this post was submitted on 28 Oct 2023
112 points (95.9% liked)

Privacy

32173 readers
313 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago
MODERATORS
 

I use Pi-Hole and works great. I've heard about AdGuard and seems the same thing as PiHole, but you have to install an app/extension. Everyone in this community recommend NextDNS. Whats the difference between them?

all 50 comments
sorted by: hot top controversial new old
[–] [email protected] 14 points 1 year ago (3 children)

All kind of achieve the same thing, but in different ways.

Pi-Hole is the completely free way of doing ad and tracker blocking at the DNS level. Free as in free beer and free as in free speech.

AdGuard is free as in free beer but not as in free speech.

Both solutions mentioned above have to be self-hosted.

NextDNS is a managed service for which you have to pay a (very small) monthly fee for. The advantage is that - once setup - it pretty much just works (exception being custom updates to filter lists, but that applies to the other two as well). What's cool about that is that it's reachable from outside your local network, so you can use it on your phone or whatever even when you're not at home (they offer apps and profiles for easy setup). You can expose your Pi-Hole/AdGuard DNS to the outside world, but this has some caveats and probably higher latency/worse availability.

Opinions differ when it comes to privacy, but I'd say they (NextDNS) are trustworthy/not selling your data as this doesn't seem to be their business model. Obviously, with Pi-Hole you don't have to trust anyone (except the code authors unless you study the code yourself), so when in doubt Pi-Hole wins in this regard.

Be careful when setting up either of these as the default DNS service in your home network, especially when other users are in your network, as the default configuration of either of these will break some websites, services and apps to stop working and you (the admin) would have to handle the errors your users are getting by adding exceptions and/or different filters. The good news is that there are more conservative filter settings available that will still block most ads and trackers while being way less likely to break anything.

[–] [email protected] 6 points 1 year ago (2 children)

Eli5 free as in free beer and free as in free speech?

[–] [email protected] 7 points 1 year ago

Free beer is freeware, but it can be closed source.

Free speech is freeware that's also open source with a permissive license, so you can create an opinionated version of it.

[–] [email protected] 1 points 1 year ago

Free as in beer - Free in the sense of costing no money.

Free as in speech - Free in the sense of having no restrictions; libre.

[–] mea_rah 4 points 1 year ago (1 children)

AdGuard is free as in free beer but not as in free speech.

I think in the context of this discussion, they are talking about AdGuard Home, which is GPL. So it's also free as in free speech.

[–] [email protected] 1 points 1 year ago (1 children)

Oh you're right. Didn't even realize AdGuard was GPL in its "Home" version.

[–] mea_rah 1 points 1 year ago

Yeah, it's essentially completely different software. Their naming scheme makes it even more confusing.

[–] eramseth 1 points 1 year ago

Be careful when setting up either of these as the default DNS service in your home network

So any DNS based blocker is going to have the same problem. I can report though that adguard home with the default blocklists and adding in the oisd big list hasn't broken anything. It isn't until I start adding keyword/regex based blocking that stuff starts breaking. And then it's mostly streaming apps that break. They have gotten smarter over the years about what to do when they can't find their ad/tracker servers.

[–] [email protected] 14 points 1 year ago (3 children)

I use Pi-Hole and works great. I’ve heard about AdGuard and seems the same thing as PiHole

Only if you're talking about AdGuard Home, then yes. When you talk about AdGuard you usually just mean the adblocker app which is something completely different.

I used all three of them. While AdGuard Home has some nice features that Pi-hole doesn't, it in my experience has much more problems and has been unstable on some updates. So since you prefer stability for your DNS server I'd recommend Pi-hole over AdGuard Home.
NextDNS doesn't need to be self-hosted because it's a service on the internet. The disadvantage is that you are offered a list of blocklists from which you can choose but unlike Pi-hole or AdGuard Home you cannot add more lists. But they offer many lists so that's not a big problem. If you need more than 300k queries a month you need to pay for their service. But since NextDNS is a service on the internet it means that you can use it on all of your devices no matter where you are.

