What Is AdGuard Home?
AdGuard Home is an open-source, network-wide software for blocking ads and tracking. It operates as a DNS server that re-routes tracking and ad-serving domains to a "black hole," preventing your devices from connecting to them. Unlike browser extensions, AdGuard Home protects every device on your network — phones, smart TVs, IoT devices, and more — without installing anything on each device.
Why Run AdGuard Home on a VPS?
- Access from anywhere — Use your private DNS server from home, work, mobile, or while traveling.
- Always-on reliability — RamNode's 99.99% uptime SLA ensures your DNS filtering never goes down.
- Low latency — Choose from multiple data center locations closest to you.
- No home network dependency — DNS filtering continues even if your home internet goes down.
- DoH/DoT support — Encrypt your DNS queries over HTTPS or TLS for full privacy.
Prerequisites
- A RamNode VPS — the 1 GB RAM / 1 vCPU plan at $5/month is more than sufficient
- Ubuntu 22.04 or 24.04 LTS (recommended)
- A registered domain name (required for DNS-over-HTTPS/TLS; optional for basic setup)
- Root or sudo access to your VPS
- Basic familiarity with the Linux command line
Provision Your RamNode VPS
- Log in to your RamNode account and deploy a new VPS.
- Select Ubuntu 22.04 LTS or Ubuntu 24.04 LTS as your operating system.
- Choose the data center geographically closest to you for lowest DNS latency.
- The 1 GB RAM plan is ideal — AdGuard Home typically uses under 100 MB at idle.
ssh root@YOUR_SERVER_IPInitial Server Setup
# Update packages
apt update && apt upgrade -y
# Set the hostname
hostnamectl set-hostname adguard
# Install essential utilities
apt install -y curl wget nano ufwConfigure the Firewall
# Allow SSH
ufw allow 22/tcp
# AdGuard Home web interface (initial setup)
ufw allow 3000/tcp
# DNS (standard)
ufw allow 53/tcp
ufw allow 53/udp
# DNS-over-HTTPS (optional)
ufw allow 443/tcp
# DNS-over-TLS (optional)
ufw allow 853/tcp
# Enable the firewall
ufw enablePort 3000 is only needed during initial setup. After configuration, the web UI moves to port 80 or a custom port. Update your firewall rules accordingly.
Resolve Port 53 Conflict
Ubuntu's systemd-resolved service listens on port 53 by default, which conflicts with AdGuard Home. Disable it:
# Stop and disable systemd-resolved
systemctl stop systemd-resolved
systemctl disable systemd-resolved
# Remove the symlink and create a static resolv.conf
rm /etc/resolv.conf
echo "nameserver 1.1.1.1" > /etc/resolv.conf
echo "nameserver 8.8.8.8" >> /etc/resolv.confss -tulnp | grep ':53'If there's no output, you're clear to proceed.
Install AdGuard Home
curl -s -S -L https://raw.githubusercontent.com/AdguardTeam/AdGuardHome/master/scripts/install.sh | sh -s -- -vThis downloads the latest binary, installs it as a systemd service, and starts it automatically.
systemctl status AdGuardHomeYou should see active (running) in the output.
Run the Setup Wizard
Open your browser and navigate to http://YOUR_SERVER_IP:3000
- Admin Interface — Set the listen address to
0.0.0.0and choose your port (default: 80). - DNS Server — Set the listen address to
0.0.0.0on port 53. - Create Admin Credentials — Choose a strong username and password.
- Configure Your Devices — The wizard shows instructions for pointing devices to the new DNS server.
Update Firewall for the Web UI
ufw allow 80/tcp
ufw delete allow 3000/tcp
ufw reloadConfigure Upstream DNS Servers
In the dashboard, go to Settings → DNS settings and configure upstream DNS servers:
# Cloudflare DNS-over-HTTPS
https://dns.cloudflare.com/dns-query
# Quad9 DNS-over-HTTPS (malware blocking)
https://dns.quad9.net/dns-query
# Google DNS-over-HTTPS
https://dns.google/dns-queryBootstrap DNS Servers
1.1.1.1
9.9.9.9
8.8.8.8These resolve the hostnames of your DoH upstream servers on initial startup.
