The Defend-O-Tron ships with AdGuard Home built in — a network-wide DNS resolver that filters ads, trackers, malware, phishing, and other unwanted content for every device on your network. Point your router's DHCP server (or your devices directly) at the Defend-O-Tron's management IP, and every DNS lookup passes through AdGuard's filtering layer.
The DNS filter is optional. The Defend-O-Tron's core defense (CrowdSec + Suricata + honeypot) operates independently of DNS. If you don't want DNS-layer filtering, leave your network's DNS pointed at your existing resolver — everything else still works.
The AdGuard Home admin interface is available at:
Default credentials: admin / adguard. You'll be prompted to change them on first login. The AdGuard Home password is independent of your Cockpit admin password and is managed inside AdGuard's interface.
AdGuard Home shares its engine with AdGuard's public DNS service, but everything runs locally on your Defend-O-Tron. No DNS queries leave your network unless you choose an external upstream resolver. Highlights:
AdGuard Home ships with default blocklists covering most ad networks, tracker systems, and malicious domains. You can:
Built-in shortcuts let you block entire services with a single click — Facebook, TikTok, Instagram, YouTube, Netflix, Discord, and several dozen others. Useful for network policy enforcement, distraction reduction, or temporary content restriction.
Each device on your network can have its own filtering profile. Common patterns:
Clients are identified by IP, MAC address, or an explicit AdGuard Home client ID embedded in the DNS request.
AdGuard Home keeps a queryable log of every DNS request that passes through it. Day-to-day, this is often the most useful feature: it gives you direct visibility into what every device on your network is looking up.
You can sort and filter the query log by:
example.com, or every query containing a substring.Common operational uses:
Query log retention is configurable. Default settings cover at-a-glance review; for longer retention, adjust Settings → General settings → Query log configuration. For long-term tamper-evident retention (auditor-grade, signed daily), the Defend-O-Tron's audit subsystem captures a parallel record — see Compliance Reporting.
If your network includes devices used by children, AdGuard Home's parental-control settings are worth configuring:
Combine these with per-client rules and you can have different parental-control profiles for different family members or device groups.
AdGuard Home supports multiple encrypted DNS protocols, in both directions:
Configure your upstream resolvers (Cloudflare 1.1.1.1, Quad9, NextDNS, AdGuard's own DNS, or your own) to use one of these protocols, and your DNS queries to the upstream are no longer visible to your ISP. Devices on your network that support encrypted DNS can also be configured to send their queries to AdGuard Home over DoH/DoT — useful when you want devices on untrusted networks (a laptop on guest WiFi at a coffee shop) to still benefit from your DNS filtering.
The AdGuard Home dashboard shows:
Statistics retention is configured separately from query log retention. For most networks the defaults are fine; tune up if you want longer trend visibility.
Enable the default blocklists. Leave parental controls and service blocking off. Leave per-client rules unset. Done. Most users sit here.
Identify the device's IP or MAC. Add a client profile in AdGuard Home. Enable parental controls, Safe Search, and the category blocks you want on that client only. Other devices on the network keep their default profile.
Configure your router so guest WiFi gets a different subnet. In AdGuard Home, define a client matching that subnet and apply strict filtering + service blocking + adult-content blocking.
Open the query log, find the blocked query, and either allowlist the specific domain or disable the blocklist that matched. The log tells you exactly which rule fired.
Filter the query log by that device's IP. Look for unusual domain patterns — random-looking subdomains, repeated queries to known-bad TLDs, sudden bursts of unique domain queries. The Compliance Reporting audit subsystem keeps a tamper-evident parallel record of these anomalies for evidence purposes if you need it.
For deeper AdGuard Home configuration — the full filter-rule syntax, scripting via the API, migrating from Pi-hole, or running a hybrid setup — refer to the official AdGuard Home documentation.