i just did that its at dnsserver.ldlda.com wowsers (i do not care)
use if you want

so how did i do.

how adguag jome

uh its easy i i

the journey starts with a lot of ads in geometry dash world. No adblockers are fixing that (they can only block stuff in safari). it also started when i downloaded userscript (ios app)

Oh! so i can block stuff with a userscript (still dont know if this is real)! hmm i should find more adblock userscripts.

did some digging, found network adblocker. found nextdns, used nextdns, worked wonders. but what the fuck is 100k queries in 4 days, calculate => oh no (they allow 300k in 30 days)

bit more digging, found adguard home. Gotta install that.

did some stalling (thats what i do)

did some installing. firewalling. setup certs all that. reverse proxying. site broke? or it didnt but i dont know. learned that you can do that (do what i did).

how to install + my experience

what is it actually

domain name server (DNS) is a thing that stores addresses. my website is ldlda.com, but your device needs the exact ip address! DNS comes into play, resolving the name (ldlda.com to a set of ips or one ip) so the device can use.

dns.google is a popular dns resolver.

this software adguard home basically filters the dns query (so to remove ads and malware sites) before sending it to a dns server. this differs from a browser adblocker as it doesnt change the layout of the site (a full screen popup is not removed, it just doesnt have the ads anymore)

notice

this thing will not block something like you tube its network ad blocker it does not block youtube which serves ads with content. if you block youtube ads you block youtube in its entirety.
similar with some sites. use ad blocker. adguard (iOS). ublock origin.

This type of software is not a VPN/Proxy! ultimately you still connect to the resolved ip with your own phone. with a vpn you connect to another device, be it your own or from someone else, then it connects to the ip.

Install the software

first go to the website and paste the install script in a linuz Computer (not your router dont use router router is weak)
this computer is going to be open 24/7 and because your viewing this website every time, mine is open every time.

to the setup:

now the thing is going to install, and it is also opening a thing at localhost:3000
(for me tailscale dont work somehow (BECAUSE DIDNT OPEN FIREWALL imsobad), so i had to remote to the server, use firefox to open localhost:3000 there oh god)

setup thing, web server port (http) MOVE THAT OUT of 80 (because 80 is httpd for me) move to a port i dont know what ports

(80 is going to be used by other services (apache nginx idfk) so youd rather do a reverse proxying manoeuvre maneuver truly one of the english of all time

you should have udp 53 on ur firewall, and the custom port (tcp) on ur firewall too for now. i used cockpit for that but you should have this and that helping you
(wow cock pit is simple you should use cock pit

dont change dns port (dns clients do not play with custom ports other than 53 i assume)

also all interfaces. you can change that later in the conf (should u)

if any port is occupied it should raise an error. you should check what process is using that port (i use webmin, you should find a way and fix that)

wowsers. now you have a server running in 127.0.0.1:CUSTOM_PORT. thats amazing.

for use

some setup so it works and you see things go in things go out

i assume you dont have a vpn every time and you want to delete ads for all users in your famile and all that stuff

me who uses oracle cloud

i have a Oracle cloud linux, so i have to setup security list’s ingress rules. you should have tcp and udp, 53 and 853, 0.0.0.0/0 and ::/0 for the whole wide internet (yes thats what i did (problematic))

those are the ports that adguard hoem use (you do have firewall too no worri) you also need your standard http and https port or the custom http and https port of adguagr.

now you can access ur dns server from the internet, access from the public ip of that virtual cloud network.

(if you are setting up oracle account multiple ips PLEASe an d please please just setup multiple vnic that is Much easier than multiple ip in one vnic (at least if you need < 4 ips they have limits))
edit: how wrong could i be (i just add the additional private ip manually through cock pit its so simple (and the limit is wider: 32 ips))

(do the thing where you have a service or a cron job that runs that secondary vnic all configure thing) (internet idfk)

what about me

you may not have a public ip address, you may not need to expose this thing over internet, but you may have the power of local and vpn.

for vpn use what you want wg maybe
but i use tailscale.

if you use [tailscale] then put the computers [tailscale] ip in the dns tab > Global Nameservers, and override local. (see how it doesnt support custom ports)

if its for router then put ipv4 or ipv6 converted from v4 [::ffff:(ipv4)] (i think thats how that works) to the dns server field (replacing 8.8.8.8 or 1.1.1.1 type shi (see how this doesnt support custom ports either)

or maybe put that in your settings > wifi > your wi fi > dns > manual i have an iphone thats what i did (see how you cant have custom ports there)

Autostart

if you install as a service (sudo theBinaryThatIsAdGuardHome -s install) then adgh should know and auto start when boot.

