Ehm... you are forwarding everything to itself.
4 Likes
Yes exactly that dhcp config has several things held over from using adblock.
Options 3 and 6 will by default be sent as the router's IP on the LAN, it is not necessary to specify that separately.
2 Likes
Thanks! Are you saying I need to remove these entries completely or change them? Cheers 
Thanks for that. So AdGuard did have something to do with it? When I had AdGuard installed, DNS wouldn't work at all until I logged into AdGuard. After I factory reset, all I did was copy over the dhcp file and a few other things, but suspected it was something in the dhcp config that was causing it.
I wonder should I just do this for simplicity? Thanks!
That ^^
would put this back in order as default option noresolv '0'
Split DNS
LuCI → Network → DHCP and DNS → Resolv and Hosts Files → Ignore resolve file
Ignore resolvfile option and limit upstream resolvers to server option. This effectively enables split DNS and makes the local system not to use dnsmasq.
1 Like
config dnsmasq
list server '192.168.1.1' # <-- here you say your upstream DNS server is 192.168.1.1 - which is your router. remove it.
option port '5353' # <-- here you say that your dns server (=dnsmasq) should listen on port 53. but i assume your clients use default 53. remove it
above setup made sense when you had adguard as all dns traffic was hijacked/captured by adguard instead of dnsmasq.
config dhcp 'lan'
list dhcp_option '6,192.168.1.1' # <-- here you say all dhcp client should use this ip as DNS server. which is ok if your router with dnsmasq runs on this ip, but actually obsolete. you can remove
list dhcp_option '3,192.168.1.1' # <-- strictly speaking this is neither a must, you can remove but ok to leave as is. this sets the default gateway for your dhcp clients
2 Likes
As others have pointed out, your dnsmasq file still has some leftovers from AGH install. I made an uninstall script from my manual install thread that removes all AGH options and resets your dnsmasq file back to a working config.
The reason you lost DNS is because AGH inserts itself as the primary DNS and pushes dnsmasq to port 5353 to be a resolver internal dns. Its sole use is for PTR lookups for your clients. A cleaner way to deploy AGH would be to disable OpenWrt's DHCP and switch over completely to AGH's DHCP but they still have some code refactoring to sort out for AGH. I and James decided that due to the state of AGH's DHCP that it would be wiser to do this split setup until AGH's DHCP improves to the level of OpenWrt's DHCP. Right now simple DHCP on a flat network will work but more complex networks with VLANs etc would be tricky to implement.
#include uninstall script.
uninstallAGH.sh
#!/bin/sh
curl -s -S -L https://raw.githubusercontent.com/AdguardTeam/AdGuardHome/master/scripts/install.sh | sh -s -- -v -u
# 1. Reverts AdGuard Home configuration and resets settings to default.
# 2. Enable rebind protection.
# 3. Remove DHCP options for IPv4 and IPv6
uci -q delete dhcp.@dnsmasq[0].noresolv
uci -q delete dhcp.@dnsmasq[0].cachesize
uci set dhcp.@dnsmasq[0].rebind_protection='1'
uci -q delete dhcp.@dnsmasq[0].server
uci -q delete dhcp.@dnsmasq[0].port
uci -q delete dhcp.lan.dhcp_option
uci -q delete dhcp.lan.dns
# Network Configuration
# Disable peer/ISP DNS
uci set network.wan.peerdns="0"
uci set network.wan6.peerdns="0"
# Configure DNS provider to Google DNS
uci -q delete network.wan.dns
uci add_list network.wan.dns="8.8.8.8"
uci add_list network.wan.dns="8.8.4.4"
# Configure IPv6 DNS provider to Google DNS
uci -q delete network.wan6.dns
uci add_list network.wan6.dns="2001:4860:4860::8888"
uci add_list network.wan6.dns="2001:4860:4860::8844"
# Save and apply
uci commit dhcp
uci commit network
/etc/init.d/network restart
/etc/init.d/dnsmasq restart
/etc/init.d/odhcpd restart
1 Like
That shouldnt happen. Properly setup AGH should load and provide DNS as one of the last network start queues. Guess its bit late to troubleshoot now you've reset however
I tried removing a few things from the dhcp config, but no luck. I then decided to do another factory reset, then just manually copy over the static dhcp leases to the newly install dhcp config. Everything is now working correctly No more DNS issues!
