Your redirection for adguard should only be active as a LAN side rule. Right now the reason you are seeing those extra entries is because your AGH is public via your WAN redirect. Essentially you are providing adblocking publicly.
Also you are using AGH from behind dnsmasq which is inefficient. What you need to do is swap dnsmasq to a new port and make AGH respond to port 53 inquiries and do Reverse DNS lookups back to dnsmasq. That makes AGH your primary DNS and you take out the extra hop you have with AGH being behind dnsmasq.
If you go read my thread about manually installing you will see.
NanoPi R2S. - is supported in new OpenWrt. its bigger brother the R4S is still snapshot only.