Homelab · Sieť NÁVOD 16. apríla 2026 · 8 min čítania

AdGuard Home — inštalácia a nastavenie

Kompletný návod od inštalácie cez Docker až po nastavenie DNS na routeri, aktiváciu DoH a vlastnú blokovaciu stránku. Funguje na Synology NAS, Linuxe aj Windows.

Ak si čítal môj článok o AdGuard Home, vieš prečo to chceš. Tu je postup ako to celé rozbehnúť — od prvého príkazu po fungujúci DNS filter pre celú domácu sieť.

Čo potrebuješ

Predpoklady

Docker a Portainer nainštalované na tvojom zariadení — či už Synology NAS, Linux server alebo Windows PC s Docker Desktop. Prístup do administrácie routera (DHCP nastavenia). IP adresa tvojho servera — v príkladoch používame 192.168.1.100, nahraď svojou.

1. Vytvor priečinky

Synology NAS (cez SSH):

mkdir -p /volume1/docker/adguard/config
mkdir -p /volume1/docker/adguard/data

Linux:

mkdir -p ~/docker/adguard/config
mkdir -p ~/docker/adguard/data

Windows (Docker Desktop) — priečinky vytvor v Prieskumníkovi, napríklad C:\docker\adguard\config a C:\docker\adguard\data.

2. Docker Compose stack

V Portainer: Stacks → Add stack → Web editor. Vyber svoju platformu a skopíruj stack:

services:
  adguard:
    image: adguard/adguardhome
    container_name: AdGuard
    network_mode: host
    volumes:
      - /volume1/docker/adguard/config:/opt/adguardhome/conf:rw
      - /volume1/docker/adguard/data:/opt/adguardhome/work:rw
    environment:
      TZ: Europe/Bratislava
    restart: unless-stopped

services:
  adguard:
    image: adguard/adguardhome
    container_name: AdGuard
    network_mode: host
    volumes:
      - ~/docker/adguard/config:/opt/adguardhome/conf:rw
      - ~/docker/adguard/data:/opt/adguardhome/work:rw
    environment:
      TZ: Europe/Bratislava
    restart: unless-stopped

services:
  adguard:
    image: adguard/adguardhome
    container_name: AdGuard
    ports:
      - "3000:3000"
      - "53:53/tcp"
      - "53:53/udp"
      - "9080:9080"
    volumes:
      - C:/docker/adguard/config:/opt/adguardhome/conf:rw
      - C:/docker/adguard/data:/opt/adguardhome/work:rw
    environment:
      TZ: Europe/Bratislava
    restart: unless-stopped

⚠️ network_mode: host

Na Linuxe a Synology kontajner zdieľa sieťový stack hostiteľa priamo — porty nie sú potrebné. Na Windows Docker Desktop to nefunguje, preto tam definujeme porty explicitne. Zmeň TZ na svoju časovú zónu.

Klikni Deploy the stack a počkaj na správu "Success Stack successfully deployed".

3. Prvé spustenie — Setup Wizard

Otvor v prehliadači http://192.168.1.100:3000. Klikni Get Started.

Nastavenia počas wizardu

Admin Web Interface: vyber IP svojho servera, port zmeň na 9080
DNS server: vyber IP svojho servera, port nechaj 53
Vytvor username a heslo. Klikaj Next až po Open Dashboard.

4. Nastavenie DNS cez router

Prihlás sa do administrácie routera (zvyčajne 192.168.1.1). Nájdi sekciu DHCP alebo LAN → DNS a nastav:

Primary DNS: IP tvojho servera (napr. 192.168.1.100)
Secondary DNS: 8.8.8.8 alebo 1.1.1.1 — záloha pre prípad výpadku

Ulož a reštartuj router. Všetky zariadenia v sieti automaticky začnú používať AdGuard ako DNS server.

Prečo router a nie každé zariadenie zvlášť

Nastavením na routeri pokryješ všetky zariadenia naraz — telefóny, tablety, smart TV, IoT zariadenia. Nové zariadenia sú automaticky chránené hneď po pripojení do siete, bez akejkoľvek ďalšej konfigurácie.