[–] [email protected] 5 points 1 year ago (1 children)

Strange we've had differing experiences. I've only been using Adguard for a couple of months, but the reason I left Pihol was because of its instability! Or at least, the database would constantly get chowned elsewhere when running in docker so I couldn't whitelist any domains.

Adguard's been 100% stable so far for me.

[–] [email protected] 4 points 1 year ago (1 children)

As long as it works fine for you I'm glad. :)
If you're interested here are my three bad experiences with AGH:

  • The "use AdGuard browsing security web service" option made all DNS queries so slow after a week to the point where nothing was resolved anymore. (That was 2 years ago, maybe fixed now)
  • They removed some library with an update which caused a panic when booting AGH so it wouldn't start anymore. That library was needed to use the DoH encryption of one of my upstream DNS servers. I had to remove that one from my config.
  • The next update didn't fix this issue but added another one: A few hours of running this version ( I don't remember the version number) the AGH service suddenly crashed. I started it again but 5 minutes later it would crash again. That was the point where I stopped using AGH because it didn't feel reliable anymore and updates only made it worse.
[–] [email protected] 1 points 1 year ago

Fair enough!

It's just worked out of the box for me - and TIL it actually existed two years ago, I hadn't heard of it until about six months ago.

But yes - it's great to have choices and pihole deserves some extra credit for blazing the trail in this area.

[–] [email protected] 4 points 1 year ago

I currently selfhost AdGuard Home and it works very efficiently. I added custom lists plus personal filters, and as a plus, I exposed the DoT on the web, so I can use the device I "authorized" no matter where I am. Big plus for me

[–] [email protected] 3 points 1 year ago* (last edited 1 year ago) (2 children)

~~You are incorrect. You can add custom lists to NextDNS~~

Edit: I am so sorry. Apparently I was completely misremembering my setup.

The official docs contradict me directly.

[–] darklordcrouton 2 points 1 year ago (1 children)

I too was under the impression that you couldn't add custom lists to NextDNS. Last time I researched this everything I found said you couldn't as well. I know you can build your deny list but that can be time consuming. I do it, but would love to be able to pull block lists that are already compiled. Can you share more info on how to add custom lists to NextDNS? Thanks!

[–] [email protected] 2 points 1 year ago (1 children)

My memory is shit. I was wrong. I've updated my post.

[–] darklordcrouton 2 points 1 year ago (1 children)

Ahh no worries mate! I do it all the time! 😅

I have been intending to explore other options outside of NextDNS because I want custom block lists. Just means the plan remains the same! Thanks for the update!

[–] [email protected] 1 points 1 year ago

A droplet running pihole on digital ocean work?

[–] [email protected] 1 points 1 year ago (1 children)

Really? How do I do that? I'd love to add the Neo Dev Host List to NextDNS.

[–] [email protected] 2 points 1 year ago

I was dumb and wrong.

[–] AtmaJnana 5 points 1 year ago (1 children)

NextDNS seems cool but it looks like it is for-profit and proprietary software, which is a deal breaker for me. Even if their "free" tier were good for me, for now, the price and my privacy would always be subject to the whims of a company who is going to be trying to get money from me. Fuck that.

[–] nul9o9 2 points 1 year ago (1 children)

I am honestly surprised to see it recommended here on Lemmy. When I first heard of it, I went to their website to see what it's all about. I assumed it would be another self hosted DNS service, not a paid proprietary cloud service.

[–] AtmaJnana 1 points 1 year ago

I wondered if it is astroturfing.

[–] [email protected] 4 points 1 year ago

Just to clarify, you don't need to install an app or extension to use AdGuard, you can just use its dns servers. I use their own dns for my phone, so that it works everywhere, but I use my self hosted AdGuard instance at home.

I haven't needed to change anything in the filters yet, but by self hosting, I've got the option if it's ever needed.

[–] eramseth 2 points 1 year ago

Adguard home works great and if you have a supported router it can run on that instead of needing a seperate device.

Also, it looks like they're financially supporting the person/people who compile one of the better blocklists out there (oisd.nl) and that's a plus in my book.

[–] [email protected] 0 points 1 year ago