If you're reading this, you're probably sick of ads. Not just the occasional banner — the popups, the autoplay video ads, the trackers following you from your phone to your laptop to your smart TV. Browser extensions only solve part of the problem, because they only work inside the one browser you installed them in.
This guide covers a different approach: blocking ads at the DNS level, for every device on your home network, for free, using open-source software. By the end you'll have a small always-on server quietly killing ad and tracker requests before they ever leave your network — with real commands to copy, not just theory.
How Ads Actually Reach Your Screen
Every time your device loads a webpage, it isn't just "asking for a webpage." It's asking a DNS server to translate a human-readable domain name into a machine-readable IP address, then connecting to that IP address to pull the actual content.
your device → DNS lookup ("what's the IP for toi.com?") → IP address → connection → content
Say you open an article at toi.com/content/12. That's the content you actually want. But that page is also built to load a bunch of other resources, and several of those point to entirely different domains that exist only to serve ads — something like ads.some-adnetwork.com/slot/12. Your browser fires off a separate DNS lookup and a separate connection for that too, even though it all lands in the same tab. That second request is the ad.
The Fix: Stop the Lookup Before It Starts
Right now, your devices likely send their DNS lookups to whatever server your ISP hands out by default. That server will resolve ad and tracker domains just as happily as it resolves everything else — it has no reason to tell them apart.
DNS-level ad blocking replaces that default server with your own, which keeps an updated list of known ad and tracker domains. When a device asks "what's the IP for ads.some-adnetwork.com?", your server either refuses to answer or hands back a dead address. The device gives up right there. No connection ever reaches the ad server, so nothing is ever downloaded — not even a blank placeholder.
Why DNS Blocking Beats a Browser Extension
A few reasons this is worth the extra setup time:
- It's not limited to browsers. A browser extension only filters what loads inside that browser. DNS blocking runs at the network level, so it also covers your phone's apps, your smart TV's built-in ads, streaming boxes, game consoles, and any other device on your Wi-Fi.
- Set up once, protect everything. You configure it on your router, and every device that joins your network from then on is automatically protected — nothing to install on your kid's tablet or your smart speaker.
- Lighter weight. Instead of every browser tab loading a script to hide ad elements after the fact, the request is stopped before anything downloads.
- Extra visibility. You get a dashboard showing exactly which domains every device on your network is quietly contacting, which is useful for spotting trackers too, not just ads.
- Doubles as content control. The same mechanism can enforce basic parental controls and block malware or phishing domains, not just ads.
Pi-hole or AdGuard Home?
The two most popular tools for this are Pi-hole and AdGuard Home. Both do the same core job, and with the same blocklists loaded, their raw ad-blocking is nearly identical. Where they actually differ is everything around that:
-
Pi-hole has been around since 2014 and has the larger community and blocklist ecosystem. Its recent major rewrite consolidated things into a single
pihole-FTLbinary, but it's still built ondnsmasqunder the hood, and fine-grained control runs through a "Groups" system that's powerful but takes some digging to use well. - AdGuard Home is newer, built by the team behind the AdGuard browser extension, and ships as one self-contained binary with no external dependencies. It has encrypted DNS (DNS-over-HTTPS, DNS-over-TLS, DNS-over-QUIC) built in with no extra setup, a more modern dashboard, and native per-device filtering, so your kid's tablet can get a strict filter while your work laptop doesn't. It also has a "service blocking" toggle that kills all traffic to one app — YouTube, TikTok, Discord — with a single switch.
Neither one can block ads served from the same domain as the content itself; more on that in the limitations section near the end. This guide sets up AdGuard Home, since it's the faster path to a working setup with fewer moving parts.
What You'll Need
- A spare device that can stay powered on 24/7 — an old laptop, a cheap Raspberry Pi, a mini PC, or a NAS
- Access to your router's admin panel
- About 20–30 minutes
- Comfort copy-pasting a few terminal commands (no coding required)
Step 1: Prep Your Device
Pick the device that will run your DNS server and connect it to your router. Ethernet is preferable for stability, since a DNS server that drops off Wi-Fi takes DNS resolution for your whole house down with it — but Wi-Fi works fine too. Make sure it's running Linux or macOS.
Step 2: Give It a Permanent Local IP
Every device on your network gets a local IP address from your router via DHCP, and that address can change whenever the router or the device reboots. Since you're about to tell every other device on the network "send your DNS queries to this exact address," that address needs to stop moving around.
This is usually called a DHCP reservation or static lease (some routers just label it "static IP"). To set one up:
- Find your server's current local IP and MAC address — run
ifconfigorip aon the device itself, or check your router's list of connected devices. - Log into your router's admin page, usually at
192.168.0.1or192.168.1.1. Check the label on the router, or find your "default gateway":ipconfigon Windows,netstat -rn | grep defaulton Mac,ip routeon Linux. - Look for the DHCP or LAN settings, then an option like "Address Reservation," "DHCP Reservation," or "Static Lease."