Add DNS Blocklists
Go to Filters → DNS blocklists and add these recommended lists:
| List | Purpose |
|---|---|
| AdGuard DNS filter | Default — ads and trackers |
| OISD (Full) | Comprehensive ad/tracker/malware blocking |
| Steven Black's Unified Hosts | Ads, fakenews, gambling, social trackers |
| HaGeZi Multi Pro | Multi-purpose protection list |
| Phishing Army | Phishing domain protection |
Start with 2–3 lists and add more as needed. Too many overlapping lists has minimal benefit but increases memory usage slightly.
Enable DNS-over-HTTPS / DNS-over-TLS
Encrypting your DNS queries prevents ISPs and network operators from seeing your DNS traffic. This requires a domain name.
Point Your Domain to the VPS
Create an A record for your domain (e.g., dns.yourdomain.com) pointing to your VPS IP.
Obtain an SSL Certificate
apt install -y certbot
# Obtain certificate (stop any service on port 80 temporarily if needed)
certbot certonly --standalone -d dns.yourdomain.com --agree-tos --email your@email.comConfigure AdGuard Home for Encryption
- In the dashboard, go to Settings → Encryption settings.
- Enable encryption and enter your domain:
dns.yourdomain.com - Set HTTPS port to
443. - Set DNS-over-TLS port to
853. - Certificate path:
/etc/letsencrypt/live/dns.yourdomain.com/fullchain.pem - Private key path:
/etc/letsencrypt/live/dns.yourdomain.com/privkey.pem - Click Save.
Set Up Auto-Renewal
cat > /etc/letsencrypt/renewal-hooks/post/restart-adguard.sh << 'EOF'
#!/bin/bash
systemctl restart AdGuardHome
EOF
chmod +x /etc/letsencrypt/renewal-hooks/post/restart-adguard.shcertbot renew --dry-runConfigure Your Devices
Standard DNS (All Devices)
Set your device's DNS server to your RamNode VPS IP address.
DNS-over-HTTPS (Browsers & Modern OS)
https://dns.yourdomain.com/dns-query- Firefox: Settings → Privacy & Security → DNS over HTTPS → Custom
- Chrome/Edge: Settings → Security → Use secure DNS → Custom
- Android 9+: Settings → Network → Private DNS → enter
dns.yourdomain.com - iOS/macOS: Use an Apple configuration profile (available in AdGuard Home UI under Setup Guide)
DNS-over-TLS (Android / Linux)
[Resolve]
DNS=YOUR_SERVER_IP#dns.yourdomain.com
DNSOverTLS=yesHarden and Optimize
Verify Everything Works
nslookup google.com YOUR_SERVER_IPnslookup ads.google.com YOUR_SERVER_IPIf working, this should return 0.0.0.0 or NXDOMAIN.
curl -s "https://dns.yourdomain.com/dns-query?name=google.com&type=A" \
-H "Accept: application/dns-json" | python3 -m json.toolPerformance Expectations on RamNode
| Metric | Value |
|---|---|
| RAM usage (idle) | ~50–80 MB |
| RAM usage (under load) | ~100–200 MB |
| CPU usage | Minimal (< 1% typical) |
| Disk usage | ~50 MB + logs |
| DNS query latency | < 5 ms (same datacenter) |
| Recommended plan | 1 GB RAM / $5/month |
Troubleshooting
What's Next?
- Set up a WireGuard VPN alongside AdGuard Home to route all device traffic through your VPS for full encryption + ad blocking.
- Add custom filtering rules to block or allow specific domains for your use case.
- Configure client-specific settings to apply different filtering policies per device.
- Monitor with the built-in dashboard to gain insights into your DNS traffic patterns.
AdGuard Home Deployed Successfully!
Your private DNS filtering server is now running. With encrypted DNS support (DoH/DoT), comprehensive blocklists, and RamNode's 99.99% uptime SLA, you get enterprise-grade ad and tracker blocking that protects all your devices — no matter where you are.