5.2 KiB
| title | aliases | tags | sources | created | updated | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| AdGuard Home — Blocklist Setup and Optimization |
|
|
|
2026-04-23 | 2026-04-23 |
AdGuard Home — Blocklist Setup and Optimization
A fresh AdGuard Home installation ships with a minimal default configuration: one blocklist (AdGuard DNS filter), with AdAway disabled and no custom rules. This covers basic ad blocking but misses a large portion of tracking, malware, and ad domains. Upgrading to 5 curated lists raises coverage from tens of thousands to nearly 2 million domains, significantly improving network-wide blocking for everything DNS-based ad blocking can address.
Key Points
- Default AdGuard config is intentionally minimal — 1 list, AdAway disabled; designed to avoid false positives on unknown networks
- Recommended upgrade: 5 lists total — AdGuard DNS filter + AdAway + HaGeZi Multi Pro++ + OISD Big + HaGeZi TIF
- HaGeZi Multi Pro++ (~600k domains) is the best general-purpose upgrade — aggressive but low false-positive rate
- HaGeZi TIF (~1M+ domains) targets threat intelligence feeds (malware, phishing, C2) — complements ad blocking with security coverage
- DNS blocklists cannot block YouTube ads — see wiki/concepts/dns-youtube-ad-blocking for why and what works instead
Details
Recommended Blocklist Stack
| List | Domains | Focus | Priority |
|---|---|---|---|
| AdGuard DNS filter | ~300k | Ads + tracking (default) | Keep (default) |
| AdAway | ~50k | Mobile ads + analytics | Enable (disabled by default) |
| HaGeZi Multi Pro++ | ~600k | Ads, tracking, cloaking — aggressive | Add |
| OISD Big | ~250k | Broad — ads, privacy, malware | Add |
| HaGeZi TIF | ~1M+ | Threat intelligence: malware, phishing, C2 | Add |
Total coverage with all 5: ~2.2M domains
Adding Lists in AdGuard Home UI
- Open AdGuard Home → Filters → DNS blocklists
- Click Add blocklist → Add a custom list
- For each list, enter the URL from the table below and click Save
| List | URL |
|---|---|
| AdAway (enable existing) | Pre-installed — click toggle to enable |
| HaGeZi Multi Pro++ | https://raw.githubusercontent.com/hagezi/dns-blocklists/main/adblock/multi.txt |
| OISD Big | https://big.oisd.nl |
| HaGeZi TIF | https://raw.githubusercontent.com/hagezi/dns-blocklists/main/adblock/tif.txt |
After adding, AdGuard fetches and compiles all lists. The filter list view shows domain counts per list — confirm all show non-zero counts after a few minutes.
HaGeZi Lists Explained
HaGeZi maintains a tiered family of blocklists with increasing aggressiveness:
| Tier | Name | Domains | Notes |
|---|---|---|---|
| Light | light.txt |
~100k | Conservative; low false positives |
| Normal | normal.txt |
~300k | General use |
| Pro | pro.txt |
~400k | More aggressive |
| Pro++ | multi.txt |
~600k | Recommended default |
| Ultimate | ultimate.txt |
~700k+ | May break some sites |
| TIF | tif.txt |
~1M+ | Threat intelligence only (not general ads) |
For most home networks, Multi Pro++ is the right balance. If you see broken sites after adding it, a specific domain can be whitelisted in AdGuard's Custom filtering rules without removing the entire list.
Whitelisting False Positives
When a legitimate site is blocked by a blocklist:
- AdGuard Home → Query Log — find the blocked domain (red entries)
- Click the entry → Unblock — this adds the domain to the whitelist
- Or manually: Filters → Custom filtering rules → add
@@||domain.com^
The whitelist takes precedence over all blocklists — a whitelisted domain is never blocked regardless of which list includes it.
Monitoring Blocking Effectiveness
AdGuard Home dashboard shows:
- DNS Queries: total queries in time period
- Blocked: count and percentage blocked
- Top blocked domains: what's being filtered most
A well-configured home network typically blocks 20–40% of all DNS queries. After upgrading to 5 lists, expect the blocked percentage to increase noticeably (exact amount depends on connected device count and browsing patterns).
Checking List Load Status
After adding lists, verify they loaded correctly:
AdGuard Home → Filters → DNS blocklists
Each entry shows:
- Name and URL
- Last update time
- Domain count
If a list shows 0 domains or "Error fetching", the URL may be stale or the AdGuard instance has no internet access.
Related Concepts
- wiki/concepts/dns-youtube-ad-blocking — what AdGuard blocklists CAN'T do: block YouTube ads
- wiki/concepts/adguard-dns-rewrites-homelab — AdGuard's other major use case: split-horizon DNS for internal homelab services
- wiki/concepts/tailscale-dns-homelab — routing Tailscale clients through AdGuard for network-wide blocking on mobile devices
Sources
- daily/2026-04-23.md — AdGuard (CT101) had minimal config: 1 list, AdAway disabled; upgraded to 5 lists — enabled AdAway, added HaGeZi Multi Pro++ (~600k), OISD Big (~250k), HaGeZi TIF (~1M+); YouTube ad blocking confirmed impossible via DNS; Piped discussed but not deployed