Hi! How can I confirm that AGH is running as my primary DNS resolver (on UDP 53), and that I'm not using dnsmasq? Seems to work fine, but good to verify.. 
if you are using different providers then its easy. But even if you aren't its easy too.
Use dnsleaktest to check who your dns is with.
Change your upstream provider with AGH.
Check your dnsleaktest again see if its changed.
Finally change it back to your original provider.
1 Like
Thanks, then it works correctly! Had an issue where new connections didn't get DNS properly assigned at first, so needed to reconfigure dhcp/dnsmaq. Clients are showing rDNS as source now (not /etc/hosts). That's how it should be as well?
Really impressed with AGH overall. Effective, easy to manage both server and clients, and good visibility of what's happening.
Hi.
I have multiple OpenWrt devices in network (router and managed switches). Should I put AdGuardHome on router or on one of the managed switches (performance wise and resource wise)?
router. I'm not even sure you could run it on a switch.
AGH installing is too complicating for me. I am now having a working Adblocking Setup with Banip+Adblock+DNScrypt-Proxy2. I should see if this Setup works properly or should i find an alternative.
Hey!
Do I need to add custom firewall rules for devices with hardcoded DNS servers while using this set up?
Thanks.
that depends if you want them filtered or not. forcing all dns throu your AGH would at least let you see what / who they are talking to and decide what you want to do with them. Might be rather enlightening as to what they are doing.
(edit) if you look at my first post there is a section about DNS hijacking and a link to the wiki about it.
1 Like
If you are using a router running OpenWRT as a managed switch you should be able to install it on there, a normal managed switch, not so much.
Aaron Z
̶H̶i̶,̶ ̶i̶v̶e̶ ̶u̶s̶e̶d̶ ̶u̶r̶ ̶g̶u̶i̶d̶e̶ ̶a̶n̶d̶ ̶a̶l̶m̶o̶s̶t̶ ̶e̶v̶e̶r̶y̶t̶h̶i̶n̶g̶ ̶i̶s̶ ̶g̶o̶o̶d̶,̶ ̶t̶h̶e̶ ̶o̶n̶l̶y̶ ̶p̶r̶o̶b̶l̶e̶m̶ ̶i̶s̶,̶ ̶i̶f̶ ̶i̶ ̶r̶e̶s̶t̶a̶r̶t̶ ̶m̶y̶ ̶r̶o̶u̶t̶e̶r̶,̶ ̶ ̶i̶ ̶h̶a̶v̶e̶ ̶t̶o̶ ̶m̶a̶n̶u̶a̶l̶l̶y̶ ̶r̶e̶s̶t̶a̶r̶t̶ ̶A̶G̶H̶,̶ ̶o̶r̶ ̶i̶t̶ ̶w̶o̶n̶t̶ ̶w̶o̶r̶k̶.̶.̶.̶
̶D̶o̶n̶t̶ ̶r̶l̶y̶ ̶k̶n̶o̶w̶ ̶h̶o̶w̶ ̶c̶a̶n̶ ̶i̶ ̶f̶i̶x̶ ̶t̶h̶i̶s̶,̶ ̶i̶t̶ ̶s̶e̶e̶m̶s̶ ̶l̶i̶k̶e̶ ̶i̶t̶s̶ ̶s̶t̶a̶r̶t̶i̶n̶g̶ ̶a̶f̶t̶e̶r̶ ̶r̶e̶b̶o̶o̶t̶,̶ ̶b̶u̶t̶ ̶h̶a̶n̶g̶s̶ ̶i̶n̶ ̶t̶h̶e̶ ̶m̶i̶d̶d̶l̶e̶ ̶s̶o̶ ̶t̶h̶e̶ ̶w̶e̶b̶g̶u̶i̶ ̶p̶a̶g̶e̶ ̶l̶o̶a̶d̶s̶ ̶o̶n̶l̶y̶ ̶w̶h̶i̶t̶e̶ ̶s̶c̶r̶e̶e̶n̶,̶ ̶a̶n̶d̶ ̶i̶t̶ ̶m̶a̶k̶e̶s̶ ̶t̶h̶e̶ ̶l̶u̶c̶i̶ ̶l̶o̶a̶d̶ ̶v̶e̶r̶y̶ ̶s̶l̶o̶w̶l̶y̶,̶ ̶a̶n̶d̶ ̶a̶f̶t̶e̶r̶ ̶i̶ ̶r̶e̶s̶t̶a̶r̶t̶ ̶A̶G̶H̶ ̶e̶v̶e̶r̶y̶t̶h̶i̶n̶g̶ ̶i̶s̶ ̶b̶a̶c̶k̶ ̶t̶o̶ ̶n̶o̶r̶m̶a̶l̶
NVM, i just did this
and it doesnt hang anymore
1 Like
It is likely a race condition during startup as you've found. NTP is problematic with DNS encryption, so the workaround in the documentation is the simplest way to fix the issue.