I think something was missed when I installed AdGuard. I'm not sure what happened! I really would like it to run but it looks like it is no longer available from the opkg package list?
Thank you! That uninstall script would have probably saved me a lot of bother. I didn't realise that after factory reset and restoring that it wouldn't restore packages. Even still though, this is really useful. Thanks for pointing it out!
Yeah I think something was missed during the install which I didn't realise.
2 Likes
Thanks again to everyone for helping me out. I really do appreciate it
2 Likes
opkg update from SSH command line or do a update lists from the opkg software page here : http://192.168.1.1/cgi-bin/luci/admin/system/opkg
opkg requires that update as it doesn't save the update lists. So when you reboot you have to tell it to update again and then you should see the software updates / installs.
1 Like
Thanks. I've done this a number of times and also via ssh, but AdGuard isn't showing in my list for some reason? It was there a few days ago. Not sure what I'm missing
curious. Maybe something up with the feed?
Its showing up here on my feed but i'm using a snapshot release.
You can always do a manual install using my thread. Both the opkg and manual install require some SSH usage as you cannot deploy out of box without assuming some defaults and so you must do some config on the way. The differance between the opkg versions and the manual is opkg only takes the stable releases and repacks them for OpenWrt. Manual version lets you use the more up to date feeds (which are at this point fairly stable) but aren't really "stable" releases so aren't allowed under opkg rules.
Not sure why. I installed it from here before, but it's not there after factory reset. I have updated the list many times which is successful, but still AdGuard Home is not there. There's a normal adblock application but I would much rather use AdGuard.
I was going to use this guide, but I don't want to screw my DNS up again.
Also, it would be interesting to know why I can't see it. I am using a Belking RT3200 router and I updated the snapshot for RT3200 UBI using today's snapshot.
If you use my thread it prepares your router for installing AGH and uses AGH's developer script to install their edge build directly. This means making the minimal of changes and means all of AGH's stuff is in the same places as if you follow their manual install method off their wiki.
The main difference between the opkg version and mine is that mine follows the AGH developers install of using /opt/AdGuardHome as base install (but with this you require more space for the binaries and logs) vs the opkg version that installs into custom location and logs to /tmp which means when you reboot you loose your statistics and logs. It does however mean less space used.
Both opkg and manual install insert AGH as primary DNS and push dnsmasq to internal only to keep memory usage lower and to stop extra hops for dns lookups. The easier way is to install AGH behind dnsmasq but this is a sub par way of dealing with this and makes for extra dns hops. (and additional memory usage as dnsmasq forks each request and uses more memory)
(edit)
System requirements[#](https://bayas.dev/posts/adguard-home-openwrt/#system-requirements)
* A router with a recent OpenWrt version installed.
* 100MB free RAM.
* 20MB free disk space.
the main AGH binary is now 35 mb so u need at least 70mb free (for main binary and backup when it updates)
(edit2)
His guide also does a full manual install (using a zipped package) and doesn't use the developers automated script.
There's more info here about manual installs from the AGH team.
1 Like
Thank you! I wish I could give you a hundred thumbs up for that. Great advice! I'm going to use your method for sure.
I'm still somewhat confused by the memory and disk space. I'm sure there's a very valid reason for it, but I don't understand why so much space is allocated to temp, leaving only 80MB. I guess this will be enough but ideally, I'd like to keep plenty of space free for other packages etc.
Regarding your specific disk space it is most likely down to how OpenWrt partitions its space for your particular router. Without knowing more about it i cant guess further than that. My router uses a sdcard so i'm using a 32gb card so i dont need to worry about disk space. I also run my ubiquiti cloud manager from a docker container on the router.
Regarding AGH? The space requirements used to be smaller but the 107 build introduced a fair bit of extra space used (its down to the Go Librarys they updated. They are looking into it and one way to get the space down is to compress it and let the cpu decompress on the fly.