4b. Vypnutie blokovania pre konkrétne zariadenie

Ak niekto v domácnosti nechce blokovanie — napríklad pracovný laptop kde AdGuard blokuje niečo čo potrebuješ — vieš ho vypnúť pre to jedno zariadenie bez toho aby si menil nastavenia routera.

AdGuard → Clients → Add client → zadaj IP alebo MAC adresu zariadenia → v nastaveniach klienta zaškrtni Disable AdGuard for this client. Ostatné zariadenia zostanú chránené.

Ako zistiť IP alebo MAC zariadenia

Na zariadení otvor nastavenia siete — IP adresa je väčšinou v detailoch Wi-Fi pripojenia. Prípadne vidíš všetky zariadenia priamo v AdGuard dashboarde pod Clients → Active clients.

5. Upstream DNS a DoH/DoT — bezpečnosť a súkromie

Toto je dvojkrok ktorý posúva AdGuard Home z jednoduchého ad blockera na skutočne bezpečný DNS resolver pre celú sieť.

Krok 1 — Upstream DNS server

AdGuard → Settings → DNS settings → Upstream DNS servers. Vymaž predvolené servery a zadaj jeden z týchto:

Odporúčané upstream DNS servery

Quad9 (blokuje malware, DNSSEC):
https://dns.quad9.net/dns-query

Cloudflare (rýchly, súkromný):
https://cloudflare-dns.com/dns-query

Cloudflare s blokovaním malware:
https://security.cloudflare-dns.com/dns-query

Odporúčam Quad9 — nezisková organizácia, blokuje known malware domény na DNS úrovni, podporuje DNSSEC. Spolu s AdGuard blocklist filtrami dostaneš dvojitú ochranu.

Krok 2 — Zapnutie šifrovania (DoH a DoT)

AdGuard → Settings → Encryption settings → Enable encryption. Zaškrtni Enable encryption (HTTPS, DNS-over-HTTPS and DNS-over-TLS).

Prečo DoH/DoT nie je len o mobilných appkách

Šifrovaný DNS chráni celú sieť — nie len prehliadač. Bez šifrovania vidí tvoj internet provider každú doménu ktorú navštívuješ. DoH (DNS cez HTTPS) a DoT (DNS cez TLS) toto zabraňujú. Navyše chránia aj zariadenia ktoré nemôžeš inak nakonfigurovať — smart TV, IoT zariadenia, herné konzoly.

6. Vlastná blokovacia stránka

Keď AdGuard zablokuje doménu, prehliadač predvolene zobrazí chybovú stránku. Nastav vlastnú IP adresu na ktorú AdGuard presmeruje blokované requesty — zobrazí sa čistá blokovacia stránka namiesto chyby.

AdGuard → Settings → DNS settings → Blocking mode → Custom IP → zadaj 23.171.240.158

Toto je verejná IP adresa ktorá slúži práve na zobrazovanie blokovacích stránok — namiesto chybovej hlášky prehliadača uvidí používateľ čistú stránku s vysvetlením že obsah je zablokovaný.

7. Odporúčané blocklists

AdGuard → Filters → DNS blocklists → Add blocklist:

Overené zoznamy

AdGuard DNS filter — predvolený, pokrýva reklamy a trackery
AdGuard DNS Popup Hosts filter — blokuje vyskakovacie okná
OISD Full — https://big.oisd.nl — rozsiahly zoznam, nízke false positive
Steven Black Hosts — reklamy + malware
HaGeZi Multi PRO — pre pokročilých, agresívnejšie blokovanie

Troubleshooting

⚠️ Port 53 je obsadený

Chyba listen udp 0.0.0.0:53: bind: address already in use — niečo iné počúva na DNS porte. Na Linuxe to býva systemd-resolved:
sudo systemctl disable systemd-resolved && sudo systemctl stop systemd-resolved

⚠️ DNS nefunguje po nastavení routera

Zariadenia si cachujú starý DNS. Odpoj a znovu pripoj Wi-Fi. Na Windows spusti ipconfig /flushdns, na macOS sudo dscacheutil -flushcache.

Homelab · Netzwerk ANLEITUNG 16. April 2026 · 8 Min. Lesezeit

AdGuard Home — Installation und Einrichtung

Vollständige Anleitung von der Docker-Installation bis zur DNS-Einrichtung am Router, DoH-Aktivierung und eigener Blockseite. Funktioniert auf Synology NAS, Linux und Windows.

