From this post (thx @luochongjun), there are a list of GL-Inet router compatibles with AGH:
With optimization, it seem possible to execute AGH from a 128Mb router...
Друзья, подскажите. У меня Redmi AC2100 , 128 Мб. Установлена версия 104.3 В фильтрах подключены черные списки adguard и adway, свободно 13-20Мб.
. Это к тому, как работает на устройстве с 128 Мб ОЗУ.Sorry, I don't use AdGuard and I have no idea how to perform conjunctive logical operations to DNS replies from multiple upstream resolvers. 
How can I use my VPN provider DNS (bypassing the AGH DNS) when OpenVPN is running?
When I perform a DNS Leak Test I notice that AGH is resolving the DNS queries which implies DNS Leak from the VPN provider standpoint.
Can anyone check if I am doing these steps by @erdoukki correctly?
- Disabling DNS part of dnsmasq(Source)
Edit the DHCP to disable port 53 for DNS:
Network>DHCP and DNS>DNS Server Port and change it from 53 to 0
Then go to AdguardHome Setup(Example: http://127.0.0.1:3000) and it won't ask you to change the DNS port.
Remove all upstreams DNS from DNS/MASQ
SSH into the router. Then open the dhcp config file by running
nano /etc/config/dhcp
Then under config dnsmasq add noresolv like this(Source):
option noresolv '0'
- Configure AdGuard Home to replace DNS/MASQ (use port 53)
Just run the first Setup((Example: http://127.0.0.1:3000))
Add your local domain to DNS at port 9153
Why and how?
Add upstreams DNS servers v4 and v6 to DNS config
How to do this?
Not sure how to do this yet. Can anyone explain this?
- LAN
DHCP v4 and v6 force LAN DNS
Optionnaly add firewall rules to Hijack DNS on your LAN
Is it talking about this?
I am going to use AdguardHome as my DHCP and it is installed in my main router.
Config the port of dnsmasq to 9153 instead of 53
Remove all « non-local » upstreams DNS (ISP, and others, we will move them to AdGuardHome)
Configure AdGuardHome DNS port to bind 53
Add your DNSMASQ IP with port 9153 to AdGuardHome (for local resolution)
Add also your upstreams DNS servers (IPv4 and IPv6) to the AdGuardHome DNS
Remove the use upstream DNS from the Network config of the WAN
Configure the DHCP options to use the DNS local (optionnal)
Optionnal
A DNS resolution will then do this :
[DSN REQUEST] from clients -> [ADGUARD DNS]
[ADGUARD DNS] -> [DNSMASQ] + [UPSTREAMS DNS]
How's the IPv6 address 0::1 binding ?
adguardhome.yaml is only having binding for IPv4.
root@R7800:~# cat /etc/adguardhome.yaml
...
dns:
bind_host: 127.0.0.1
port: 5353
Although DNS-over-HTTPS works, I'm having challenges to understand how the dns packet flows client->dnsmasq<>adguard<>upstream-dns in relation to adguard and dnsmasq configuration?
config dnsmasq
option domainneeded '1'
option localise_queries '1'
option rebind_protection '1'
option rebind_localhost '1'
option local '/lan/'
option domain 'lan'
option expandhosts '1'
option authoritative '1'
option readethers '1'
option leasefile '/tmp/dhcp.leases'
option localservice '1'
option confdir '/tmp/dnsmasq.d'
list server '/0.sg.pool.ntp.org/1.1.1.1'
list server '/1.sg.pool.ntp.org/1.0.0.1'
list server '/2.sg.pool.ntp.org/1.1.1.1'
list server '/3.sg.pool.ntp.org/1.0.0.1'
# list server '127.0.0.1#5453'
# list server '0::1#5453'
list server '127.0.0.1#5353'
list server '0::1#5353'
option noresolv '1'
option dnssec '1'
option nonegcache '1'
option cachesize '1000'
option ednspacket_max '1280'
What you’ve done is a DNS resolution like this :
[DSN REQUEST] from clients -> [DNSMASQ] + [UPSTREAMS DNS]
[DNSMASQ] -> [ADGUARD DNS]
Not the one like I have recommended
Does this above mean to change config in adguardhome.yaml as below?
dns:
bind_host: 127.0.0.1
port: 53
The below is what puzzles my understanding where to configure?