There is an issue filed on it and last i checked it was to be dealt with as part of the 108 builds but my guess is they probably pushed it back to the 109 build.
The reason for double space usage is when AGH upgrades it copies your existing binary and setup files into a backup folder. Then it installs over the top of the main binary and restarts. I have a manual script (that you need to edit depending on your cpu type) that will upgrade in place and I've asked the developers about it and it is part of their refactoring of the codebase but is still not completed yet. (AGH tends to silently fail doing an update with no disk space left. It does complain in the logs but the interface just reports "Failed". I've asked them to do some simple disk space checks but that then circles around back to how much space they use which they are trying to reduce. Right now there is no "simple" way they can say "we use X space. Check thats free") (edit - found it - https://github.com/AdguardTeam/AdGuardHome/issues/3801)
Your logs can be controlled by keeping them to 30days or so. or even a week if u just want minimal logs. Statistics can be 90days as the main db for that isn't huge. Sadly i just reset all my logs and stats this week trying to hunt down some adverts slipping past my filters so i cant give you some longer term log sizes.
One useful link to watch is this https://github.com/AdguardTeam/AdGuardHome/commits/master
That shows you all the patches they are doing to AGH and if you are using the edge build then that is all the updates for it.
Found one my old issues for AGH. That actually shows some of the log file sizes.
-rw-r--r-- 1 root root 45.4M Nov 2 20:42 querylog.json
-rw-r--r-- 1 root root 8.9M Oct 29 09:00 querylog.json.1
-rw-r--r-- 1 root root 32.0K Oct 30 05:28 sessions.db
-rw-r--r-- 1 root root 4.0M Nov 2 21:00 stats.db
As you can see if you log everything then your disk space will go up considerably. The stats db as i remembered is indeed tiny.
These are my current file sizes.
-rw-r--r-- 1 root root 12.5M Apr 1 19:16 querylog.json
-rw-r--r-- 1 root root 32.0K Apr 1 19:16 sessions.db
-rw-r--r-- 1 root root 256.0K Apr 1 19:16 stats.db
1 Like
Wow. Thank you for taking the time with such a detailed and well coorindated reply. I really do appreciate it!
Haha, not likely anytime soon! Are you running on a Pi?
I'd be ok with keeping the logs for 7 days or so, given my limited space. I guess I'll just have to experiment with it. Your method is definitely better, because of course I had the issue if the logs clearing every time I rebooted.
I'm all over this link! I'll most certainly be keeping a close eye on it. Thank you!
I'll have another go at installing AdGuard over the weekend and let you know how I get on. Out of interest, do you use the default filter lists or is there any extra you'd recommend? Thanks again and sorry about all the questions!
2 Likes
You are welcome. I took about 3 threads on the forum including a massive 2yr long one and with some further research and testing (along with some help from a few others), turned all that into my master thread. From those efforts and some help from @jamesmacwhite a wiki was sorted out and finally an opkg version properly sorted. (the 104 edition of agh was... really bad.) That's one reason why i re-wrote everything and got it to a more useable state, plus feedback to AGH team with issues too. Part of it is i think they were surprised at how AGH was being used on much smaller routers etc. They were used to people using x86 routers or even mini pcs where space and memory isnt constrained but building into soho routers takes much more care and planning. (like how my manual version vs opkg version differ due to space and usage).
Nope. Something rather more fun. a NanoPi R4S : NanoPi R4S-RK3399 is a great new OpenWrt device
That plugs into a local lan switch (I really want a ubiquiti POE one but getting one is damn near impossible right now) and then a separate POE powered Ubiquiti AC-Lite for my wifi due to my insane concreate walls that make wifi damn near impossible.
It shouldn't be a major issue. I haven't rebooted mine in a while.
root@OpenWrt:~# uptime
22:28:51 up 41 days, 4:57, load average: 0.10, 0.21, 0.14
But yes, loosing the logs can be a pain. For most people however its not too bad an issue. If you have the space however, then the manual version where you can keep all the logs etc is much nicer.
No problem on questions. Drop a post in the thread if you run into issues. That's what its there for.
