I'm curious what issues you ran into with Pi-hole? I was running my instance for years without a single hiccup. I ended up moving to AdGuard Home about a year ago though because I wanted to run it on my OPNSense box.
I have an automatic WireGuard VPN set up on my devices to VPN into my home network when I'm not connected to my SSID, so my local DNS still works remotely.
> I'm curious what issues you ran into with Pi-hole?
My primary problem with Pi-hole or any other DNS-based blocker is that it silently breaks things. YouTube stopped saving my spot in videos. I couldn't click through on any link that involved a tracking service.
These things accomplish their stated task well, but leave behind an insidious trail of browser errors, broken pages, and broken apps without ever indicating to the user what the cause of the problem really is.
DNS just isn't the right tool for fixing shitty UX in the browser DOM or a mobile app. It's a happy coincidence that it works more often than not.
Yeah nextdns regularly blocks things I don’t want to see and many email tracking links fail, some online stores don’t work (https://www.thermoworks.com/) and it’s really easy to turn off on my phone.
I saw some people setup pihole 5min temporary off buttons one way or another to get by.
I run lockdown also.
Try disabling ublock or other privacy extensions. Thermoworks add to cart doesn't work on my regular browser with everything but works on my browser that doesn't have those extensions with NextDNS, again it might be one of your blocklists
Odd - I have a pi-hole on my home network and never hit the issue with YouTube. The only breakage I've found is the top "results" (actually sponsored ads) on Google search don't work, but I always scroll past those anyway to discourage bad behaviour.
In fact pi-hole works so well that I'm always struck by how awful the internet has become when I venture away from my home network. Doctorow's enshitification in action.
The YouTube thing was what turned me on to Pi-Hole's list of commonly-whitelisted domains[1], but even after adding it, the experience of things breaking was just ultimately too frustrating to keep using it.
It's really an issue with feedback, though. When my ad blocker breaks a page, it says that it blocked something. When pi-hole breaks a page, it just appears to be broken.
I have had to do the same to fix Youtube progress reporting, but not much more. That is one of few things the PiHole has ever broken for me (that I know of...). I agree that a problem with PiHole is that if something is not working and I disable uBlock as a debugging step, then I have to also browse and login to 2 different PiHole GUIs and temporarily disable it. Without knowing if PiHole actually blocked anything. It is especially inconvenient when on the phone. I have not looked if it already exist, but I would want a nice little app I can open and just click "disable for X time" which would disable the blocking on all my PiHoles at once. Also syncing all settings from a "master" instance would be great. Maybe the default lists should contain some of the whitelis domains or something aswell.
Still, these problems are so small compared to the value I get out of my PiHoles. Blocking ads for years on end while having troubles maybe 3-4 times in total. All the other time it just works.
I tried that too, but the Pi needs to be bridged to the network for it to show up properly and that caused issues with docker containers not being able to access it properly.
Most likely it can be made to work, but I have more money than time to spend on faffing about with stuff that should Just Work, so I threw $10 at NextDNS which solved all my issues instantly :)
The Pi needs a bit more power than most USB powerplugs deliver, did you get any warnings about underpower? The SD Card corruptions are often caused by this.
> I have an automatic WireGuard VPN set up on my devices to VPN into my home network when I'm not connected to my SSID, so my local DNS still works remotely.
Exact same setup for me also.
I also run Tailscale since I have run into some remote networks that blocked wireguard's port.
I like the idea and might set that up but my residential ISP doesn't have great peering and latency isn't great. I wonder if that extra roundtrip would be noticable or not.
I do this from my phone with crummy copper ADSL at home that gets <20Mbps in the uplink and don't notice the difference between it being on and being off. YMMV of course, and all I'm doing is basic web browsing, occasional youtube videos and chat apps but it's fine for that.
Too many false positives with Pi-Hole. I never felt comfortable putting my partner on the same vlan that it was serving DNS requests for fear that something would break for them when I was out of town, unable to get into the pi-hole and sort out the issue.
I also had my banking app stop working one day. Never could get it working. Eventually I just got fed up with having to switch vlans or to mobile data to check my bank and got rid of the pi-hole.
The blocker on PFsense eventually had the same issue.
Realistically, I was probably running too many overly restricting blocklists for my actual needs.
But, I also don't want to fiddle with messing with the out of the block blocklists that also caused me issues.
I can empathize with the sometimes aggressive blocking, and as you pointed out can be pretty block list dependent.
I generally will go in and whitelist things if a site breaks due to a DNS block, but of course putting your partner on the same VLAN can be problematic. I "got around" that by having a button in Home Assistant that will completely turn off Pi-hole (and now AdGuard). So my partner will go in and toggle that if there's a problem.
AdGuard Home does also have the ability to completely disable blocking for specific clients.
I had similar issues and the problem with a white list is it can be very difficult to figure exactly which cryptic subdomain of some major company is necessary for the service to work, without just allowing everything and defeating the purpose .
Sure, if you’re accessing it in your web browser. But when it’s an app on someone else’s phone that’s misbehaving, that’s where I throw in the towel. It’s not worth the effort at that point.
> I never felt comfortable putting my partner on the same vlan that it was serving DNS requests for fear that something would break for them when I was out of town
One potential workaround, if your hardware supports it, is to broadcast two separate SSIDs for general users: one with a blocklist, and one without as a fallback. Users just need to know when to use each.
"Just" is doing a lot of work in that sentence. That sounds like a lot of work, and it isn't always obvious which weirdly-spelled domain is causing the issue.
I did have several issues with adguard home, after some time (or packets?) the dns wouldn’t resolve and basically you can’t open any website, you can ping with no issues but not opening the site, only resolved by either restarting the server or waiting few minutes, didn’t bother to troubleshoot it but I tried it on several hardware and got the same issues with different interruptions time.
I experience similar issues with Cloudflare Zero Trust (I have it setup to work as an ad blocker, using a Terraform config to update blocklists pulled from eg uBlock Origin sources). It'll work great most of the time, but when it stops working I need to disconnect and reconnect. Hard to complain since it's free, though.
I have an automatic WireGuard VPN set up on my devices to VPN into my home network when I'm not connected to my SSID, so my local DNS still works remotely.