Install AdGuard Home on Debian to Block Ads

Setting up AdGuard Home on Debian is a great way to get network-wide ad blocking and DNS privacy. This guide will walk you through each step to get a fully functional setup.

📋 What You’ll Need Before You Start

• A Debian server with root access (or a user with sudo privileges)

• The server’s IP address should be static. You can either set this directly on the server or configure a DHCP reservation for it in your router’s settings. This is crucial to ensure your DNS server’s IP never changes

🚀 Step 1: Install AdGuard Home

The easiest way is to use the official installation script. First, update your system:

sudo apt update && sudo apt dist-upgrade -y

Then, run the following command. It will download and install everything for you

curl -s -S -L https://raw.githubusercontent.com/AdguardTeam/AdGuardHome/master/scripts/install.sh | sh -s -- -v

Once completed, you’ll see a message confirming the installation and the addresses where the web interface is running.

🌐 Step 2: Perform the Initial Setup

Now you can configure AdGuard Home through a friendly web wizard

1. Open a web browser and go to http://<your_server_IP>:3000 (e.g., http://192.168.1.100:3000).

2. The web interface will guide you through the remaining setup. You’ll choose the network interface to listen on (often eth0 or ens3), set an admin username and password for the web interface, and you’ll be shown the DNS settings interface.

⚙️ Step 3: Basic Configuration & DNS Settings

After logging into the web interface, it’s a good idea to make a few key adjustments

1. Navigate to Settings → DNS Settings.

2. Under Upstream DNS servers, you can customize which resolvers AdGuard Home uses. Good choices include

   • https://dns.cloudflare.com/dns-query (Cloudflare, prioritizes privacy)

   • https://dns.google/dns-query (Google)

   • https://dns.quad9.net/dns-query (Quad9, blocks malicious domains)

• In the Bootstrap DNS servers section, it’s recommended to use your router’s IP (e.g., 192.168.1.1) or a public resolver like 94.140.14.14.

• For optimal speed, select the Parallel requests option under the upstream servers

• Click Apply at the bottom of the page to save.

🔒 Step 4: Configure Your Firewall

To ensure AdGuard Home can be accessed, you must open the required ports in your firewall. If you’re using ufw, the commands are:

sudo ufw allow 53/udp
sudo ufw allow 80/tcp
sudo ufw allow 443/tcp
sudo ufw allow 3000/tcp
sudo ufw reload

• Port 53 (UDP): Handles standard DNS requests

• Port 80 (TCP) & 443 (TCP): For the web interface and DNS-over-HTTPS

• Port 3000 (TCP): Used only for the initial setup and can be closed later
  If you’re using another firewall or a cloud provider, consult their documentation to open these ports accordingly

✅ Step 5: Test Your Installation

Before pointing your whole network to it, let’s test if the AdGuard Home server is responding correctly to DNS queries.

nslookup google.com <your_server_IP>

or

host doubleclick.net <your_server_IP>

If it works, you’ll see a response containing the IP address for google.com for the first command, or a message like Host doubleclick.net not found: 3(NXDOMAIN) for the second one

🌍 Step 6: Use AdGuard Home as Your Network’s DNS Server

You can direct your devices to use your new DNS server in two ways:

• Router-Wide (Recommended): This method automatically applies ad-blocking to your entire home network without needing to configure each device individually

• . In your router’s admin panel, look for DHCP or DNS settings. Set the primary DNS server to the IP address of your Debian machine.

• Per-Device: For iOS and Android, you can change the DNS settings in the Wi-Fi network’s configuration. On Windows and macOS, go to the network adapter properties in the system settings.

🔄 Step 7: Updating AdGuard Home

Keeping AdGuard Home up to date is simple. Just run the official installation script again, which will check for new versions and update the software accordingly while preserving your configuration

curl -s -S -L https://raw.githubusercontent.com/AdguardTeam/AdGuardHome/master/scripts/install.sh | sh -s -- -v

⚠️ Troubleshooting & Additional Tips

If you encounter any issues, here are a few things to check.

Handling Port 53 Conflicts (systemd-resolved)

If the installation fails because port 53 is already in use, it’s likely due to Debian’s systemd-resolved service. To resolve this:

1. Disable the systemd-resolved stub listener:

sudo mkdir -p /etc/systemd/resolved.conf.d
sudo nano /etc/systemd/resolved.conf.d/adguardhome.conf

Add the following content to the file

[Resolve]
DNS=127.0.0.1
DNSStubListener=no

• Save the file (Ctrl+O, then Enter, then Ctrl+X in nano).

  2. Reconfigure the resolv.conf file to point to the resolved service:

sudo rm /etc/resolv.conf
echo "nameserver 127.0.0.1" > /etc/resolv.conf

Make the /etc/resolv.conf file immutable, so no other programs can modify this file.

sudo chattr +i /etc/resolv.conf

Finally, restart the systemd-resolved service

sudo systemctl restart systemd-resolved

This process ensures a clean handover of port 53 to AdGuard Home