unsubbed.co

GoAway

GoAway handles lightweight DNS sinkhole for blocking unwanted domains as a self-hosted solution.

MIT Free pommee/goaway · 692 pommee.github.io TypeScript 1 deploy option

DNS sinkhole for blocking ads and trackers at the network level, honestly reviewed. Lightweight by design, early by admission.

TL;DR

  • What it is: Open-source (MIT) DNS sinkhole written in Go — blocks ads, trackers, and malicious domains before they reach any device on your network, from a single point [README].
  • Who it’s for: Home labbers, privacy-conscious founders, and self-hosters who want Pi-hole-style network-wide ad blocking with lower resource overhead and a modern dashboard [README][website].
  • Cost savings: The SaaS equivalent doesn’t really exist — DNS-level ad blocking is inherently self-hosted. The comparison is against Pi-hole (also free) or paying for per-device solutions like 1Blocker or AdGuard Pro. GoAway costs $0 in license fees and runs on hardware that costs nothing extra if you already have a home server or VPS [README].
  • Key strength: Genuinely lightweight. Under 50MB RAM at runtime — meaningful if you’re running this on a Raspberry Pi Zero, an old router, or a VPS where every megabyte counts [README].
  • Key weakness: Version 0.x.x, actively warned about by the developer as subject to major changes. No established third-party review record. Not yet the production-hardened choice for anything mission-critical [README].

What is GoAway

GoAway is a DNS sinkhole — a local DNS server that intercepts domain lookups and returns a blocked response for any domain on your blocklist, before a connection is ever made. When your phone tries to load a tracking pixel or your laptop tries to phone home to an ad network, GoAway answers the DNS query with nothing, and the request dies there.

The project is written in Go (the name is both a command and a language pun) by a developer going by pommee on GitHub, and it’s openly acknowledged as inspired by Pi-hole [README]. What it’s trying to do differently is be lighter: the entire running process fits under 50MB RAM, and the binary runs natively on Linux amd64/arm64/386 with beta support for macOS and Windows [README].

It ships with a web-based admin dashboard for managing blocklists and viewing real-time statistics, and Docker is a first-class deployment path [README][website]. The project sits at 692 GitHub stars as of this review — small by category standards (Pi-hole is at 50K+, AdGuard Home at 25K+), which tells you this is a newer, less battle-tested option rather than an established community standard.

The README includes a direct warning: “GoAway is still in version 0.x.x and is subject to major changes from version to version. Feedback is appreciated as bugs are to be expected.” [README] That’s not a red flag on its own — many solid tools stay in 0.x for a long time — but it’s worth knowing before you make it the DNS resolver for your entire household or office.

Why People Choose It

There are no independent third-party reviews of GoAway available at time of writing — the project is small enough that it hasn’t attracted the blog post treatment yet. What follows is drawn from the README, the official documentation site, and the broader context of the DNS sinkhole category.

The Go runtime argument. Pi-hole runs on Python and PHP with a heavier web stack. AdGuard Home, which is also Go-based, is the more direct comparison — but GoAway is newer, smaller, and aims to be even more stripped-down. If you have a low-powered ARM device (a Pi Zero, an old NAS, a cheap VPS) and want DNS-level blocking without the overhead of a full Linux stack, a Go binary under 50MB is a reasonable pitch [README].

The “modern dashboard” argument. Pi-hole’s dashboard is functional but dated. AdGuard Home’s is cleaner. GoAway advertises a “modern dashboard client” [README][website], though without independent screenshots or reviews it’s hard to evaluate this claim beyond the preview images in the repository. The preview image in the README shows a reasonably clean dark-themed interface with real-time graphs.

The Docker-first workflow. For developers who already manage their home lab via Docker Compose, a tool that drops in as a container without extra ceremony is preferable to Pi-hole’s installer script model [README][website].

