Out of the box, pihole has a few block lists already set up. Those are pretty good already.
To add more, you can find some good block list collections online. No need to add them all. Pick a good handful, depending on the category of stuff you want to block. Here are some helpful links:
... Once you got a few block lists set up, you'll probably want to whitelist some things specifically, that are otherwise caught up in the filter. This is a super helpful resource for that:
Adguard Home. I find it to be more feature complete, compared to Pi-Hole. Nicer GUI, more options, built in DNS-over-HTTPS/TLS, better client controls & detection, more domain information, better domain list blocking, and so on.
I moved from NextDNS, to Adguard Home. All self hosted, and accessed with a reverse proxy.
Same, used NextDNS and Pi-Hole then move to AdGuard Home til today.
Built-in (DoH, DoT,...) servers are useful and simple to setup with client identification.
I was able to test it out first without having to create an account and I liked it. It has simple Ad/Tracking blocklists and supports both DoT and DoH. Also it has rewrites (like /etc/hosts).
For me, Nextdns. It's mostly because I can choose which list is used by the dns blocking. If adguard has a lost blocking what I use, I can't do anything about it. Or maybe like allow a lot of domains.
Using the Hagezi pro++ list currently and it works damn well without any issues for me.
Also, there is a free way to use it (not sure about adguard).
Sure! If you've got that pi on all the time.
I previously did that and it worked well. My current setup is multiple pi's though, cause the octo pi is switched off with the printer now..
nextdns is the most performant option I've used. it often beats our cloudflare even. adguard wasn't bad but it was a bit more cumbersome and very slow.
I don't like recommending self hosting as opening ports on a private network isn't a great idea. you could use something like cloudflare or tailscale to bridge access but you'll run into issues with network speeds.
Adguard home with a few extra lists and custom rules. Just got the sync tool set up to auto replicate changes from one to another so no more copy/paste to a secondary. Great when I need to restart a VM and don't want to take out the internet while it reboots.
Used pihole some while back but the feature list was tiny by comparison, though it was a good while back so probably unfair to compare.
Also ran with pfBlocker for a while, nice to have it right on the gateway but found it a bit opaque and lacking customization for my needs.
Specifically DNS? I have a Pi-Hole on my home network that is configured as a recursive resolver, and a second Pi-Hole on my personal VPN server (same).
Still a bit sussy ( bit better ). Its a FOR profit Corporation. ( how do they do their money? ). I am unsure if its open source, if it is then i think its good too.
Adguard Home on the homelab, with my router set to use it as DNS, alongside Tailscale with Headscale on top to reroute all traffic through the home network so that ad blocking works all the time, on all devices that can use Tailscale, and also away from home.
Not really and some would argue that from a local network perspective HTTPS is preferable.
The main difference is that HTTPS routes through a standard port so gets "lost" in all other Https traffic whereas TLS uses a distinct port so whilst it's encrypted you would be able to see at the local level that you're using DNS over TLS but not what you're doing.
I'm using controld dns, the oisd full version, legacy dns on the home router and as a private dns on android.
I've tried multiple combinations, but this one has a sweetspot for both blocking and usability.
I use Adguard because it's pretty reliable and solid.
I would love other options but I haven't found many that rival Adguard. I'm very picky about DNS because frequently services that I use can detect them and most free providers do nothing to alleviate blocking.