I am using AdGuard Home on my GLiNet router and I am unsure the best or optimal way to set it up, and particularly what I should use for the upstream server.
I am using a bunch of the most recommended blocklists - like Hagezi Pro and TIF etc, and I was using ControlD’s free P2 - ads and tracker blocker - DoH DNS server as my upstream DNS server.
I am wondering if - since I have all those blocklists - if I should use an unfiltered DNS server for my upstream server?
Thanks for responding Nate! And welcome to Privacy Guides. Very cool that you got hired here!
My end goal is just to block as much shit -ads, trackers, malware etc - as possible at the network level. And I assume if the blocklists (and Ublock Origin in my browser) are doing that, the upstream DNS server could and maybe should be unfiltered, as any one with ad and tracker etc blocking would be redundant.
I assume this isn’t a threat model really but…I would say - low threat model, I want to protect against mainly service providers/corporations, mass surveillance, ads/tracking/malware etc, and surveillance capitalism.
I do use NextDNS alongside with my AdGuard Home for my home network, as NextDNS offers some features thats absent from AdGuard Home, plus the latency is basically on par with other resolvers like Quad 9.
IIRC DoT performs slightly better (at least on paper), while DoH uses existing HTTPS port so traffic would looks “cleaner” as per @nateb said.
I personally use DoH since as least on my case (i.e. NextDNS), letency on DoH seems lower than DoT. Don’t know why.
Set up like this does complicate maintenance and troubleshoot, so I am assessing if I should use a unfiltered DNS resolver instead.