The honest limitation: no community depth yet. Pi-hole has a decade of forum posts, blocklist recommendations, and troubleshooting threads. AdGuard Home has a large userbase with documented edge cases. GoAway has GitHub issues and a short blog. If you hit a non-obvious problem, you’re largely on your own [README].

Features

From the README and documentation site:

Core DNS engine:

  • DNS-level domain blocking — operates at the resolver level, network-wide, before any device makes a connection [README]
  • Customizable blocking rules — add your own domains or import blocklists [README][website]
  • Real-time statistics — queries served, blocked counts, top blocked domains [README]
  • Acts as a DNS resolver/forwarder — forwards non-blocked queries to upstream DNS of your choice [README]

Dashboard:

  • Web-based admin interface on port 8080 by default [README]
  • Real-time traffic visualization [README]
  • Domain management through the UI without needing to edit config files directly [website]

Deployment:

  • Docker support (first-class) [README]
  • Native binaries for Linux (amd64, arm64, 386), macOS (beta), Windows (beta) [README]
  • Low footprint: under 50MB RAM typical [README]
  • Low CPU impact: DNS queries are fast by design in Go [README]

What’s not mentioned anywhere:

  • No DHCP server (Pi-hole has this; it simplifies network configuration)
  • No upstream DNS-over-HTTPS or DNS-over-TLS mentioned in the README
  • No API documentation visible in the public docs
  • No LDAP/SSO — it’s a single-user admin tool

The feature set is functional but minimal. This is a v0.x tool that does DNS blocking and shows you stats. It doesn’t try to be an all-in-one network management suite.

Pricing: Self-Hosted Math

GoAway has no commercial version, no SaaS, and no paid tiers. MIT license, self-hosted only [README].

What it actually costs you:

OptionMonthly costNotes
GoAway on existing hardware$0Raspberry Pi, old laptop, home server
GoAway on a cheap VPS$3–6/moHetzner CAX11, Contabo, DigitalOcean droplet
Pi-hole (same)$0–6/moFunctionally the same infrastructure cost
AdGuard Home (same)$0–6/moSame; AdGuard also offers a paid DNS cloud service
AdGuard DNS (managed SaaS)$2.99–9.99/moNo self-hosting required, but your DNS queries leave your network
NextDNS$1.99/moPer-account SaaS, privacy-respecting, no infrastructure

The actual savings framing for DNS blocking:

Unlike automation tools where you’re replacing Zapier at $100/mo, DNS sinkholes replace either nothing (if you’ve never blocked ads before) or per-device solutions. If you’re paying for AdGuard Pro on iOS ($2.99/mo), a Pi-hole/GoAway setup on a $6 VPS replaces that for every device on your network simultaneously. A household of 4 with individual ad-blocker subscriptions might save $8–15/mo — not dramatic, but the privacy argument (DNS queries stay local, not sent to a third party) is often the stronger motivator [README][website].

If you’re already running a home server or VPS for other things, GoAway’s incremental cost is essentially $0 in extra infrastructure.

Deployment Reality Check

What you need:

  • Any Linux machine with Docker installed, or a machine where you can drop a Go binary
  • Port 53 available (the standard DNS port — may require elevated privileges on Linux, or NET_BIND_SERVICE capability in Docker)
  • Port 8080 available for the dashboard
  • DNS settings on your router pointed at GoAway’s IP address (to affect all devices on your network)

The port 53 issue is the most common setup stumbling block with any DNS sinkhole, and the GoAway README calls it out explicitly: “DNS servers typically require elevated privileges to bind to port 53.” [README] On modern Linux systems, systemd-resolved often occupies port 53, which means you need to either disable it, redirect the port, or run GoAway in a way that handles this. This is a one-time configuration step but it trips up first-timers reliably.

Router DNS configuration is the step most guides underexplain. Setting your VPS or home server as the DNS resolver for your whole network is done in your router’s DHCP settings. Every router admin panel does this differently. If you’re on a consumer ISP router with limited settings, you may need to configure DNS per-device instead of network-wide, which defeats much of the point.