Is this referring to below dnsmasq config lines or?
list server '127.0.0.1#5353'
list server '0::1#5353'
What I have in my adguardhome.yaml :
dns:
bind_host: 10.4.2.1, ::1, 127.0.0.1
port: 53
...
upstream_dns:
- '[/local/]10.4.2.1:9153'
- 212.27.40.240
- 212.27.40.241
- 2a01:e00::2
- 2a01:e00::1
upstream_dns_file: ""
bootstrap_dns:
- 212.27.40.240
- 212.27.40.241
- 2a01:e00::2
- 2a01:e00::1
- 2620:fe::10
- 2620:fe::fe:10
and inside my /etc/config/dhcp :
config dnsmasq
option port '9153'
list server '/local/10.4.2.1'
then in my /etc/config/network :
config interface 'wan'
option ifname 'wan'
option proto 'dhcp'
option peerdns '0'
and still inside my /etc/config/dhcp :
config dhcp 'lan'
option interface 'lan'
option start '100'
option limit '150'
option leasetime '12h'
option force '1'
list domain 'local'
...
list dhcp_option '3,10.4.2.1'
list dhcp_option '15,local'
list dhcp_option '6,10.4.2.1'
Thanks, I'm getting there..I'm getting there...
I assume 10.4.2.1 is your lan IP.
May I omit the '/local/' domain references and only config as below?
adguardhome.yaml:
dns:
bind_host: 127.0.0.1, ::1, 192.168.1.1
port: 53
...
upstream_dns:
- https://dns.cloudflare.com/dns-query
- 192.168.1.1:5353
upstream_dns_file: ""
bootstrap_dns:
- 9.9.9.10
- 1.1.1.1
- 1.0.0.1
- 2620:fe::10
- 2620:fe::fe:10
/etc/config/dhcp:
list server '192.168.1.1'
option port '5353'
Haven't defined dhcp options earlier but added now below:
config dhcp 'lan'
list dhcp_option '6,192.168.1.1'
list dhcp_option '3,192.168.1.1'
Yes 
local is a replacement of my "local domain name"...
like in AdGuardHome they says in Parameteres/DNS/Exemples :
[/example.local/]94.140.14.140– Vous pouvez spécifier un DNS en amont pour un/des domaine(s) spécifique(s)
Yes !
I do not know if it is necessary, but I usually add them ; yes
Thanks, works good!
Also netstat shows AdGuardHome is listening :53 and dnsmasq :5353.
Was pretty easy to get DNS-over-HTTPS working and resolution seems as snappy as earlier.
Thank you @erdoukki for your suggestions. I still have some confusion.
Remove all « non-local » upstreams DNS (ISP, and others, we will move them to AdGuardHome)
When you say remove all non-local upstream DNS, do you mean unchecking "Use custom DNS servers" from Interfaces>WAN>Advanced Settings and removing anything from "Use custom DNS servers"?
Add your DNSMASQ IP with port 9153 to AdGuardHome (for local resolution)
I haven't found this option in AdGuardHome Web Interface yet?
Configure the DHCP options to use the DNS local (optionnal)
Do you mean got to OpenWRT>Network>DHCP and DNS and tick "Local Service Only"?
- Optionnaly add firewall rules to Hijack DNS on your LAN
Do I need to change any option from this guide?
Yes, you need this to force the WAN request being done locally and with AdGuardHome.
It is not available in the WebUI, only in the .yaml (config) file.
No, I mean adding dhcp-options to force dns domain and server.
Look's fine... you can apply it !
I can't seem to get AdGuardHome to start automatically on boot. I did run the install ( ./AdGuardHome -s install) and I can manually start as service (priority 95).
Am I missing something?
Apart from the start-up everything else work amazing.
Note: I've installed AdGuardHome on an external HDD attached to the router ( /mnt/sda1/opt/AdGuardHome) but judging by the priority the HDD is mounted before an attempt to start the service.
service adguard enable ?
You no longer need to install the package manually because it is currently in OpenWrt. It is installed with opkg install adguardhome.