[HowTo] Running Adguard Home on OpenWrt

Suddenly, the past two days, only when I disable these, see image below, can I connect to the internet, otherwise, I had to disable the entire service. Anyone else with this issue?
Screenshot 2021-12-12 at 13.37.22

you have to use AGH DNS as upstream if you use those I believe, as it uses AGH DNS for that extra filtering.

@mercygroundabyss thanks. And that may be. But those were ticked since install and trouble only started 2 days ago, and I had to deselect them. So I'm not sure your explanation applies.I wonder what else is going on.

What upstream are you using?

Also what version. They have patched a few client issues. Its possible those have triggered those issues.

But as I have said. If you want to use AGH's DNS filtering you must use their upstream servers or you will receive invalid responses when it trys to filer.

I want to ask politely here if there is a DoQ Server being offered by Cloudflare. I searched everywhere on the Internet, but couldnt get a real DNS Server(DoQ) from Cloudflare which is working. I also know that the service is since July this year active.
Can you guide me pls in setting up Cloudflare DoQ server on Adguarhome in Openwrt ?
Thanks in advance

AGH DNS supports Quic but Cloudflare does not.

https://dnsprivacy.org/public_resolvers/#dns-over-quic-doq
This suggests AGH is currently the only public DoQ provider.

I did find some info that Cloudflare are working on it but no news yet.

(edit - https://centr.org/news/blog/ietf109-dns-transport.html - It appears DoQ is not fully finalised and DoH is preferred at present. DoT is used for most stubby / unbound resolvers)

(edit2 - apparently NextDNS support it as well but its SNI blocked by china. https://help.nextdns.io/t/x2hmvas?r=h7hkf6q )

(edit3 - https://kb.adguard.com/en/general/dns-providers there appears to be some more DoQ providers in AGH's DNS list. )

Yes I saw that. It's very unfortunate that AGH is the only provider which offers DoQ. Cloudflare being the fastest Dns server provider, I expected them to also release this DoQ server.
I am using nextdns DoQ, it's very fast.

FYI, found out through experimentation how to get AdGuard Home to delegate simple undecorated hostnames with no domain to a resolver on another host or port; which is useful if you want AdGuard Home to be your primary resolver (on port 53) but are continuing to use OpenWRT for DHCP/dnsmasq. Comment here:

The following chunk from my updated install thread that does what you discovered.

It redirects rDNS lookups passed to AGH to dnsmasq on OpenWrt.

However by adding your intercepts :

[/lan/]127.0.0.1:5353
[//]127.0.0.1:5353

to the upstream list that will intercept lan and domainless requests and pass those requests back to openwrt. "lan" is OpenWrt's default domain. (You may need to put your ip address instead of just local host.)

=====

The following settings allows AGH to pull client info from OpenWrt's DNSMasq.

https://github.com/AdguardTeam/AdGuardHome/wiki/Configuration#rdns-clients - Configuring rdns.

yaml settings for this:

  resolve_clients: true
  use_private_ptr_resolvers: true
  local_ptr_upstreams:
  - 127.0.0.1:5353

===

I tried that, even though I was thrown by the document's use of the words "reverse DNS", and PTR queries, which doesn't really describe the requirement.

In practice it seems to work for things on the same netmask, e.g. /24, as the resolver. However my local domain is spread over four networks reachable only through the router. The approach you've shown there doesn't work for resolving, from my LAN, addresses on my DMZ (let's say that's on 192.168.64.0/24). Whereas the "empty" pattern [//] I documented above appears to work correctly for all undecorated names of hosts served by OpenWRT's DNS regardless of network.

1 Like

Ah. With multiple networks then yes you will need upstream interception. I added it to my thread btw.

It will get simpler when we can just use DHCP from AGH instead of having to slice and dice like this. But right now multiple network dhcp via AGH is... tricky.

(edit)
Basically what we are doing is re-directing dns requests for local clients back from AGH to OpenWrt. If we were using AGH DHCP then it would realise these requests are for local clients and answer as required. However because OpenWrt is doing the DHCP then we have to tell AGH to pass those requests to OpenWrt. rDNS requests will just be dropped by upstream DNS as they will have no entries for them and thus reply with an NXDOMAIN.

In short. lan and domainless requests are intercepted and passed to OpenWrt. Other DNS requests are correctly passed upstream for resolving.

Its documented here. https://www.ripe.net/manage-ips-and-asns/db/support/configuring-reverse-dns

I have the weird problem when since running AGH on my router that some websites are not properly loading or not loading at all. How can I fix that?

Thanks and Merry Christmas

Look in your query logs. See what's being blocked and either put in an exception. It will be the blocks causing issues. I've had to manually override some filters because of this.

I have added it as an exception, but that did not help. Will do some other testing!

Common websites these days don't just use self-hosted resources, they typically pull from dozens (hundreds) of external locations - just adding your wanted websites to the whitelist alone won't help, you'll need to dig deeper.

I guess you are correct, at the same time, the logs do not provide too much information. Will try to dig deeper! Thanks and Merry Christmas

Be sure you're filtering the log by the IP address of the device you're trying to load the site from. Any URL that gets blocked when you're not using that device for any other purpose has a fair likelihood of being the problem.

(PS When you find the thing that makes it work, don't forget to remove the other exceptions that you tried along the way: if you allow everything, what's the point of running AGH?)

A fun side effect of running Adguard Home (or at least the blocklists I'm using) is that Google TV apps sometimes get confused about where I am. I immediately started seeing the occasional title or other text displayed in German or even Japanese. It's not a serious problem, just amusing and so far I don't feel any need to do anything about it.

opkg AGH now updated to 107. This build is useable and now you can just opkg install and use openwrt's build.

Please note this does NOT install into /opt but into /var so there are differances to using the AGH install script that i detail in my updated install post and instructions in this thread.

1 Like

@mercygroundabyss thanks for your responses earlier. But can you please tell me which upstream severs work. I have tried them but unless I uncheck, as seen below, I do not get Internet access; without or without AGH upstream severs.
Screenshot 2021-12-26 at 15.36.45