Wenn du meinen Artikel über AdGuard Home gelesen hast, weißt du warum du das willst. Hier ist die Schritt-für-Schritt-Anleitung vom ersten Befehl bis zum funktionierenden DNS-Filter fürs gesamte Heimnetz.

Was du brauchst

Voraussetzungen

Docker und Portainer installiert — ob Synology NAS, Linux-Server oder Windows-PC mit Docker Desktop. Zugang zur Router-Administration (DHCP). IP-Adresse deines Servers — Beispiele verwenden 192.168.1.100, ersetze sie durch deine eigene.

1. Verzeichnisse erstellen

Synology NAS (via SSH):

mkdir -p /volume1/docker/adguard/config
mkdir -p /volume1/docker/adguard/data

Linux:

mkdir -p ~/docker/adguard/config
mkdir -p ~/docker/adguard/data

Windows (Docker Desktop) — Ordner im Explorer erstellen: C:\docker\adguard\config und C:\docker\adguard\data.

2. Docker Compose Stack

In Portainer: Stacks → Add stack → Web editor. Plattform wählen und Stack kopieren:

services:
  adguard:
    image: adguard/adguardhome
    container_name: AdGuard
    network_mode: host
    volumes:
      - /volume1/docker/adguard/config:/opt/adguardhome/conf:rw
      - /volume1/docker/adguard/data:/opt/adguardhome/work:rw
    environment:
      TZ: Europe/Berlin
    restart: unless-stopped

services:
  adguard:
    image: adguard/adguardhome
    container_name: AdGuard
    network_mode: host
    volumes:
      - ~/docker/adguard/config:/opt/adguardhome/conf:rw
      - ~/docker/adguard/data:/opt/adguardhome/work:rw
    environment:
      TZ: Europe/Berlin
    restart: unless-stopped

services:
  adguard:
    image: adguard/adguardhome
    container_name: AdGuard
    ports:
      - "3000:3000"
      - "53:53/tcp"
      - "53:53/udp"
      - "9080:9080"
    volumes:
      - C:/docker/adguard/config:/opt/adguardhome/conf:rw
      - C:/docker/adguard/data:/opt/adguardhome/work:rw
    environment:
      TZ: Europe/Berlin
    restart: unless-stopped

⚠️ network_mode: host

Auf Linux und Synology teilt der Container direkt den Netzwerk-Stack. Unter Windows Docker Desktop werden Ports explizit definiert. TZ auf deine Zeitzone anpassen.

Klicke Deploy the stack und warte auf "Success Stack successfully deployed".

3. Erststart — Setup-Assistent

Öffne http://192.168.1.100:3000 im Browser. Klicke Get Started.

Einstellungen im Assistenten

Admin Web Interface: Server-IP wählen, Port auf 9080 ändern
DNS-Server: Server-IP wählen, Port 53 belassen
Benutzername und Passwort erstellen. Weiter bis Open Dashboard.

4. DNS über den Router einstellen

Router-Administration öffnen. Bereich DHCP oder LAN → DNS suchen und einstellen:

Primary DNS: Server-IP (z.B. 192.168.1.100)
Secondary DNS: 8.8.8.8 oder 1.1.1.1 als Fallback

Warum Router statt Einzelgerät

Einmal am Router eingestellt werden alle Geräte automatisch geschützt — Smartphones, Tablets, Smart-TVs, IoT-Geräte. Neue Geräte sind sofort beim Verbinden geschützt, ohne Einzelkonfiguration.

4b. Blockierung für einzelne Geräte deaktivieren

Wenn jemand im Haushalt keine Blockierung möchte — z.B. ein Arbeits-Laptop wo AdGuard etwas Benötigtes blockiert — kannst du es für dieses eine Gerät deaktivieren ohne die Router-Einstellungen zu ändern.

AdGuard → Clients → Add client → IP- oder MAC-Adresse eingeben → in den Client-Einstellungen Disable AdGuard for this client aktivieren. Alle anderen Geräte bleiben geschützt.

IP oder MAC-Adresse des Geräts finden

Netzwerkeinstellungen auf dem Gerät öffnen — die IP-Adresse steht in den WLAN-Verbindungsdetails. Alternativ sind alle Geräte im AdGuard-Dashboard unter Clients → Active clients sichtbar.

