AdGuard Home — Blocklist Setup and Optimization

A fresh AdGuard Home installation ships with a minimal default configuration: one blocklist (AdGuard DNS filter), with AdAway disabled and no custom rules. This covers basic ad blocking but misses a large portion of tracking, malware, and ad domains. Upgrading to 5 curated lists raises coverage from tens of thousands to nearly 2 million domains, significantly improving network-wide blocking for everything DNS-based ad blocking can address.

Key Points

Default AdGuard config is intentionally minimal — 1 list, AdAway disabled; designed to avoid false positives on unknown networks
Recommended upgrade: 5 lists total — AdGuard DNS filter + AdAway + HaGeZi Multi Pro++ + OISD Big + HaGeZi TIF
HaGeZi Multi Pro++ (~600k domains) is the best general-purpose upgrade — aggressive but low false-positive rate
HaGeZi TIF (~1M+ domains) targets threat intelligence feeds (malware, phishing, C2) — complements ad blocking with security coverage
DNS blocklists cannot block YouTube ads — see wiki/concepts/dns-youtube-ad-blocking for why and what works instead
Large blocklist sets (~38 MB) can OOM-kill AdGuard on startup — AdGuard loads all filter lists into memory at once; running in a Docker container or LXC with insufficient RAM causes exit code 137 (SIGKILL); minimum 256 MB RAM for the 5-list stack, 512 MB recommended

Details

Recommended Blocklist Stack

List	Domains	Focus	Priority
AdGuard DNS filter	~300k	Ads + tracking (default)	Keep (default)
AdAway	~50k	Mobile ads + analytics	Enable (disabled by default)
HaGeZi Multi Pro++	~600k	Ads, tracking, cloaking — aggressive	Add
OISD Big	~250k	Broad — ads, privacy, malware	Add
HaGeZi TIF	~1M+	Threat intelligence: malware, phishing, C2	Add

Total coverage with all 5: ~2.2M domains

Adding Lists in AdGuard Home UI

Open AdGuard Home → Filters → DNS blocklists
Click Add blocklist → Add a custom list
For each list, enter the URL from the table below and click Save

List	URL
AdAway (enable existing)	Pre-installed — click toggle to enable
HaGeZi Multi Pro++	`https://raw.githubusercontent.com/hagezi/dns-blocklists/main/adblock/multi.txt`
OISD Big	`https://big.oisd.nl`
HaGeZi TIF	`https://raw.githubusercontent.com/hagezi/dns-blocklists/main/adblock/tif.txt`

After adding, AdGuard fetches and compiles all lists. The filter list view shows domain counts per list — confirm all show non-zero counts after a few minutes.

HaGeZi Lists Explained

HaGeZi maintains a tiered family of blocklists with increasing aggressiveness:

Tier	Name	Domains	Notes
Light	`light.txt`	~100k	Conservative; low false positives
Normal	`normal.txt`	~300k	General use
Pro	`pro.txt`	~400k	More aggressive
Pro++	`multi.txt`	~600k	Recommended default
Ultimate	`ultimate.txt`	~700k+	May break some sites
TIF	`tif.txt`	~1M+	Threat intelligence only (not general ads)

For most home networks, Multi Pro++ is the right balance. If you see broken sites after adding it, a specific domain can be whitelisted in AdGuard's Custom filtering rules without removing the entire list.

Whitelisting False Positives

When a legitimate site is blocked by a blocklist:

AdGuard Home → Query Log — find the blocked domain (red entries)
Click the entry → Unblock — this adds the domain to the whitelist
Or manually: Filters → Custom filtering rules → add @@||domain.com^

The whitelist takes precedence over all blocklists — a whitelisted domain is never blocked regardless of which list includes it.

Monitoring Blocking Effectiveness

AdGuard Home dashboard shows:

DNS Queries: total queries in time period
Blocked: count and percentage blocked
Top blocked domains: what's being filtered most

A well-configured home network typically blocks 20–40% of all DNS queries. After upgrading to 5 lists, expect the blocked percentage to increase noticeably (exact amount depends on connected device count and browsing patterns).

Checking List Load Status

After adding lists, verify they loaded correctly:

AdGuard Home → Filters → DNS blocklists

Each entry shows:

Name and URL
Last update time
Domain count

If a list shows 0 domains or "Error fetching", the URL may be stale or the AdGuard instance has no internet access.

OOM Risk with Large Blocklist Sets

AdGuard Home loads all enabled blocklists into memory simultaneously during startup. The 5-list stack (~2.2M domains, ~38 MB of raw filter data) requires significant RAM headroom:

RAM allocation	Risk
< 128 MB	Very high — OOM kill at startup (exit code 137)
128–256 MB	Medium — may OOM under peak load
256–512 MB	Safe for 5-list stack
512 MB+	Comfortable, room for future lists

Exit code 137 means the process was killed by SIGKILL, typically by the Linux OOM killer. In Docker: docker ps -a shows Exited (137). In systemd: journalctl -u adguard shows Killed.

Fix: increase the container's memory limit, or temporarily disable 1–2 of the largest lists (HaGeZi TIF is the biggest at ~1M domains) until RAM is increased.

For Proxmox LXC: pct set <CTID> --memory 512 to raise to 512 MB. For Docker: add mem_limit: 512m to the service in docker-compose.yml.

wiki/concepts/dns-youtube-ad-blocking — what AdGuard blocklists CAN'T do: block YouTube ads
wiki/concepts/adguard-dns-rewrites-homelab — AdGuard's other major use case: split-horizon DNS for internal homelab services
wiki/concepts/tailscale-dns-homelab — routing Tailscale clients through AdGuard for network-wide blocking on mobile devices

Sources

daily/2026-04-23.md — AdGuard (CT101) had minimal config: 1 list, AdAway disabled; upgraded to 5 lists — enabled AdAway, added HaGeZi Multi Pro++ (~600k), OISD Big (~250k), HaGeZi TIF (~1M+); YouTube ad blocking confirmed impossible via DNS; Piped discussed but not deployed

6.5 KiB Raw Blame History Unescape Escape