Network Based Ad Blocking
Network Based Ad Blocking is performed by implementing a DNS sinkhole, where DNS queries matching adware sites are not resolved, preventing ads from being served network-wide. The purpose of this guide is to highlight and compare some of the more popular solutions deployed at home.
We'll examine core features, as well as security and architectural considerations to help users make the right decision for them.
Feature comparison
The below chart is a feature comparison between the Pi-Hole, Technitium and AdGuard.
Pi-Hole versus Technitium versus AdGuard Home
| Feature | SPR | Pi-Hole | Technitium | AdGuard Home |
|---|---|---|---|---|
| Core DNS Blocking | ||||
| Blocking ads/trackers | ✔️ | ✔️ | ✔️ | ✔️ |
| Blocking malware domains | ✔️ | ✔️ | ✔️ | ✔️ |
| Parental control (adult domains) | ✔️ | ✔️ | ✔️ | ✔️ |
| Force Safe Search | ✔️ | ✔️ | ✔️ | ✔️ |
| Custom Blocklists | ✔️ | ✔️ | ✔️ | ✔️ |
| Rule Management | ||||
| Per-Client Rules | ✔️ | ✔️ | Limited | ✔️ |
| Per-Group Block lists | ✔️ | ✔️ | Limited | ✔️ |
| Per-Group Permit lists | ✔️ | Limited | Limited | |
| DNS Rewriting | ✔️ | Limited | Limited | ✔️ |
| Manage Permit Lists | ✔️ | ✔️ | ✔️ | |
| Manage Block Lists | ✔️ | ✔️ | ✔️ | ✔️ |
| Analysis | ||||
| Query Log | ✔️ | ✔️ | ✔️ | ✔️ |
| Long Term Statistics | ✔️ | ✔️ | ✔️ | |
| Domain Auditing | ✔️ | |||
| Networking Features | ||||
| Builtin DHCP | ✔️ | ✔️ | ✔️ | |
| Builtin VPN* | ✔️ | |||
| Builtin Firewall | ✔️ | |||
| Builtin DNS DNAT Redirect** | ✔️ | |||
| Security & Privacy | ||||
| Self Hosted DNS Server | ✔️ | ✔️ | ✔️ | ✔️ |
| No Cloud DNS Data Collection | ✔️ | ✔️ | ✔️ | 1 |
| Privacy Modes | Limited | ✔️ | ||
| DNS over HTTPS | ✔️ | ✔️ | ✔️ | ✔️ |
| DNS Rebinding Protection | ✔️ | ✔️ | ||
| HTTPS WebUI | ✔️ | Limited | ? | ✔️ |
| Memory Safe Language | ✔️ | ✔️ | ✔️ | |
| Web Stack | React | PHP | .NET | Node |
| Supported Platforms | ||||
| Docker | ✔️ | ✔️ | ✔️ | ✔️ |
| Raspberry Pi | ✔️ | ✔️ | ✔️ | ✔️ |
| WebUI | ✔️ | ✔️ | ✔️ | ✔️ |
1 AdGuard Home uses their own DNS services by default
* For plaintext DNS (not DNS over HTTPS/DoH)
** A client has the same DNS rules whether they connect over the VPN or over the network with ethernet or WiFi
Conclusion
For common usage, SPR has the core functionality that most users need to have effective Network Based Ad Blocking, on top of being your Access Point, Firewall, and Router. If you do need some of the features that we don't have, here are some guides to help you install these tools on your SPR:
- Install Pi Hole Docker Container
- Install Technitium Docker Container
- Install AdGuard Home Docker Container
To manage the DNS Block Lists & Settings, see the SPR DNS Block Lists & Settings page
Looking for More Advanced DNS Features?
- Check out SPR PLUS. Members get access to domain-name-based firewall policy rules that support regular expressions. The firewall rules can block traffic, transparently redirect it, or send it out through a Site-Based VPN Destination. The firewall rules update dynamically when clients resolve domain names.