How to set up AdGuard Home without technical knowledge

¿How to set up AdGuard Home without technical knowledge? If you're fed up with that Every website you visit becomes an advertising festivalWith trackers and pop-ups, and if you also have mobile phones, tablets, Smart TVs, and various other devices connected to Wi-Fi at home, you've probably considered blocking ads across your entire network. The good news is that it can be done, and you don't need to be a network engineer to do it.

In this article you will see how Set up AdGuard Home without technical knowledgeUsing real-world examples, we'll cover everything from installing it on a Raspberry Pi or Proxmox to setting it up on a VPS with Docker for ad blocking even when you're away from home. We'll also see how to prevent some devices from bypassing DNS, what DoH/DoT is and how it relates to Hagezi lists, and review advanced AdGuard features on Windows to help you better understand the entire ecosystem.

What is AdGuard Home and why is it more than just a simple ad blocker?

AdGuard Home is a A filtering DNS server that you install on your own networkInstead of blocking ads only in the browser like typical extensions do, it intercepts all DNS requests from devices before they reach the Internet, so any device connected to your WiFi (mobile, laptop, Smart TV, console, smart speakers, etc.) benefits from the filtering without you having to install anything on each one.

In practice, AdGuard Home acts as a kind of “Call center” for domain namesWhen a device requests the IP address of a website or ad server, AdGuard's DNS server decides whether to allow or block the request using filter lists similar to those of uBlock Origin or Pi-hole. This allows you to block ads, trackers, malicious domains, adult content, or even entire social networks if you wish.

Another strong point is its A very polished and easy-to-understand web interfaceIt includes statistics on everything that's resolved (and blocked), details per client, block lists, custom filters, parental controls, and even an integrated DHCP server. The best part is that, despite having many advanced options, for basic use you can leave almost everything at the default settings and it works perfectly.

Compared to similar solutions like Pi-hole, AdGuard Home is generally liked because It comes with many "factory" features: Support for encrypted DNS (DNS-over-HTTPS and DNS-over-TLS), built-in DHCP server, malware and phishing blocking, safe searches, parental control, etc., without the need to install additional software or mess with strange configuration files.

How and where to install AdGuard Home without going crazy

To set up AdGuard Home you need a device that acts as server on 24/7Nothing powerful is needed; something very modest is more than enough. There are several common options that are repeated in many real-world configurations.

One of the most popular is to use a Raspberry Pi with Raspberry Pi OS LiteOne user reported that they bought a Raspberry Pi 5, installed the operating system, set up AdGuard Home with the basic configuration, and changed the router's DNS to point to the Raspberry Pi's IP address. The result: they started seeing traffic from almost all their devices on the dashboard, although some Amazon devices were trying to bypass the router's DNS, a topic we'll discuss later.

If you have a Proxmox server at home, another very convenient alternative is Install AdGuard Home in an LXC container Using the Proxmox VE Helper-Scripts from the community. From the Datacenter, you enter the node, open the Shell, and run a script that deploys AdGuard Home almost automatically, with a simple installation wizard that asks if you want the default values, a detailed installation with confirmations, advanced settings, using your own configuration file, diagnostic options, and the installer's output.

Command to launch the installer: bash -c "$(curl -fsSL https://raw.githubusercontent.com/community-scripts/ProxmoxVE/main/ct/adguard.sh)"

It can also be mounted on an old PC or a VPS using DockerMany users do it this way: they connect via SSH to their VPS or Linux machine, install Docker and Docker Compose, and create a docker-compose.yml A simple setup where the container exposes port 53 for DNS, port 3000 for the initial wizard, and some additional ports for the web interface (for example, mapping internal port 80 to external port 8181), and the service is started with a docker-compose up -dThe behavior and interface of AdGuard Home are identical to those of a "normal" installation.

The key in all scenarios is that the device running AdGuard Home has a fixed and stable IP address on your local network (in the case of a Raspberry Pi or a home server) or, if you use a VPS, make sure you know how to open the DNS and management ports in the system and cloud provider firewall, taking great care with security.

Install AdGuard Home on Proxmox step by step (without complications)

In Proxmox, a very efficient way to deploy AdGuard Home is by pulling the Proxmox VE Helper-Scripts, some community scripts that automate the creation of containers and virtual machines with various pre-built applications.

The basic process involves going to Proxmox Datacenter, select your node and open the option to ShellFrom there you run the AdGuard Home script, for example:

When you run the wizard, you will see options such as: instalación con configuración por defecto, modo verbose, configuración avanzada, usar archivo de configuración propio, opciones de diagnóstico

When the wizard launches, you will see several options: installation with default configurationThe same, but in "verbose" mode so that it asks you before applying each adjustment, a mode of Advanced configuration where you choose all the parameters manually, the possibility of using a custom configuration fileDiagnostic settings and, of course, the exit option. For someone without much experience, the most sensible thing to do is choose the default settings.

