cheald

Use a Pihole + your adblocker of choice - defense in depth. It's easy to set up, brainless to keep updated, and helps to protect all devices on your network, not just the things that can run uBlock. I've got mine running in a Docker container, which upstreams to a stubby container, which gets DNS-over-TLS, so I get adblocking and DNS query encryption out to Cloudflare for the whole network, and it's really not all that hard to set up. (Edit: Here's the bash script I used. docker-compose would probably be better, but whatever. https://gist.github.com/cheald/23da384908404b0757eadda74124a...)

If you're unwilling to do that, just set your DNS servers to the Adguard servers (https://adguard.com/en/adguard-dns/overview.html) and you get most of the same benefit, though obviously without the control that the Pihole offers you. On Android devices, you can go to Settings - > Wifi & Internet - > Private DNS and set "Private DNS provider hostname" to dns.adguard.com (or your own exposed Pihole server, if you're so inclined) and get the same benefit when you're on LTE.

leeoniya
sticking OPNSense on one of these [1] was probably the best LAN decision i've made, besides a Synology backup NAS.

it acts as a pihole and a lot more (firewall, device vlan isolation, vpn termination, etc). i have these hosts files [2] loaded into its DNSmasq config.

[1] https://www.amazon.com/dp/B072ZTCNLK

[2] https://github.com/StevenBlack/hosts