Learning the world one step at a time

Let me tell you, the journey from setting up my daughter’s first tablet when she was just a tiny bundle of joy to managing our entire household’s digital needs has been… well, it's been a rollercoaster. It started innocently enough a simple Telstra router when she was born, and honestly, for the first couple of years, it did the job. It provided basic internet access, and we were happy. But then came the explosion of devices! My little girl quickly graduated from that initial tablet to a more sophisticated one, and suddenly, our home became a hub of digital activity and a source of increasing frustration.

Now i have my own machine, my wife has one, daughter has one, i have a home brew steam machine, a server, NAS, etc etc got a full-fledged computer setup in the home office, a smart TV that dominates the living room, a Google Home system constantly buzzing with requests, and then there are my in-laws who graciously and sometimes frustratingly live in our granny flat. Suddenly, reliable WiFi wasn’t just nice to have; it was absolutely critical. It became the linchpin of everything from online learning for my daughter to video calls with family across the country, and even just streaming a decent movie without constant buffering.

For the first few years, I settled for a TP-Link Deco AC1200 Whole Home Mesh Wi-Fi system. Initially, it seemed like a good solution multiple access points strategically placed around the house to eliminate dead zones. It worked… okay. For a bit. The initial speeds were decent enough for basic browsing and light streaming, but as streaming became the norm (thanks in no small part to Netflix!) and everyone myself included started demanding more bandwidth, it quickly became clear that this wasn’t going to cut it. The constant complaints about dropped connections, particularly when someone was gaming or video conferencing, were starting to drive me absolutely bonkers! I'd spend hours troubleshooting, resetting devices, and generally feeling like a tech support technician for my own family.

I spent what felt like months researching solutions. I became obsessed with mesh systems understanding the difference between them, how they worked, and which one was best suited to our needs. It quickly became apparent that simply upgrading the base Deco wasn’t enough; those other Decos didn't have wireless backhaul. Wireless backhaul is essentially the ability for the mesh nodes to communicate with each other wirelessly without it, you’re just creating a larger range for a single router, and performance suffers dramatically. I learned this the hard way through a lot of online research and forum discussions!

Finally, after days of poring over reviews (TechRadar, PCMag, Reddit threads you name it!), comparing specs, and agonizing over price points, I took the plunge and bought an Orbi 770 Series Tri-Band WiFi 7 Mesh 3-Pack from JB Hifi. It was a significant investment around $1400 AUD but the sweet deal I found (a promotional discount combined with a loyalty reward) made it feel justifiable. The Orbi 770 boasts three nodes, offering full coverage throughout our house and granny flat, and utilizes WiFi 7 technology, which promised significantly faster speeds and reduced latency.

Setting up the Orbi was surprisingly straightforward the app guided me through each step, and within an hour, the entire system was operational with my custom DNS Adguard set up. But the real test came with consistent usage. Now, everyone is consistently hitting speeds close to 800mbps (sometimes even exceeding that during peak hours!), and crucially we haven't had a single dropped connection since! The in-laws are thrilled they can finally stream their favorite nature documentaries without interruption, COD Warzone and what ever the hell else they do, my daughter can stream her shows without buffering, I can actually work from home without the whole system crashing mid call, and even our smart TV runs flawlessly.

Honestly, part of me kind of misses the tinkering aspect. There’s something satisfying about delving into router settings, optimizing your network for peak performance, and understanding how different technologies interact. The Orbi 770 is so well designed that it largely eliminates the need for manual tweaking which is a huge bonus! However, I still enjoy monitoring the performance through the app and occasionally adjusting the channel width to maximize speeds.

What’s the takeaway here mate? If you're struggling with slow WiFi, especially as your family grows and streaming becomes more prevalent (and let’s be honest, it always does!), don’t underestimate the power of a good mesh system. It might seem like a complicated investment at first particularly when you start considering the potential cost of upgrading later if your needs change but it can be a huge stress reliever and a massive improvement to your daily life.

As a father, my primary concern is the well being of my family, and i have this compulsion to do tech stuff for the hell of it, particularly within the increasingly complex digital environment. Traditional parental controls often fall short in providing truly effective protection and, more importantly, hinder a child’s ability to engage with information responsibly. This prompted an investigation into creating a more targeted and adaptable solution, one that moves beyond simple restrictions and focuses on proactive filtering at the network level. The goal wasn't simply to block content it was to establish a system capable of evolving alongside emerging online threats while fostering a child’s ability to navigate the internet with informed discernment.

