[ryandrake]

You can be fully protected just using vanilla dnsmasq and downloading fresh blocklists from time to time. It seems all the more ‘marketed’ flavors of adblockers are just web bling on top of dnsmasq. What else do they really offer?

[zfa]

Well 'the alternatives' are many so there's no quick answer to this, but restricting to just AGH as per this post then...

Encrypted upstream lookups. Responding to encrypted lookups made to themselves. Realtime threat protection via API. Quick toggle of blocks instead of rebuilding lists. Ability to quickly change blocking of individual devices. Decent Metrics.

Probably more.

But if you just want something with no web bling then there's other alternatives to dnsmasq which would be worth looking at which give some of the above features whilst keeping it commandline and manual blocklist building.

dnscrypt-proxy is wonderful, for example, and can do most of the stuff you can do in dnsmasq.

[cricalix]

Anecdotally, I’ve been a sysadmin for 20 years, been around computers since I was a toddler (apparently slept on top of a Data General something-or-other as a baby..). I have the skills to learn how to do dnsmasq-based blocking from scratch, write the scripts to fetch blocklists, init scripts etcetera. However, I run AdGuardHome on my OpenWRT router because I want to spend my time elsewhere. It was a case of install the package, fiddle the DNS routing slightly, pick my blocklists, and pick my up streams.

If I want metrics, I just open a browser and see what clients have been the noisiest, what’s being blocked a lot and so on. Generally I don’t even think about it.

[mekster]

Have you used it?

I can easily see what domains are blocked in the web ui and see that Adobe products are trying to phone home so often and which clients are trying to resolve what domains.