5. Upstream-DNS und DoH/DoT — Sicherheit und Datenschutz

Dieser Zwei-Schritt-Prozess macht AdGuard Home zu einem wirklich sicheren DNS-Resolver für das gesamte Netzwerk.

Schritt 1 — Upstream-DNS-Server

AdGuard → Settings → DNS settings → Upstream DNS servers. Standardserver löschen und einen dieser eingeben:

Empfohlene Upstream-DNS-Server

Quad9 (blockiert Malware, DNSSEC):
https://dns.quad9.net/dns-query

Cloudflare (schnell, privat):
https://cloudflare-dns.com/dns-query

Cloudflare mit Malware-Schutz:
https://security.cloudflare-dns.com/dns-query

Empfehlung: Quad9 — Non-Profit-Organisation, blockiert bekannte Malware-Domains auf DNS-Ebene, unterstützt DNSSEC.

Schritt 2 — Verschlüsselung aktivieren (DoH und DoT)

AdGuard → Settings → Encryption settings → Enable encryption. Häkchen bei Enable encryption (HTTPS, DNS-over-HTTPS and DNS-over-TLS) setzen.

Warum DoH/DoT mehr als nur App-Werbung betrifft

Verschlüsseltes DNS schützt das gesamte Netzwerk. Ohne Verschlüsselung sieht dein Internetanbieter jede besuchte Domain. DoH und DoT verhindern das — und schützen auch Geräte die nicht einzeln konfigurierbar sind: Smart-TVs, IoT-Geräte, Spielkonsolen.

6. Eigene Blockierseite

AdGuard → Settings → DNS settings → Blocking mode → Custom IP → 23.171.240.158 eingeben.

Diese öffentliche IP zeigt eine saubere Blockierseite anstelle einer Fehlermeldung des Browsers.

7. Empfohlene Blocklisten

Bewährte Listen

AdGuard DNS filter — Standard, Werbung und Tracker
AdGuard DNS Popup Hosts filter — Pop-ups blockieren
OISD Full — https://big.oisd.nl — umfangreich, wenig Fehlalarme
Steven Black Hosts — Werbung + Malware
HaGeZi Multi PRO — für Fortgeschrittene

Fehlerbehebung

⚠️ Port 53 belegt

Fehler listen udp 0.0.0.0:53: bind: address already in use — meist systemd-resolved auf Linux:
sudo systemctl disable systemd-resolved && sudo systemctl stop systemd-resolved

⚠️ DNS funktioniert nicht nach Router-Änderung

WLAN trennen und neu verbinden. Windows: ipconfig /flushdns, macOS: sudo dscacheutil -flushcache.

Homelab · Network GUIDE April 16, 2026 · 8 min read

AdGuard Home — installation and setup

Complete guide from Docker installation to router DNS setup, DoH activation and custom block page. Works on Synology NAS, Linux and Windows.

If you read my AdGuard Home article, you know why you want this. Here is the step-by-step from the first command to a working DNS filter for your entire home network.

What you need

Prerequisites

Docker and Portainer installed — whether Synology NAS, Linux server or Windows PC with Docker Desktop. Access to your router admin (DHCP settings). Your server IP address — examples use 192.168.1.100, replace with yours.

1. Create directories

Synology NAS (via SSH):

mkdir -p /volume1/docker/adguard/config
mkdir -p /volume1/docker/adguard/data

Linux:

mkdir -p ~/docker/adguard/config
mkdir -p ~/docker/adguard/data

Windows (Docker Desktop) — create folders in Explorer: C:\docker\adguard\config and C:\docker\adguard\data.

