Table of Contents
Overview
I’m using Unbound DNS to resolve local hosts. I am also using AdGaurd Home to filter all traffic from within my network. DHCP is set to point all devices to an AdGuard Home dns server for internet filtering and recursive lookups. AdGuard runs on a small standalone server. AdGaurd forwards any .local queries to unbound for local host IPs. In the event Unbound is queried for non-local hosts, DNS over TLS is set for anonymity.
Diagram

DNS Addresses
AdGaurd has a list of DNS servers you can find here. For the sake of this setup I am using Cloudflare. Once you have it setup, you can use Cloudflare DNS Test to ensure it’s setup correctly. Then use this tool to check to see what is blocked.
- DNS:53
- 1.1.1.1 = unfilterd
- 1.1.1.2 = security: malware filter
- 1.1.1.3 = family: malware + adult content filter
- TLS:853
- tls://one.one.one.one or 1.1.1.1:853
- tls://security.cloudflare-dns.com
- tls://family.cloudflare-dns.com
- HTTPS:443
- https://cloudflare-dns.com/dns-query
- https://security.cloudflare-dns.com/dns-query
- https://family.cloudflare-dns.com/dns-query
AdGuard Home
Installing
I am running AdGaurd on a Mac with IP 192.168.1.3, and using the auto install script from GitHub.
After install, you need to head over to the DNS host IP at port 3000 to run the setup wizard. Ex. http://192.168.1.3:3000
Once AdGarud is configured you can access it by port 80 on the host. Ex. http://192.168.1.3:80
AdGuard will listen for requests on port 53.
DNS Settings
Head over to Settings > DNS Settings. This is where I specify which DNS servers to use for regular lookups and my local unbound server for resolving all dannyeckes.local requests.

Filtering
Head over to Filters > DNS Blocklists to setup which domains to block. Monitor the blocked queries over time and then manually add overrides for domains you know are legit but might be part of a strict blocklist.
Reinstalling and Updating
Reinstalling
This will wipe out any settings you have set. Only do this if you absolutely need to, since you will have to start from scratch with your configuration. Run the install script as if you were going to install for the first time but add the -r flag.
Updating
Unbound
Need to configure unbound to listen for requests and query a DNS server if it doesn’t have the address in the overrides.
General Settings

Overrides
Local Hostnames to IP’s. This is where I have all my hostnames and their local IP’s.
DNS over TLS