Then the assistant asks you where you are going to save the LXC container template, in which storage the container will be hosted and, as soon as the configuration is complete, it tells you that you can now access AdGuard Home through the assigned IP and the initial configuration port (usually the 3000).

From that moment on, you open a browser on a computer on your network, you enter the URL with the container's IP address and port 3000 The AdGuard Home web wizard will then start. Simply click on “Get Started” and follow the steps:

• Choose the management interface and port for the web panel (typical port 80, although you can change it).
• Custom the IP address and port of the DNS server (default 53).
• Create a administrator username and password with some certainty.
• See a short summary of how to point your devices to this new DNS.

After the wizard finishes, you can Log in to the AdGuard Home dashboard and explore all its sections: DNS settings, built-in DHCP, blocklists, custom filters, statistics, parental controls, blocking specific services, and much more.

Configure the devices to use AdGuard Home as DNS

Once installed, the really important part remains: Get the devices on your network to use AdGuard Home as a DNS serverThis can be done temporarily, by touching only one device, or permanently at the router level so that everyone goes through it without noticing.

If you want to do quick tests on a GNU/Linux machine, you can change the file /etc/resolv.conf so that it points to the AdGuard server. With superuser privileges, edit it and add a line like this:

Example entry in resolv.conf: nameserver IP_ADGUARD

Please note that this file is usually regenerate when the network or system restartsSo it's a useful temporary change to test whether the server responds well or if the filter lists do what you expect before touching anything on the router.

The recommended long-term configuration is to change the DNS directly on the router from your home. This way, any device that obtains its configuration via DHCP (the usual case: mobile phones, computers, consoles, etc.) will automatically receive the AdGuard Home IP address as its DNS server without you having to configure them one by one.

To do this, you access the router's web interface (typical IPs are usually 192.168.1.1 or 192.168.0.1), you log in with your administrator user and look in the menu for a section of local area network (LAN) or DHCPOn a Xiaomi AX3200 router, for example, you go to “Settings – Network settings – Network settings” and select the option to “Manually configure DNS”.

In the DNS1 field we enter the AdGuard Home server local IP (the Raspberry Pi, the LXC container, the physical server, etc.). A secondary DNS (DNS2) is often allowed: you can leave it blank so that nothing escapes the filter, or set a backup public DNS like 1.1.1.1, knowing that this route could be used if the primary one fails.

After saving changes and, if necessary, restarting the router, the network will begin to Send DNS queries to AdGuard HomeYou may need to disconnect and reconnect some devices to the WiFi for them to pick up the new settings.

What happens when some devices try to bypass DNS (DoH, DoT, and others)?

One problem that is becoming increasingly common is that Certain devices or applications ignore the DNS configured on the router. They connect directly to encrypted DNS services (DoH or DoT) such as those from Google, Cloudflare, or the device manufacturer. One user commented that their Amazon devices seemed to "try" using the router's DNS, encountering some blocks, and then changing routes to bypass the restrictions.

This behavior is possible because Many systems allow you to configure your own DNS. at the system level or even within a specific app. Furthermore, DNS-over-HTTPS (DoH) and DNS-over-TLS (DoT) travel through encrypted ports (typically 443 for DoH and 853 for DoT), making them more difficult to intercept if you don't control the network firewall.

To avoid this, lists like those of Hagezi They propose a clear strategy: ensure that your local DNS server is the "boot" server on your network. This involves two things: redirect or block all outgoing standard DNS traffic (TCP/UDP 53) that it doesn't go through your server and, furthermore, block outgoing DNS over TLS (TCP 853) traffic externally, so that they cannot use encrypted third-party servers without your control.

In practice, this is achieved by configuring rules in the firewall of the router or firewall you use On your network: all outgoing traffic to port 53 is blocked except from your own AdGuard Home server, and connections to port 853 are also cut off. For DNS-over-HTTPS, many filter lists include known DoH domains so that AdGuard Home itself can block them as if they were any other unwanted domain.

With these measures, even if a device has a different DNS configured, the direct connection to external servers will be blocked, forcing that All DNS traffic must pass through AdGuard Home.where you can filter, record and control what is really happening.

Using AdGuard on devices: apps, home mode and away mode

Beyond AdGuard Home, there are the AdGuard apps for Windows, Android, and iOSwhich function as device-level blockers. Many users combine both: at home, devices use AdGuard Home's DNS; when they go offline, apps use AdGuard Private DNS (AdGuard's managed service) or system-level filters.

The common question is whether mobile phones and laptops can automatically switch to AdGuard Private DNS when they are not on the home network. In practice, many profiles are configured like this: when connecting to home WiFi, devices use AdGuard Home's local DNS; when on external networks, apps use the private cloud service associated with your account (in some paid plans, valid for several years).

