[How-To-Updated 2021] Installing AdGuardHome on OpenWrt [Manual and opkg method]

they should be resolved by openwrt (if that is doing your dhcp). Make sure the ptr setup is set to use dnsmasq. https://openwrt.org/docs/guide-user/services/dns/adguard-home#reverse_dns_rdns

If you have a different setup (eg if you using AGH on another device you need to add this to the upstream server list as follows.

or whatever your device is.

However I know depending on which version of AGH you have installed... they did patch a number of PTR issues. I know its been referenced in a earlier post in this thread. I know its fixed in 108. I'm not sure which version of 107 they patched it to.

Edit: found it. [How-To-Updated 2021] Installing AdGuardHome on OpenWrt [Manual and opkg method] - #231 by mercygroundabyss that post.

Thanks a lot.
I will double check everything as per your suggestions.
I am running AGH on the the same Openwrt box i use as router, running the DHCP server for my LAN. It is a Nano PI 5.
As for the AGH version,I am running the Openwrt opkg version 0.107.18, which by the way I was having a documented issue that was preventing me to start the service. I temporally resolved that by making hosts = false in the AGH config file (https://github.com/AdguardTeam/AdGuardHome/issues/5264)

Thank you!

EDIT: PTR settings are as per the guide. I stopped bandwidthd and those queries from the localhost stopped. I am not really sure why they are not handled by Openwrt. Well, I do have a DNS forward set to the Openwrt IP on my dnsmasq though..

AGH DNS Settings:

One log entry of those thousands of PTR requests in the log:

I never edited the adguardhome.yaml file during installation until I ran into trouble updating and installing packages via opkg line commands and the Luci interface. Opkg would time out on requests and give me error messages when trying to update. I did not think it was necessary to edit the adguardhome.yaml file, since I chose for Adguard to listen to the br-lan interface only during setup. After what seemed like ages of trying different solutions, I decided to edit the yaml configuration using WinSCP, as described in the example, and, to my surprise, opkg responded as intended. Just putting it up there for someone who comes across the same issue as I have. Solving the opkg issue now means that I can use Adguard home and install/update packages as appropriate. I'm posting this here if anyone else comes across the same issue.

Sounds like your upstream DNS for your router not right. What you are describing is the router not having a separate DNS and instead is looping back through your AGH.

Make sure you don't have your upstream peer DNS ignored, or use my script to set a upstream DNS for your router using the routerDNS.sh script.

or do the following to re-enable using your ISP's DNS on your wan.

uci set network.wan.peerdns="1"
uci set network.wan6.peerdns="1"

Hi, indeed they were both set to "0", i.e. ignoring advertised DNS server addresses from my ISP.
I switched both back to "1" as indicated. Anyway, that did not help as I continue to see tons of PRT requests coming from every 2.5 mins due to "bandwidthd" trying to resolve hosts for my LAN.
All the rest works as expected, i.e. all the other individual hosts on my LAN show nicely in the logs.
This is what happens when I try to nslookup form the router's "diagnostics" tool within Luci:


Shouldn't those local lookups be going through instead, as my dnsmasq is running on port 54?

Also, in my yaml config file, I had to set hosts: false as this is the only way to start ADG without a FATAL error.

ensure your ptr lookups inside AGH are pointed at dnsmasq on port 54.
However I have had someone report they had to add their dnsmasq as an upstream to do lookups.


I suggest filling an issue on AGH bug tracker as to why ptrs are not being properly looked up.

That is a confirmed bug on 107 branch. See here

A way round this is to uninstall the opkg version and use my script to install the beta version, or remove the beta part to install the 107 updated branch direct from AGH team.

Once again thanks a lot!
Just to confirm, yes PTR lookups are directed to dnsmasq port 54 in AGH:


1 Like

Thank you for trying to help, but my issue was solved as my previous post explained. I ran your routerDNS.sh script when I setup Adguard home on my router. Editing the Adguardhome.yaml file resolved the issue for me.

opkg not updating means your router DNS is looping via AGH. that is an incorrect configuration. Your router should be able to do DNS lookups on its own. An inability for it to do this will mean NTP updates will fail and your router clock will be incorrect and potentially cause other issues like SSL failures due to time sync issues. Either fix it so your ISP DNS is used or use the script to update your router to use an alternate DNS. The reason the router DNS is kept separate is due to the delay in AGH starting when the router boots. The router should have already booted, gained a connection and updated NTP time by time AGH starts.

Your AGH clients will still use your encrypted DNS provided by AGH.

(Slightly OT, sorry:) Per the AGH logs, Google Chrome (macos and android) is doing something a little odd. Whenever a domain is blocked (either by "default" behavior, resulting in, or NXDOMAIN behavior), Chrome immediately tries the same domain with my (local) search domain appended.

