github.com/0xERR0R/blocky). It is easy to configure using YAML file and also easy to backup.
You can setup Wireguard VPN server. On your phone, set the VPN DNS server to your adblocker IP and set on-demand connection to only connect to VPN when it is not connected to your home network.
What are the advantages of Blocky over something like piHole?
Some script that parses blocklists into unbound local-data statements, combined with cron and unbound-control
Just PiHole and then VPN with split tunnel so that only DNS is using home one.
I’ve heard of using Wireguard for VPN when away from my local network. How does performance get impacted with something like that?
You can set up WireGuard to only route local addresses to the peer, so you would only be routing dns requests through the tunnel and everything else goes via whatever other interface you have. So performance is minimally impacted in that way.
Cellular is a completely different network so their is no solution unless you owned a cell tower and did it from that litterly impossible by design for cellular stick to extensions!!! I wouldn’t vpn just for no ads but would use a local ad blocker on my network
NextDNS works on cellular, since you install the config on the phone itself. Works brilliantly, anywhere I travel.
This, is it what we’ve all need or is their a Caveat
If it’s DNS based adblocking, like PiHole or pfBlockerNG, you can do split tunnel VPN, no need to route the entire traffic, just the DNS
Yea I heard about that it’s gets complicated
I started with unbound dns blacklists and then moved to adguard home. Dns based blocking is just easier and covers the whole LAN imo, I didn’t want to deal with various extensions on all my machines/devices.
It’s still not bullet proof but it’s good enough for me. While you don’t need a VPN, I run one so my phone is on it while away from home. That was two fold, dns based blocking and screw my cell carrier getting to snoop. Well and off course I wanted to learn how to setup a VPN server 😁