Question: How safe is Adguardhome on a VPS? #905

New issue

Closed

opened 2026-03-04 00:55:11 -05:00 by deekerman · 1 comment

deekerman commented

2026-03-04 00:55:11 -05:00

Owner

Originally created by @1985kasper on GitHub (Sep 5, 2019).

I know from the pihole forums it is discouraged to run pihole for home use on a VPS. It creates a opendns resolver which causes serious security risks.

How does adguardhome tackle this? Since you have a guide to install it on a VPS for home use are there any safeguards in place to prevent the security risks mentioned on the pihole forums and their articles on this subject?

Another question: Does adguardhome support multiple interfaces (vlans) if the server it's running on has multiple vlans enabled and needs to serve adblocking to clients on those vlans is this supported?

Originally created by @1985kasper on GitHub (Sep 5, 2019). I know from the pihole forums it is discouraged to run pihole for home use on a VPS. It creates a opendns resolver which causes serious security risks. How does adguardhome tackle this? Since you have a guide to install it on a VPS for home use are there any safeguards in place to prevent the security risks mentioned on the pihole forums and their articles on this subject? Another question: Does adguardhome support multiple interfaces (vlans) if the server it's running on has multiple vlans enabled and needs to serve adblocking to clients on those vlans is this supported?

deekerman

2026-03-04 00:55:11 -05:00

closed this issue
added the
question
label

deekerman commented

2026-03-04 00:55:20 -05:00

Author

Owner

@ameshkov commented on GitHub (Sep 6, 2019):

Hi!

It creates a opendns resolver which causes serious security risks

The only risk is that your open resolver can be used for DNS amplification DDOS attacks, and there's no way you can fully solve this issue. On the other hand, AGH by default comes with ratelimit set to 20 requests per second, so your resolver won't do much harm.

If you run AGH on a VPS, I'd suggest checking the stats from time to time, and block access from unknown IP addresses when you see them. You can do it in settings -> DNS -> access settings.

Another question: Does adguardhome support multiple interfaces (vlans) if the server it's running on has multiple vlans enabled and needs to serve adblocking to clients on those vlans is this supported?

Well, you can configure it to listen to ALL network interfaces (0.0.0.0).

@ameshkov commented on GitHub (Sep 6, 2019): Hi! > It creates a opendns resolver which causes serious security risks The only risk is that your open resolver can be used for DNS amplification DDOS attacks, and there's no way you can fully solve this issue. On the other hand, AGH by default comes with ratelimit set to 20 requests per second, so your resolver won't do much harm. If you run AGH on a VPS, I'd suggest checking the stats from time to time, and block access from unknown IP addresses when you see them. You can do it in settings -> DNS -> access settings. > Another question: Does adguardhome support multiple interfaces (vlans) if the server it's running on has multiple vlans enabled and needs to serve adblocking to clients on those vlans is this supported? Well, you can configure it to listen to ALL network interfaces (0.0.0.0).

deekerman referenced this issue

2026-03-04 00:55:50 -05:00

AdGuardHome seem's to leak memory until the machine dies #916

No milestone

No project

No assignees

1 participant

Notifications

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

starred/AdGuardHome#905

No description provided.

Rows
Columns