AdGuard Home is a powerful network-wide ad and tracker blocker. It acts as a local DNS server, blocking unwanted content before it even loads. In this guide, I'll walk you through how I set up AdGuard Home on my local Debian server ("blackbox") and configured it to use Quad9's secure DNS upstreams for speed, privacy, and malware protection.

Why I Chose AdGuard Home

• Easy to set up and maintain
• Built-in support for DNS-over-HTTPS (DoH)
• Works well with Tailscale and local hostname resolution
• Compatible with all devices on the network, including Apple HomeKit and IKEA smart devices
• Custom blocklist support with update scheduling

While I already get my browser-based ads blocked with uBlock Origin (in Firefox), the rest of the family is using Chrome for school and work compatibility where uBlock Origin has recently been crippled. This solution will cater to them, as well as blocking ads on their tablets.

Installation and Systemd Setup

I downloaded the AdGuard Home binary from the official site and moved it to /opt/adguardhome.

Then I created a systemd service file so it starts automatically on boot:

[Unit]
Description=AdGuard Home: DNS Ad Blocker
After=network.target

[Service]
Type=simple
ExecStart=/opt/adguardhome/AdGuardHome
Restart=always
User=root
WorkingDirectory=/opt/adguardhome

[Install]
WantedBy=multi-user.target

I enabled and started it with:

sudo systemctl enable adguardhome
sudo systemctl start adguardhome

After that, AdGuard Home was available at http://blackbox:3000.

Why a bare metal installation? I spent an hour trying to get it running in Docker before giving up. Bare metal worked first time.

Upstream DNS Configuration

I configured Quad9’s secure DNS-over-HTTPS endpoint:

https://dns10.quad9.net/dns-query

This is a privacy-respecting, malware-blocking service run by a Swiss non-profit with servers worldwide.

You can monitor the upstream usage under Dashboard > Top Upstreams.

Blocklists I Enabled

Here’s my current filter setup (enabled from the UI under Filters > DNS Blocklists):

• AdGuard DNS Filter
• AdAway Default Blocklist
• Steven Black's List
• HaGeZi’s Normal Blocklist
• Phishing URL Blocklist (PhishTank + OpenPhish)
• HaGeZi’s Threat Intelligence Feeds
• Malicious URL Blocklist (URLHaus)

These cover general ad/tracker blocking, phishing, and malware.

Blocklists are auto-updated by AdGuard Home (you can check timestamps in the UI).

Does It Break Anything?

So far:

• All Apple HomeKit and IKEA Dirigera smart devices still work
• No issues with Safari, YouTube, or streaming apps
• The kids' tablets work fine, and I plan to apply stricter filtering to them later via Eero parental controls

I’ve had no false positives yet, but if something breaks, I can easily whitelist it via the query log.

Performance

Despite using DNS-over-HTTPS to Quad9, I haven't noticed any slowdown in name resolution. On the contrary, it feels faster because of caching and instant local blocking.

You can view live DNS query stats in the AdGuard Home dashboard.

Final Thoughts

This setup gives me:

• Local DNS with privacy and malware filtering
• Central ad blocking for every device on my network
• Optional per-client rules if I want them
• A simple web UI I can access from any device

I’ll monitor usage over the next few weeks, but so far it’s been flawless.