[pridkett]

I keep both on my network running on two different raspberry pis.

AdGuard Home is a lot cleaner to use. In particular it makes it much easier to control routing for queries by domain and supports forwarding over DNS over TLS, DoH, and DoQ natively. SSL support is a breeze. This means that my ISP can see the IP addresses of hosts but not their domain names unless they get aggressive with snooping. The single binary and clean configuration is nice.

PiHole seems to have a better landing page for analytics out of the box. It also works a little better for configuration for some devices.

I’ll likely retire PiHole in favor of AdGuard Home the next time the SD card dies on that Pi.

My preferred configuration is using some fairly invasive scripts to redirect all outbound DNS except to NextDNS. I’ve got blocklists for DoH hosts because I can’t just block port 443. AdGuard then routes to one of two different backends: for local domains it routes to CoreDNS that gets the hosts from my UDM-Pro to give everything nice hostnames. Everything else goes out via DNS over TLS to NextDNS. On PiHole it’s a little more complicated as it can’t directly forward with DNS over TLS.

It’s amazing how many semi-hostile devices this found on my network (looking at you Samsung TV and devices that hard code in Google’s DNS). It also reminds me of how terrible the internet is when I don’t have these protections.