You might need to have resolved issues with occupied services before moving on. a good way to check is with that command systemd-analyze critical-chain service i found this on goog

For blocking ads and trackers

go to filters – dns blocklists – add blocklists and add hagezi pro in

you want as few (yes) blocklists as you need. add one. internet for a while. THERE ARE STILL ADS. add another. NO MORE ADS. no more blocklists.

why fewest: if you have 3 blocklists its one thing three times, and you dont want duplicates (many blocklists just borrow from one another, thats what they say)

thing is it is easy to see why it blocks legit sites / why it didnt block ads with the query log page.

one thing that is a bit worse than nextdns is where i can exactly see what blocklist is poggier. so i can delete the blocklist that is less poggier.

see that

For me i use hagezi pro, hagezi threat intel thing, allowlist referral, abpvn, adguard default, ublockorigin thing, and the smart tv blocklist\

not blocking completely?

search for it on google, as i did.

you probably went to an ad tester type site. it queries the ads websites, and based on how many sites can be accessed the score is reduced appropriately. So you base your ad blocker efficiency according to the final score.

but according to experts (maintainer of uBO) those sites are flawed. the sites dont care if the responses they get from querying ads websites contain ads or not. they see it as “you can go to the sites, so blockers bad”.

these ad blockers have a magic feature where they literally man-in-the-middle those ads and trackers. Instead of your device querying ads or sending info to the servers, they go to localhost or something. info are stripped, ads dont exist, nothing gets sent, but the important thing is, those sites technically work. and therefore the anti adblockers wont scream and cry, and the website your visiting dont break down

also remember, that is for uBO, a browser adblocker. You are installing agh, which is a network adblocker. it cant block website elements.

(they have private checkers now pls u guys you gotta move)

dns upstream servers

choose for yourself (adguard has guide, google, mullvad, opendns and quad9 seem good for me)

this you want to have a bunch of them to test (as there are info now)

“secure” dns

sure yeah secure.

if you check there is a tab called Encryption settings and that is the most problematic thing of this whole thing.

port

so i need ports.

well, you can setup any ports you want. see if you add a dns over tls upstream in there they automatically specify ports right away. but me 853 default

move https port FAR away from 443. (httpd, again). we’ll use httpd to setup a reverse proxy. Remember to firewall things. it should now redirect u to https port

website

ldlda.com

i think i should set up some srv records so custom thingies work (is that how they work idfk current setup still rocking

cert

so i need cert.

i have certbot installed from snap store (updated here). i did some ln -s so certbot is in Path. i run certbot to give me certs for *.ldlda.com (you want star there). i couldve used apache server to verify cert but i didnt, i use cloudflare dns plugin by having a flag.

because cloudflare so i had to have some of these going on

reverse proxy

adguard has a tutorial, but its for nginx

for me i had this going on:

    # servername certfile certkeyfile provided, sslengine on

    ProxyPreserveHost on
    ProxyRequests off
    SSLProxyEngine On

    ProxyPass / https://127.0.0.1:CUSTOM_PORT/
    ProxyPassReverse / https://127.0.0.1:CUSTOM_PORT/

    # below is for not cloudflare?? idfk
    # RequestHeader set Host "%{SERVER_NAME}e"
    # RequestHeader set X-Real-IP "%{REMOTE_ADDR}e"

chatgpt helped me convert nginx to apache conf and it works for me i still dont know what i mightve missed.

Use (part 2)

again you can put it in ur phone, or the router. setup the server to use a static local ip address (turn off dhcp from the server using network manager gui) then do whatever
U can also use it in chrome or firefox (use secure dns something like that

missing (upcoming) features

• you cant bypass domains. But you can set a line so these domains will always be forwarded to these dns resolvers.
• you cant ignore logs/analytics by domains yet. its coming tho
• its EXTREMELY difficult to reverse proxy these type shit with apache. i struggle so bad

it works fo r now

What then? well you have a dns you can use everywhere where it is supported. plug it into chrome or firefox on whatever device. use from phone. use with vpn of choice. whatever you want.