In addition, solutions such as tailscale This allows you to continue using AdGuard Home as your DNS server even when you're away from home, because your device virtually connects to your private network. Some users have it set up this way: they block ads for the whole family at home, and when they travel or are on unreliable public Wi-Fi, they route the DNS through Tailscale to their AdGuard Home server in their home office.

All of this is combined with the Advanced options for AdGuard applications on WindowsThese options allow for much finer filtering. Although these options are designed for more technical users, it's helpful to understand what's "underneath" them in case you ever need to go beyond basic use.

Advanced AdGuard settings on Windows: what you need to know

Within AdGuard for Windows there is a section for Advanced settings formerly known as low-level configuration. You don't need to touch anything for daily use, but it offers a lot of fine-tuning over how traffic, DNS, and security are handled, and many of those insights help you better understand what AdGuard Home does at the network level.

For example, there is the option to Block TCP Fast Open on EdgeThis forces the browser to use more standard behavior, which sometimes helps to circumvent problems with proxies or filtering systems. You can also enable the use of Encrypted Client Hello (ECH), a technology that encrypts the initial part of the TLS connection where the name of the server you are connecting to goes, further reducing the amount of information that is leaked in plain text.

Regarding certificates, AdGuard can verify the transparency of certificates Following Chrome's policy, if the certificate doesn't meet those transparency requirements, you can choose not to filter it so that the browser itself blocks it. Similarly, it's possible Enable SSL/TLS certificate revocation verification through background OCSP queries, so that if a certificate is detected to have been revoked, AdGuard cuts off active and future connections to that domain.

Other convenient features include the ability to Exclude applications from filtering by specifying their full path., activate controlled pop-up notifications, automatically intercept filter subscription URLs (e.g., links that begin with abp:subscribe), filter HTTP/3 traffic when the browser and system support it, or choose between filtering using a driver redirection mode or a mode in which the system sees AdGuard as the only application connected to the Internet.

You can also decide whether filter localhost connections (something essential if you use AdGuard VPN, since many connections are routed through it), exclude specific IP ranges from being filtered, enable HAR file writing for debugging (beware, this can slow down browsing), or even modify the way AdGuard forms HTTP requests, adding extra spaces or fragmenting TLS and HTTP packets to evade deep packet inspections (DPI) on very restrictive networks.

In the network performance section there are options for Enable and adjust TCP keepaliveThis allows you to define intervals and timeouts to keep inactive connections alive and thus bypass aggressive NAT from some providers. You can also completely block Java plugins for security reasons, leaving JavaScript untouched.

The advanced DNS section in AdGuard for Windows allows you to set DNS server wait timesEnable HTTP/3 in DNS-over-HTTPS upstreams if the server supports it, use alternative upstreams when the main ones fail, query multiple upstream DNS servers in parallel to respond with the first one that answers (increasing the feeling of speed), and decide whether to always respond with a SERVFAIL error when all upstreams and alternatives fail.

You can also Enable filtering of secure DNS requestsThat is, redirecting DoH/DoT requests to the local DNS proxy so they undergo the same checks as the rest. Additionally, you can define the lock mode for host-type or adblock-style rules (respond with "Rejected", "NxDomain" or a custom IP) and configure custom IPv4 and IPv6 addresses for blocked responses.

Regarding redundancy, the configuration allows you to specify fallback servers system defaults or custom settings, as well as a list of Bootstrap DNS These serve as initial translators when using encrypted upstreams that are defined by name rather than IP address. A section for exclusions is also included: domains that should resolve using the system's DNS without applying blocking rules, or Wi-Fi SSIDs that shouldn't go through DNS filtering because, for example, they are already protected by AdGuard Home or another filtering system.

This whole range of advanced options isn't mandatory for AdGuard Home to work, but it helps to understand AdGuard's general philosophy when handling DNS, certificates, and encrypted traffic, and it gives you clues as to how far you can go if one day you need very fine control over your network.

With all of the above, it is clear that, although it may sound technical at first, Setting up and configuring AdGuard Home without extensive knowledge is entirely manageable. If you follow the basic idea of: having a small server running, installing AdGuard Home (either with a script in Proxmox, on a Raspberry Pi, or with Docker), pointing your router's DNS to that server, and, if you want to go a step further, using firewalls and lists like Hagezi to prevent the most rebellious devices from bypassing your rules; from there, you have a very visual panel where you can see what is blocked, adjust filters, activate security features, and extend that protection even when you leave home thanks to AdGuard apps or solutions like Tailscale.

• AdGuard Home acts as a filtering DNS server that protects all devices on the network without installing anything on each one.
• It can Easily install on Raspberry Pi, Proxmox, PCs or VPS and you just need to point the router to its IP address to use it.
• The use of blocklists, firewall and DoH/DoT control It prevents certain devices from bypassing AdGuard's DNS.
• The AdGuard advanced options They allow you to fine-tune certificates, DNS, HTTP/3 and exclusions for a more secure network.