What can go sideways:

  • The 0.x.x warning is real. The developer notes the project is “subject to major changes from version to version” [README]. If you update automatically, an update could break your configuration. Pin your version in Docker Compose.
  • macOS and Windows are “Beta” support [README] — if you’re not running Linux, expect more edge cases.
  • No community troubleshooting database yet. Pi-hole has 10 years of StackExchange posts and forum threads for obscure edge cases. GoAway has GitHub issues.
  • The blog section of the GoAway docs site includes a post titled “The Great Rewrite” (November 2025) [website] — which suggests the codebase went through a significant restructuring recently. This is common for 0.x projects, but it means config formats or behavior could shift again.

Realistic time estimate for someone who has Docker and a Linux VPS: 15–30 minutes. For someone new to DNS configuration: 1–3 hours to understand why their other devices aren’t going through GoAway yet and fix the router/DHCP piece.

Pros and Cons

Pros

  • MIT license, no strings. Free to use, modify, embed, redistribute. No commercial restrictions, no “fair-code” asterisk [README].
  • Lightweight Go binary. Under 50MB RAM is meaningfully lower than Pi-hole’s footprint, relevant for constrained hardware [README].
  • Docker-first. Drops into an existing docker-compose stack without friction [README].
  • Modern dashboard. Cleaner interface than Pi-hole’s aging design, based on the preview images in the repository [README][website].
  • Real-time statistics. Immediate visibility into what’s being blocked across your network [README][website].
  • Cross-platform. Full Linux support on three architectures; beta Windows/macOS for non-Linux setups [README].

Cons

  • Version 0.x.x — developer-acknowledged instability. Explicitly flagged in the README: major changes between versions are expected, bugs are expected [README]. This is not a tool to deploy and forget.
  • No third-party reviews or community depth. 692 stars and no established blog coverage means you’re trusting the README, not a community of people who’ve run it in production for years.
  • No DHCP server. Pi-hole includes DHCP, which simplifies network setup significantly. GoAway is DNS-only, so you configure your router separately [README].
  • No upstream encrypted DNS mentioned. DNS-over-HTTPS or DNS-over-TLS to upstream resolvers isn’t mentioned in the documentation. AdGuard Home supports this natively [README][website].
  • Small blocklist ecosystem. Pi-hole has years of curated blocklist recommendations from its community. GoAway’s blocklist management exists, but the community guidance around which lists to use hasn’t accumulated yet [README].
  • Port 53 friction. Standard issue for all DNS sinkholes, but worth flagging — elevated privileges or systemd-resolved conflicts are a common first-run obstacle [README].
  • “The Great Rewrite” in late 2025 [website] signals the project is still finding its architecture. That’s fine at 0.x, but it means setup instructions from a few months ago may not apply.

Who Should Use This / Who Shouldn’t

Use GoAway if:

  • You’re a home lab experimenter who enjoys trying newer tools and doesn’t mind the 0.x instability in exchange for a lighter, Go-native implementation.
  • You’re running constrained hardware (Raspberry Pi Zero, cheap ARM VPS) where the sub-50MB footprint matters.
  • You already have a Docker Compose setup and want to add DNS blocking as another container.
  • You’re comfortable with the idea that you may need to reconfigure things after an update.
  • You want MIT-licensed software you could fork or embed without restriction.

Use Pi-hole instead if:

  • You want a battle-tested tool with 10 years of community troubleshooting, documented blocklists, and a large support forum.
  • You want integrated DHCP to simplify network setup.
  • Stability matters more than novelty — Pi-hole is the safe default.

Use AdGuard Home instead if:

  • You want DNS-over-HTTPS/TLS to upstream resolvers out of the box.
  • You want a more mature Go-based alternative with a larger community than GoAway currently has.
  • You want parental controls or per-client filtering rules.

Skip DNS sinkholes entirely if:

  • You don’t control your router or network infrastructure (apartment building, managed office).
  • Your setup requires VPN on all devices — DNS sinkhole and always-on VPN conflict without careful configuration.
  • You want something working in 5 minutes with no Linux knowledge — use NextDNS or AdGuard DNS cloud instead.