- Bind your server's MAC address to a fixed IP within your network's range.
Every router brand labels this differently, so if you're stuck, search your exact router model plus "DHCP reservation," or ask your ISP's support line — they've walked people through this before.
Step 3: Install AdGuard Home
First, figure out which build matches your device's processor:
| Device | Architecture |
|---|---|
| Raspberry Pi Zero / Zero W / 1 | armv6 |
| Raspberry Pi 2 / 3 (32-bit OS) | armv7 |
| Raspberry Pi 3 / 4 / 5 (64-bit OS) | arm64 |
| Old laptop or PC (most Intel/AMD) | amd64 |
Easiest option — the official install script detects your architecture automatically and handles everything in one line:
curl -s -S -L https://raw.githubusercontent.com/AdguardTeam/AdGuardHome/master/scripts/install.sh | sh -s -- -v
If that throws a permissions error, run sudo -i first, then try again.
Manual option — if you'd rather see each step, swap in the correct architecture from the table above:
cd
wget 'https://static.adguard.com/adguardhome/release/AdGuardHome_linux_armv6.tar.gz'
tar -f AdGuardHome_linux_armv6.tar.gz -x -v
cd AdGuardHome
sudo ./AdGuardHome -s install
Either way, AdGuard Home installs itself as a background service that starts automatically on boot, so you won't need to relaunch it after a reboot.
Step 4: Run the Setup Wizard
From any other device on your network, open a browser and go to:
http://<your-server's-local-ip>:3000
The wizard walks you through:
- Confirming the admin interface port (default
3000) and DNS port (default53) - Picking an upstream DNS provider — the recommended default is fine to start with
- Creating an admin username and password
- Landing on your new dashboard
Step 5: Point Your Devices at Your New DNS Server
You've got two options here:
- Router-wide (recommended): log back into your router, find the DNS settings (usually under WAN or LAN/DHCP settings), and replace the listed DNS server(s) with your AdGuard Home device's IP. Every device that connects from now on will use it automatically — this is what actually gets you network-wide protection without touching every device by hand.
- Per-device: go into a single device's Wi-Fi settings and manually set its DNS server to your AdGuard Home IP. Useful for testing before you commit the whole house to it.
Once it's set, load a few webpages and check your AdGuard Home dashboard. You should see queries streaming in live, with the blocked ones highlighted.
Bonus: Encrypted DNS and Extra Filters
Two easy upgrades once the basics are working:
- Encrypted upstream DNS. By default, even your own server's outbound DNS queries are sent in plain text, so your ISP can still see which domains you're resolving. AdGuard Home supports DNS-over-HTTPS, DNS-over-TLS, and DNS-over-QUIC for its upstream connection — enable this under Settings → DNS settings.
- More blocklists. Beyond the default list, there are community-maintained blocklists for additional tracker protection and malware domains. Add them under Filters → DNS blocklists.
Good to Know: What This Won't Do
Worth keeping your expectations realistic:
- It can't block same-domain ads. YouTube ads, for example, are served from the same Google domains as the videos themselves, so blocking the domain would break YouTube entirely rather than just the ads.
- Your server becomes a single point of failure. If it goes down, DNS resolution — and effectively all internet access — goes down with it for your whole network. It's worth configuring a secondary DNS server as backup.
- It can be bypassed. Devices or apps that hardcode their own DNS server, or that use a VPN, route around your setup entirely.
- It's low-maintenance, not zero-maintenance. Check the dashboard occasionally, keep the software updated, and refresh your blocklists every so often.
Wrap-Up
That's it: one small always-on device, a few terminal commands, and every screen in your house gets quieter. Once it's running, the dashboard is genuinely satisfying to check — watching the blocked-query count climb is a good reminder of just how much of your traffic was ad and tracker noise in the first place.
DNS blocking isn't magic.
While it prevents many advertisements from loading, it can't redesign a website. Most websites were built assuming those ad slots would be filled. When the ads are blocked, you're often left with empty grey boxes, awkward white spaces, or broken layouts.
News websites are probably the biggest offenders. Many of them are packed with autoplay videos, sticky banners, pop-ups, newsletter prompts, cookie notices, sponsored articles, and endless tracking scripts. Even after blocking the ads, the reading experience often still feels cluttered.
That got us thinking:
What if a news website was designed from day one to be clean?
No distracting advertisements.
No clickbait.
No unnecessary pop-ups.
Just fast-loading pages, beautiful typography, thoughtful design, and journalism that's enjoyable to read.
It's surprising that in 2026, when web technology has advanced so much, reading the news on many sites still feels slower and more frustrating than it should.
We're building exactly that.
https://news.missmatch.in
If the idea of a fast, elegant, ad-free news platform sounds interesting to you, we'd love to have you along for the journey.
Join our waitlist to be among the first to try it, and let us know what you think in the comments.
Would you switch to a news website that prioritized a clean reading experience over ad revenue? Or do you think the current state of online news is just something we've all accepted?
We're curious to hear your thoughts.
Top comments (0)