His router should use isp's dns or upstream dns he set rather than going through AGH. Unless he did something different from my instructions. Its only the clients that should get AGH filtering.
i set up my wan dns to 127.0.0.1 and i got this rule in firewall so it forces all devices to use the dns from AGH, at least thats what i gather from the wiki page:
config redirect 'adguardhome_dns_53'
option src 'lan'
option proto 'tcp udp'
option src_dport '53'
option target 'DNAT'
option name 'Adguard Home'
option dest 'lan'
option dest_port '53'
Also i got one more question about query logs, when my computer queries ipv4 dns, it shows the ip and name of my pc, but when it queries ipv6, it shows ipv6 address that i cant see anywhere in the router, and it doesnt show the name of the device, is there a way to change it?
With setting your router DNS to AGH you've forced a loop. Your router should use its ISP dns or a set dns you want. I specifically point this out with my manual thread as it will cause DNS issues.
AGH with the client dns option set will ensure reasonable clients will use the nominated AGH dns. Your dns hijack rule will enforce for hardcoded dns requests. You do not need to set your router dns to talk to AGH. That will avoid the NTP issues (because you need NTP to get correct time and without correct time you cannot do https or encrypted dns as the time will be wrong)
Use the following script to set your router DNS to cloudflare (or change to which ever DNS provider you want and that will stop your loop issues)
routerDNS.sh
#!/bin/sh
# Reconfigure router DNS provider to cloudflare upstream
# Disable peer ISP DNS
uci set network.wan.peerdns="0"
uci set network.wan6.peerdns="0"
# Reconfigure router IPv4 DNS provider to cloudflare upstream
uci -q delete network.wan.dns
uci add_list network.wan.dns="1.1.1.1"
uci add_list network.wan.dns="1.0.0.1"
# Reconfigure router IPv6 DNS provider to cloudflare upstream
uci -q delete network.wan6.dns
uci add_list network.wan6.dns="2606:4700:4700::1111"
uci add_list network.wan6.dns="2606:4700:4700::1001"
# Save changes
uci commit network
# Restart network service to reflect changes
/etc/init.d/network restart
If you are doing dhcpv6 reservations with OpenWrt then AGH should pick them up from OpenWrt as long as you have set the reverse PTR as detailed in the thread. If not then you will have to put them in manually as clients for AGH. (also be aware that google phones/devices will NOT use dhcpv6 and use SLAAC addresses and you will have to keep an eye on them)
1 Like
# DHCP option 6: which DNS (Domain Name Server) to include in the IP configuration for name resolution
uci add_list dhcp.lan.dhcp_option='6,'"${NET_ADDR}"
How to set DNS for client to have 2 DNS? I use kind of proxy and Adguardhome at same time with mobile network as WAN, for some reason the client with only 1 DNS had DNS leak. Test setup 2 DNS manually on client devices fix the problem.
Add the same DNS twice. or edit in luci
uci -q delete dhcp.lan.dhcp_option
uci add_list dhcp.lan.dhcp_option='6,192.168.1.1,192.168.1.1'
uci commit dhcp
/etc/init.d/dnsmasq restart
Also options explained here https://openwrt.org/docs/guide-user/base-system/dhcp#dhcp_pools
1 Like
Thanks you
I am trying to execute the .sh scripts, but i am getting:
you made the script executable?
chmod +x routerDNS.sh then run it with ./routerDNS.sh