What is your preferred Ad Blocking Strategy?

There are different approches to ad blocking available:

  1. You could implement network-wide adblacking in OpenWRT using one of the available packages:


  1. You could install Pi-hole on a Raspberry Pi connected to your network:
  1. You install one of the available browser extensions directly in Chrome or Firefox on the different hosts of your network, for instance uBlock Origin:

What is your preferred aproach in this regard?

Do you combine those ad blocking methods?

Why would you implement the additional administrative overhead of a Pi-hole in your network if you could install an ad blocking package directly in OpenWRT?

I am looking forward to your ideas and opinions!

1 Like

Personally, I do 1) using the adblock package. I am a bit uneasy about essentially outsourcing the decision what to drop to 3rd parties, but adblock allows custom allow and denay lists and can be quickly suspended for testing/debugging.
I do not claim this is optimal, but it certainly is 'good enough' for my network...


An option is missing in the wiki -- https-dns-proxy with the adblocking (either customizable, or preset, like family filter) DoH resolver. Very lightweight option which will work well on even resource-strained routers.

PS. There was a topic of differences between adblocking packages for OpenWrt, you may want to locate it and read up.


Are you referring to this guide?


1 Like

No, I meant that the fact that https-dns-proxy is a viable ad-blocking option is missing from the page which describes the ad-blocking options for OpenWrt. :wink:

You mean the Wiki documentation is incomplete?


I run an Adguard Home instance on Oracle Cloud free tier and use that with DNS-over-http proxy. It's quite fast and I can use it on my phone when I'm on mobile data without security concerns.


Yes. Come to think of it, the AGH is available as a package for OpenWrt, it should be included in the list as well.

1 Like

You could run pihole in a Linux container on your router.

If your hardware is powerful enough. Are there any real advantages of using Pi-hole?

Does not take much


Currently working out if this could be built as an Openwrt package

1 Like

Nextdns.io and it also works outside your home network.


Thank you, forgot about that!

So the following are available as packages for OpenWrt which can be used for ad-blocking as well:

  1. AdGuardHome
  2. https-dns-proxy (when configured with the blocking DoH resolver, one of such resolvers would actually be NextDNS)
  3. NextDNS
1 Like

PiHole on a 1GB pi4 ... the default blocklist doesn't handle admiral, but i found a list which handles it well, - i added a local list for the few times admiral shows up. I immediately look at pihole's dns querry via its web interface to see what was allowed. It's actually pretty easy to spot their queries; when i find one, i add it to my local list, restart pihole. Done.

That local list has maybe 6 entries after 3mos of dealing with A.

1 Like

Let's say you are setting up DoH with Dnsmasq and https-dns-proxy on your router:


If you the choose NextDNS as your DNS resolver, will it effectively block all advertising / malware / trackers?

Or what are the most effective DNS resolvers in this regard?

Wouldn't that make the separate Adblocker package redundant or can you operate DoH and Ablocker together?

Because that would be kind of a great solution: DNS over HTTPS protection + Advertising / Malware / Tracker blocking at the same time...

Might keep in mind the amount of processing power needed to do just that - in addition to that needed to move packets. Most routers are designed to have just enough cpu for their basic job.

I mention this as I'm seeing more posts from people getting faster wans, running sqm, and not seeing their expected data rates.

1 Like

@Mpilon There is an interesting discussion in this regard:

Mmmh, now I admit that this is a subjective policy question each network needs to decide individually. Yet I wonder how wise it is to put all one's eggs into a single basket? That requires even more trust...
Sidenote, nextdns writes that in the free tier you have 300000 DNS queries per month after which:

When exceeding the free monthly quota, NextDNS will continue to answer DNS queries like a classic non-blocking DNS service.

No complaints about them trying to earn some money with their service, just something to keep in mind when trying to use them as one stop solution for DoH and filtering, to not end up in a situation where one believes filtering to be still functional when it is not.

Using turrisOS (a OpenWrt derivative initially started as a research project by the Czech registrar nic.cz, that also develops the knot resolver) I simlpy run my own caching resolver (with DNSSEC) to avoid silly DNS filtering by my ISP (who participates in the 'vigilant' Clearingstelle Urheberrecht im Internet), but I do not require/desire encrypted DNS. As I wrote above, I use adblock locally on my router, and so keep easy control over whether I agree with blocking or not, at least for URLs I actively try to access. This is nether objectively better, nor worse than the proposed alternative solutions, it just happens to be what I ended up doing...


Maybe SmartDNS should also be included supports secure DNS and adblocking although in a rudimentary form

1 Like