The core of this project centered around repurposing a Dell 3040 Wyse Ultra Low Power machine, acquired through Facebook Marketplace for $40 AUD. Its low power consumption (typically drawing under 15W), minimal footprint, and inherent robustness made it an ideal candidate for deploying a custom DNS filter using AdGuard Home a powerful, open source solution designed specifically for this purpose. The challenge lay in establishing a robust, configurable network wide solution that wouldn’t introduce unnecessary complexity or resource demands while providing granular control over online access.

System Architecture & Implementation: A Layered Approach

The architecture of the system was deliberately layered to provide redundancy and flexibility. It wasn't conceived as a monolithic solution but rather as a modular setup capable of adapting to evolving needs.

1. Hardware Foundation: The Dell 3040 Wyse Ultra Low Power (Model # 923-5867) served as the core processing unit. Its ARM Cortex-A9 processor, 2048MB RAM, and integrated Gigabit Ethernet port provided sufficient resources for DNS proxying and AdGuard’s filtering engine. The machine was selected primarily for its reliability and low power consumption crucial factors given its intended role as a dedicated security appliance.

2. Operating System & Network Configuration: I opted for Debian Bullseye (version 11.3) specifically the “minimal” image to minimize resource overhead and provide a clean, stable base. The initial partitioning involved creating a single root partition using parted, allocating approximately 32GB of storage. Crucially, I configured the machine with a static IP address on the internal network (192.168.1.100) and enabled DHCP client functionality for internet access. Network segmentation was achieved through VLAN configuration on our existing router (Ubiquiti EdgeRouter X), placing the Wyse machine on VLAN 3, isolating it from the primary LAN where sensitive devices resided. This added a critical layer of security by limiting potential lateral movement in case of compromise.

3. DNS Proxy & Filtering Engine – AdGuard Home: The heart of the system is AdGuard Home, a free and open-source DNS server with powerful filtering capabilities. I installed AdGuard Home using Docker on the Wyse machine. This containerized approach simplifies management, ensures consistent updates, and isolates the application from the host operating system. AdGuard Home’s dynamic filtering features are particularly valuable – allowing for both blacklisting specific domains (e.g., gambling sites, adult content) and employing content categories to enforce safe search settings for my daughter's devices.

4. Dashboard & Monitoring: I configured AdGuard Home to expose a web based dashboard accessible via HTTPS. This provides real time insights into DNS queries, blocked domains, and overall system performance. The dashboard’s logging capabilities are invaluable for troubleshooting and identifying potential threats. Furthermore, I implemented basic scripting (using Bash) to generate automated reports on filtered traffic a crucial element for ongoing monitoring and assessment.

Detailed Configuration & Tuning:

• DNS Forwarding: AdGuard Home is configured as a DNS forwarder, meaning it receives all DNS queries from the network and resolves them itself. This allows us to intercept and filter these requests before they reach the client devices.

• AdGuard Filter Lists: I utilized several pre-configured filter lists within AdGuard Home, including:

  • “Malware” Blocks known malicious domains.

  • “Adult” Filters adult content categories.

  • “Gambling” Blocks gambling websites.

  • Custom blacklists Added specific domains based on observed threats and parental concerns.

• Safe Search Enforcement: AdGuard Home’s “SafeSearch” feature is enabled for Google, Bing, and DuckDuckGo, ensuring that search results are filtered to remove explicit content.

• Rate Limiting & Throttling (Future Enhancement): While not initially implemented, I plan to explore rate limiting features within AdGuard Home to further mitigate potential abuse or denial-of-service (DoS) attacks.

Beyond Basic Filtering – A Customizable Solution:

The resulting setup offers granular control. I can dynamically adjust device access permissions and enforce safe search parameters on a per-device basis. Furthermore, the system’s adaptability allows me to proactively block services based on evolving threat intelligence. The ability to easily add or remove domains from the filter lists ensures that the system remains responsive to changing online landscapes.

Future Development & Considerations:

This project is an ongoing exploration. Future development includes:

• Integrating automated updates for AdGuard Home ensuring the system remains protected against the latest threats.

• Expanding the monitoring capabilities to provide more detailed analytics, including query frequency and source IP addresses.

• Implementing a VPN connection through the Wyse machine to mask our family’s internet activity (privacy enhancement).

• Exploring advanced features within AdGuard Home, such as URL filtering and application control.

The 3D printed 10" rake not just as a physical grounding point but also as a tangible reminder of the dedication required to build and maintain this complex system a small, functional artifact representing a significant investment in our family’s online safety.

Note: The four blocked adult sites was me .... i had to test it somehow.

I just wish doing it in real life was just as easy.....