2. Docker Compose stack

In Portainer: Stacks → Add stack → Web editor. Select your platform and copy the stack:

services:
  adguard:
    image: adguard/adguardhome
    container_name: AdGuard
    network_mode: host
    volumes:
      - /volume1/docker/adguard/config:/opt/adguardhome/conf:rw
      - /volume1/docker/adguard/data:/opt/adguardhome/work:rw
    environment:
      TZ: Europe/London
    restart: unless-stopped

services:
  adguard:
    image: adguard/adguardhome
    container_name: AdGuard
    network_mode: host
    volumes:
      - ~/docker/adguard/config:/opt/adguardhome/conf:rw
      - ~/docker/adguard/data:/opt/adguardhome/work:rw
    environment:
      TZ: Europe/London
    restart: unless-stopped

services:
  adguard:
    image: adguard/adguardhome
    container_name: AdGuard
    ports:
      - "3000:3000"
      - "53:53/tcp"
      - "53:53/udp"
      - "9080:9080"
    volumes:
      - C:/docker/adguard/config:/opt/adguardhome/conf:rw
      - C:/docker/adguard/data:/opt/adguardhome/work:rw
    environment:
      TZ: Europe/London
    restart: unless-stopped

⚠️ network_mode: host

On Linux and Synology the container shares the host network stack directly. On Windows Docker Desktop this does not work — ports are defined explicitly. Change TZ to your timezone.

Click Deploy the stack and wait for "Success Stack successfully deployed".

3. First run — Setup Wizard

Open http://192.168.1.100:3000 in your browser. Click Get Started.

Settings during the wizard

Admin Web Interface: select your server IP, change port to 9080
DNS server: select your server IP, keep port 53
Create username and password. Click Next through to Open Dashboard.

4. Set DNS via router

Log into your router admin. Find DHCP or LAN → DNS and set:

Primary DNS: your server IP (e.g. 192.168.1.100)
Secondary DNS: 8.8.8.8 or 1.1.1.1 as fallback

Why router instead of per-device

Setting DNS on the router covers all devices automatically — phones, tablets, smart TVs, IoT devices. New devices are protected immediately on connection, no individual configuration needed.

4b. Disabling filtering for a specific device

If someone in the household does not want filtering — for example a work laptop where AdGuard blocks something needed — you can disable it for that one device without changing router settings.

AdGuard → Clients → Add client → enter the IP or MAC address of the device → in the client settings check Disable AdGuard for this client. All other devices remain protected.

How to find the device IP or MAC address

Open network settings on the device — the IP address is usually in the Wi-Fi connection details. Alternatively all devices are visible directly in the AdGuard dashboard under Clients → Active clients.

5. Upstream DNS and DoH/DoT — security and privacy

This two-step setup turns AdGuard Home from a simple ad blocker into a genuinely secure DNS resolver for your entire network.

Step 1 — Upstream DNS server

AdGuard → Settings → DNS settings → Upstream DNS servers. Remove the default servers and enter one of these:

Recommended upstream DNS servers

Quad9 (blocks malware, DNSSEC):
https://dns.quad9.net/dns-query

Cloudflare (fast, private):
https://cloudflare-dns.com/dns-query

Cloudflare with malware blocking:
https://security.cloudflare-dns.com/dns-query

Recommendation: Quad9 — non-profit organisation, blocks known malware domains at DNS level, supports DNSSEC.

Step 2 — Enable encryption (DoH and DoT)

AdGuard → Settings → Encryption settings → Enable encryption. Check Enable encryption (HTTPS, DNS-over-HTTPS and DNS-over-TLS).

Why DoH/DoT is about more than mobile ads

Encrypted DNS protects your entire network — not just the browser. Without encryption your internet provider sees every domain you visit. DoH and DoT prevent this — and also protect devices you cannot configure individually: smart TVs, IoT devices, gaming consoles.

6. Custom block page

AdGuard → Settings → DNS settings → Blocking mode → Custom IP → enter 23.171.240.158.

This public IP displays a clean block page instead of a browser error when a domain is blocked.

7. Recommended blocklists

Proven lists

AdGuard DNS filter — default, ads and trackers
AdGuard DNS Popup Hosts filter — blocks pop-ups
OISD Full — https://big.oisd.nl — comprehensive, low false positives
Steven Black Hosts — ads + malware
HaGeZi Multi PRO — for advanced users

Troubleshooting

⚠️ Port 53 in use

Error listen udp 0.0.0.0:53: bind: address already in use — usually systemd-resolved on Linux:
sudo systemctl disable systemd-resolved && sudo systemctl stop systemd-resolved

⚠️ DNS not working after router change

Disconnect and reconnect Wi-Fi on each device. Windows: ipconfig /flushdns, macOS: sudo dscacheutil -flushcache.