Is running Pihole or Adguard home even worth it these days ?
You can get something like NextDNS for $18/year, which is probably less than what you pay for the power required to serve Pihole or Adguard Home, and you get enterprise level infrastructure for it, along with redundancy, and it works "everywhere".
Yes, you (probably) need a caching resolver at home, and that could be Pihole or Adguard, but going through hoops to setup Wireguard and have all DNS resolve over that, just to reach pihole at home, that sounds like overkill.
Anyway, In case it's not obvious, NextDNS is how i roll, using a "stupid" caching DNS resolver at home.
I've been using NextDNS for years and never paid anything. Very occasionally (maybe twice) around the last few days of the month I get an email saying I reached my quota and filtering will stop working.
Can you setup custom filters on the free solution ?
If not, DNS4EU (https://www.joindns4.eu/) is free for personal use, and has no quota, and offers various endpoints for malware protection, adblocking, and other stuff.
- 50+ blocklists ready to use (including Easylist, Adguard, HaGeZi, Energized). You enable the ones you wish to use
- Many privacy options you can enable, including Disguised Third-Party Trackers (TIP), CNAME flattening
- Many security options you can enable, including Cryptojacking, Google Safe Browsing, IDN Homograph attacks, Typosquatting, dynamic hostnames
- Ready-to-use application-based and category-based allowing/blocking
- Custom blocking options such as allowlists, denylists, blocking certain TLDs, custom rewrites
It also has:
- Option to "Bypass Age Verification"
- Option to keep logs (in EU, Swiss or US) or not
- Free to use up to 300,000 queries / month
- Multiple profiles for different clients
- Supports virtually all browsers and all OS, desktop and mobile, either via its official app, configuration profile (iOS), or IPv4, IPv6, DNS-over-TLS/QUIC, DNS-over-HTTPS
Oh thanks, that looks like an interesting alternative
> Can you setup custom filters on the free solution?
No, but as the other person replying said, there's a huge range of built in filters and I've never felt any need to customize them.
EDIT: just spent a few minutes looking over the DNS4EU website. I can't see any configuration options at all. They just have 4 basic levels (standard, child protection, ad block, or unfiltered). So it appears less useful than NextDNS. Where did you see the ability to add custom filters?
Sure is in NZ at least. RTT to NextDNS is ~30ms for me, RTT to my AdGuardHome is 1ms.
I don't setup a VPN, I setup a public SSL certificate (this requires you to own a domain) on it, listening on port 853. Then doesn't matter if I'm at home or on Mobile/4G/Someone Else's Wifi. I don't need the hassle of an always-on VPN, I just have an always-on AdGuardHome.
The biggest hassle was making sure the world can't hit it (though it's not UDP 53 so it's not an amplification vector anyway) but only local NZ IPs, which I did with GeoFilterig on my router.
That's why i setup a local caching resolver. RTT to NextDNS in Denmark is ~10ms, and RTT to my local caching resolver is 1-2ms, so yes, it's quicker, but my caching resolver is essentially just what my router offers (Unifi), with NextDNS as upstream (DNS over TLS).
"I just have an always-on AdGuardHome"
I've self hosted for 20 years, i honestly can't be bothered anymore. The power consumption of self hosted hardware alone costs more than the equivalent, better, service in the cloud. NextDNS is $18/year, thats 51 kWh at €0.35/kWh. 5W for a year is 43.8 kWh, which is roughly what a Raspberry Pi 3/4 uses, so for just €2.5/year i can have enterprise hardware and massive redundancy with zero operational risk compared to running on a single RPi at home.
Yes, i'm aware you can run better hardware with more services, but that really only makes the problem worse, both in terms of power consumption, but also in terms of TCO with hardware costs, as well as cybersecurity.
For most people, running in the cloud is cheaper than self hosting. If you have less than 5-6TB of data, the cloud will also be cheaper. After that the math starts going in the favor of self hosting, but year for year the amount of data you can store in the cloud cheaper than at home keeps growing. Yes, the cloud prices increase, but so does the price of harddrives and other hardware.
"but only local NZ IPs, which I did with GeoFilterig on my router."
I know geofiltering is usually security by obscurity, but it does keep the worst bots away, and i used to use it as well (when i self hosted). It cut down dramatically on the various "drive by shootings" by random bots constantly pinging various ports.
All good points. I already have a server that runs a whole bunch of other stuff (my router is a VM, my Unifi controller is a VM etc, all on the one box) so a tiny little AdGuardHome process and a port-forward in the router isn't using anymore power/effort.
Would recommend using the NextDNS software as the on-prem caching resolver — it can pass through the requesting client information so you're not losing any of the logging you'd have running Pi-hole, etc. at home.
Wireguard is simple enough to setup, and i actually use it much like OP does, though i don't force all my DNS queries through it, and instead use NextDNS.
It's basically setup so that i have my internal machines registered in NextDNS as rewrites, and Wireguard is setup to route anything for my internal RFC-1918 network, ie. 192.168.1.0/24, so when NextDNS returns 192.168.1.5 for "host.mydomain.com", it will go over wireguard.
The advantage is that i can keep the tunnel up 24/7, and it has very little impact on battery life as normal requests simply go over the internet.
You can get something like NextDNS for $18/year, which is probably less than what you pay for the power required to serve Pihole or Adguard Home, and you get enterprise level infrastructure for it, along with redundancy, and it works "everywhere".
Yes, you (probably) need a caching resolver at home, and that could be Pihole or Adguard, but going through hoops to setup Wireguard and have all DNS resolve over that, just to reach pihole at home, that sounds like overkill.
Anyway, In case it's not obvious, NextDNS is how i roll, using a "stupid" caching DNS resolver at home.