i set the router WAN to cloudflare so it avoids my ISP DNS. It also does dns in the clear (no encryption) to avoid security issue. specifically that the time on router from reboot is wrong. so you need an ntp call to update it and set it before SSL will work correctly (as it requires date and time to be correct).
You can set AGH to avoid using SSL for ntp requests and that is on the wiki and in AGH instructions. However router dns is up before AGH is (as its loaded later) Thus i just made it simple to avoid issues.
However there is nothing stopping you adding multiple DNS into AGH and using them round robin fashion. I just prefer one provider and leave it like that.
Hey! Great topic!
Everything is working fine here. Desktop and smartphones but not in my pocofone. Ip on auto or dhcp (all pointing to dns server), everything going through. Any tips?
Anyone who uses ipset functionality may come across issues with AdGuard Home starting automatically on boot. I happen to have discovered this myself, as I use it.
The issue is ipset chains not existing before AdGuard Home starts. I was initialising them in /etc/rc.local however this seems to run quite late in the boot process and AdGuard Home is trying to start earlier than this.
If you use the manual install method, the init.d script provided by the AdGuard Home developers uses S99, which is very close to the end of booting and possibly avoids it, if you use the opkg package, it uses a much earlier start value which can in some cases be too early.
You can manually change the START value in the init.d script, but this will be erased on sysupgrade.
The avahi-daemon uses udp 5353, so AdGuard Home should use another port Although ideally, you should have AdGuard Home as the primary DNS resolver on UDP 53, rather than using it as a upstream due to DNS performance with resolvers like dnsmasq forking each DNS request.
Hi! How can I confirm that AGH is running as my primary DNS resolver (on UDP 53), and that I'm not using dnsmasq? Seems to work fine, but good to verify..
Thanks, then it works correctly! Had an issue where new connections didn't get DNS properly assigned at first, so needed to reconfigure dhcp/dnsmaq. Clients are showing rDNS as source now (not /etc/hosts). That's how it should be as well?
Really impressed with AGH overall. Effective, easy to manage both server and clients, and good visibility of what's happening.
I have multiple OpenWrt devices in network (router and managed switches). Should I put AdGuardHome on router or on one of the managed switches (performance wise and resource wise)?
AGH installing is too complicating for me. I am now having a working Adblocking Setup with Banip+Adblock+DNScrypt-Proxy2. I should see if this Setup works properly or should i find an alternative.
that depends if you want them filtered or not. forcing all dns throu your AGH would at least let you see what / who they are talking to and decide what you want to do with them. Might be rather enlightening as to what they are doing.
(edit) if you look at my first post there is a section about DNS hijacking and a link to the wiki about it.
It is likely a race condition during startup as you've found. NTP is problematic with DNS encryption, so the workaround in the documentation is the simplest way to fix the issue.
His router should use isp's dns or upstream dns he set rather than going through AGH. Unless he did something different from my instructions. Its only the clients that should get AGH filtering.