Alternatives Worth Considering

  • Pi-hole — the category standard. More features, larger community, better documentation, heavier footprint. The tool GoAway is inspired by [README]. If you’re unsure which to pick, this is the default recommendation.
  • AdGuard Home — the Go-based Pi-hole alternative with the largest mindshare after Pi-hole. Supports DNS-over-HTTPS, DNS-over-TLS, parental controls, per-client rules. More mature than GoAway, similar philosophy.
  • Blocky — another Go-based DNS blocker, aimed at performance and configuration-as-code. No web UI, but highly configurable via YAML.
  • Technitium DNS Server — full-featured DNS server with blocking. More complex than any of the above, but handles split-horizon DNS, DNSSEC, and enterprise use cases.
  • NextDNS — managed SaaS DNS filtering, no infrastructure to manage, privacy-respecting, $1.99/mo. The right answer if self-hosting isn’t viable.
  • AdGuard DNS (cloud) — AdGuard’s managed DNS service, similar to NextDNS, free tier available.

For a non-technical founder who just wants ads blocked network-wide without touching a server: NextDNS or AdGuard DNS. For someone comfortable with Docker who wants self-hosted, proven, and stable: AdGuard Home. For the experimenter who wants something newer and lighter and doesn’t mind 0.x: GoAway.

Bottom Line

GoAway does what it says: it blocks domains at the DNS level, runs in under 50MB, ships a modern dashboard, and fits in a Docker Compose file. The Go implementation is genuinely lean, the MIT license is clean, and the developer is transparent about where the project stands — version 0.x, bugs expected, changes guaranteed. That honesty is worth something.

What GoAway isn’t yet is the tool you reach for when you want something that just works and stays working. Pi-hole has a decade of community hardening. AdGuard Home has years of production deployments. GoAway has 692 stars and a “Great Rewrite” blog post from November 2025. For a home lab experiment or a lightweight secondary DNS filter, it’s worth trying. For the DNS resolver that your family depends on staying up, wait for it to hit 1.0.

If the deployment is the blocker regardless of which tool you pick, upready.dev sets these up for clients as a one-time service — you own the infrastructure, they handle the afternoon of terminal work.

Sources

  1. GoAway READMELightweight DNS sinkhole written in Go with a modern dashboard client. https://github.com/pommee/goaway
  2. GoAway official documentation siteGoAway homepage, features, and getting started. https://pommee.github.io/goaway
  3. GoAway blog — “The Great Rewrite” (November 2025) — Development blog on the GoAway documentation site. https://pommee.github.io/goaway/blog/2025/11/08/the-great-rewrite/

Features

Analytics & Reporting

  • Dashboard

Category

Security & Authentication (159) DNS Management (10) Cybersecurity Tools (45)

Related Security & Authentication Tools

View all 159 →

Ghidra

66K

A free, open-source software reverse engineering framework created by the NSA — disassemble, decompile, and analyze compiled code on any platform.

security Apache-2.0

PocketBase

58K

Open-source backend in a single 12 MB binary — realtime database, auth, file storage, and admin dashboard. No Docker, no Postgres, just run it.

security MIT Easy to deploy

Vaultwarden

57K

Lightweight, self-hosted Bitwarden-compatible password manager written in Rust. Uses 10x less RAM than the official server and works with all Bitwarden clients.

security AGPL-3.0

Zen Browser

41K

Zen Browser is a privacy-focused, beautifully designed Firefox fork with a unique sidebar tab layout, split views, and built-in content blocking — no telemetry, no tracking.

security MPL-2.0

Vault

35K

Manage secrets and protect sensitive data. Securely store and control access to tokens, passwords, certificates, and encryption keys.

security

KeyCloak

33K

Open source identity and access management. Add authentication to applications and secure services with minimum effort.

security Apache-2.0