As for filters... that's bit more tricky. I was using a custom set and i did publish them but AGH team redid a fair few of them and now the ones they come with are pretty good. There are one or two i wouldn't use and i also use a few different ones from the custom ones just purely down to my choices. But for completeness i'll list you the filters part from my yaml file.
filters:
- enabled: true
url: https://adguardteam.github.io/AdGuardSDNSFilter/Filters/filter.txt
name: AdGuard DNS filter
id: 1
- enabled: false
url: https://adaway.org/hosts.txt
name: AdAway Default Blocklist
id: 2
- enabled: true
url: https://raw.githubusercontent.com/Perflyst/PiHoleBlocklist/master/SmartTV-AGH.txt
name: Perflyst and Dandelion Sprout's Smart-TV Blocklist
id: 1625359387
- enabled: true
url: https://raw.githubusercontent.com/durablenapkin/scamblocklist/master/adguard.txt
name: Scam Blocklist by DurableNapkin
id: 1625359388
- enabled: true
url: https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts
name: https://github.com/StevenBlack/hosts
id: 1625359390
- enabled: true
url: https://osint.digitalside.it/Threat-Intel/lists/latestdomains.txt
name: https://firebog.net/ - OSINT.digitalside.it
id: 1625359391
- enabled: true
url: https://v.firebog.net/hosts/Easyprivacy.txt
name: https://firebog.net/ - EasyPrivacy
id: 1625359393
- enabled: true
url: https://www.github.developerdan.com/hosts/lists/ads-and-tracking-extended.txt
name: https://www.github.developerdan.com/hosts/
id: 1633201708
- enabled: true
url: https://phishing.army/download/phishing_army_blocklist.txt
name: Phishing Army List
id: 1635888815
- enabled: true
url: https://raw.githubusercontent.com/hoshsadiq/adblock-nocoin-list/master/hosts.txt
name: NoCoin Filter List
id: 1639602953
- enabled: false
url: https://raw.githubusercontent.com/DandelionSprout/adfilt/master/Alternate%20versions%20Anti-Malware%20List/AntiMalwareAdGuardHome.txt
name: Dandelion Sprout's Anti-Malware List
id: 1639602954
- enabled: true
url: https://raw.githubusercontent.com/mitchellkrogza/The-Big-List-of-Hacked-Malware-Web-Sites/master/hosts
name: The Big List of Hacked Malware Web Sites
id: 1639602955
- enabled: true
url: https://curben.gitlab.io/malware-filter/urlhaus-filter-agh-online.txt
name: Online Malicious URL Blocklist
id: 1639602956
whitelist_filters:
- enabled: true
url: https://raw.githubusercontent.com/anudeepND/whitelist/master/domains/whitelist.txt
name: https://github.com/anudeepND/whitelist
id: 1625359392
I'd suggest you just copy the name of the list and its location into the AGH interface by doing a manual list unless you are confident at editing yaml files. Even an extra space will make it barf up with config errors. (trust me... done it myself and its a pain.)
The whitelist one is quite important. Anudeep also lists a couple of other ones in case the wife likes shopping sites etc. That enables referral links etc.
AdAway Default Blocklist and Dandelion Sprout's Anti-Malware List i disabled due to some issues. I may have to check it out again at some point but the rest were ok. However his Smart TV blocker is wonderful.
What i do caution for filters is this. Start small, look at what is going on in your network, don't just add 2million filters and then wonder why your router is on fire. Its also another reason i removed my personal lists and tell people to start with the default ones the AGH team update internally.
(edit) Once you have your family filtering done and working, please feel free to document it in a post on the thread. I don't use family filtering and dont have a lot of other devices to do that kind of testing with. I'm sure others will be in your situation of requiring filtering and monitoring of the little ones and would appreciate your experience of setup etc. I could then add relevant bits to the wiki as well for others to use. #themoreyouknow
2 Likes
IKR
LOL
It's a shame that there isn't a DOUBLE SOLVE button. I know who my friends are now!!
1 Like
One of the reasons i try to explain everything?
This
2 Likes