So if my search domain as handed out by DHCP were scorchedpotato.io, a blocked request from Chrome for evilhost.evil-tracker.com will be immediately followed by a request for evilhost.evil-tracker.com.scorchedpotato.io, which of course returns NXDOMAIN. Anyone else notice this behavior? No big deal but it does mean a wasted request to my router's local DNS for every request blocked by AGH and it'd be nice to know why Chrome is doing it and how to turn it off.

So far I haven't seen any other client do it apart from Chrome. Sorry to be a little off-topic, but it's something I've observed using AdGuard Home's logging and as a result of AdGuard Home blocking, and it's puzzling me. I assume Chrome thinks any request that returns or NXDOMAIN might be for an undecorated hostname, so it tries appending the search domain just in case.

That is why.

I did find articles about that, but this seems somewhat orthogonal to that. The article describes Chrome initially attempting random lookups to see if ISPs are doing NXDOMAIN hijacking before deciding whether to enable its omnibox (search and url in the same address field) feature. What I'm talking about is appending the search domain to every failed lookup and trying again, every time.

Well, it does seem intuitive why they do it, if annoying. it's of course non standards-compliant and other browsers don't do it. It'd be nice to turn it off.

1 Like

I suspect you will only get an answer direct from google and they are unlikely to say other than "internal secrets".

As for standards and google? mmmh. "Don't be evil?" is slipping.

Me too. :frowning_face:

Hi, sorry for my bad ENG, i want to uninstall this module. So i remove adguardhome opkg in luci. Now my router can't access internet (exclamation mark with wifi icon). Pls help

You want to revert DNS server port in order to access internet. Go to Luci > DHCP and DNS > General Settings:

  1. DNS forwarding to
  2. In Advanced, DNS server port to 53.
    Reboot router.

Thank you very much

First of all, thanks for making this adguardhome package on openwrt.

I am trying to set it up properly on my openwrt router (TP link C2600) but are running into some problems when rebooting my router. I have used the tutorial of OneMarcFifty, from ~25 min, . Basically, moved DNSmasq to 5353 and let AGH run on port 53. I have set the AGH upstream DNS server as also mentioned in this wiki, .

I have enabled the adguardhome service by:

service adguardhome enable
service adguardhome start

Now when I perform a reboot of my router my internet stops and adguardhome is not starting up again. When I run by SSH: service adguardhome status the reply is running. logread -e AdGuardHome is not giving any errors.

When I now change my dnsmasq port back again from 5353 to 53 my internet works again. I have performed multiple attempts to opkg remove the adguardhome package and manually deleted the config file again (rm /etc/adguardhome.yaml). Then do a reinstall, AGH first works but every time after a router reboot the AGH breaks again.

I have read sometimes the NTP can be an issue and tried to add this to upstream server as well:





Any help on what I can do to make AGH survive a reboot of my router?

Never mind this post I have solved the issue by very carefully following the steps in the Wiki.

Now dnsmasq is running on port 54 and by running the setup script from the wiki I have made some extra change to my /etc/config/dhcp settings that I forgot earlier. Also, the adguardhome rDNS settings and LAN domain interception settings are now fully in line with the Wiki.

Now AGH is working and coming up again after a router reboot.

1 Like

Thank you for the guide,
I have one issue:

On my LAN I have internet access but from OpenWrt I have not, becouse of the name resolver.

root@OpenWrt:~# ping
PING ( 56 data bytes
64 bytes from seq=0 ttl=59 time=19.352 ms
64 bytes from seq=1 ttl=59 time=24.086 ms
64 bytes from seq=2 ttl=59 time=24.827 ms
64 bytes from seq=3 ttl=59 time=28.371 ms
64 bytes from seq=4 ttl=59 time=23.944 ms
64 bytes from seq=5 ttl=59 time=26.813 ms
64 bytes from seq=6 ttl=59 time=29.624 ms
--- ping statistics ---
7 packets transmitted, 7 packets received, 0% packet loss
round-trip min/avg/max = 19.352/25.288/29.624 ms
root@OpenWrt:~# ping www.google.com
ping: bad address 'www.google.com'
root@OpenWrt:~# cat /etc/resolve.conf
search lan

If I change it to my openOpenWRTsIPsguard) the opeOpenWrtn resresolvee nameserver but after a reboot the resoresolvef revers my setting.

root@OpenWrt:~# cat /etc/resolve.conf
search lan
nameserver ::1

root@OpenWrt:~# ping www.google.com
PING www.google.com ( 56 data bytes
64 bytes from seq=0 ttl=119 time=24.032 ms
64 bytes from seq=1 ttl=119 time=17.753 ms
64 bytes from seq=2 ttl=119 time=18.484 ms
64 bytes from seq=3 ttl=119 time=17.345 ms
64 bytes from seq=4 ttl=119 time=23.202 ms
--- www.google.com ping statistics ---
5 packets transmitted, 5 packets received, 0% packet loss
round-trip min/avg/max = 17.345/20.163/24.032 ms

How Can I make the config file pernament?