Config the port of dnsmasq to 9153 instead of 53
Remove all « non-local » upstreams DNS (ISP, and others, we will move them to AdGuardHome)
Configure AdGuardHome DNS port to bind 53
Add your DNSMASQ IP with port 9153 to AdGuardHome (for local resolution)
Add also your upstreams DNS servers (IPv4 and IPv6) to the AdGuardHome DNS
Remove the use upstream DNS from the Network config of the WAN
Configure the DHCP options to use the DNS local (optionnal)
Optionnal
A DNS resolution will then do this :
[DSN REQUEST] from clients -> [ADGUARD DNS]
[ADGUARD DNS] -> [DNSMASQ] + [UPSTREAMS DNS]
How's the IPv6 address 0::1 binding ?
adguardhome.yaml is only having binding for IPv4.
root@R7800:~# cat /etc/adguardhome.yaml
...
dns:
bind_host: 127.0.0.1
port: 5353
Although DNS-over-HTTPS works, I'm having challenges to understand how the dns packet flows client->dnsmasq<>adguard<>upstream-dns in relation to adguard and dnsmasq configuration?
config dnsmasq
option domainneeded '1'
option localise_queries '1'
option rebind_protection '1'
option rebind_localhost '1'
option local '/lan/'
option domain 'lan'
option expandhosts '1'
option authoritative '1'
option readethers '1'
option leasefile '/tmp/dhcp.leases'
option localservice '1'
option confdir '/tmp/dnsmasq.d'
list server '/0.sg.pool.ntp.org/1.1.1.1'
list server '/1.sg.pool.ntp.org/1.0.0.1'
list server '/2.sg.pool.ntp.org/1.1.1.1'
list server '/3.sg.pool.ntp.org/1.0.0.1'
# list server '127.0.0.1#5453'
# list server '0::1#5453'
list server '127.0.0.1#5353'
list server '0::1#5353'
option noresolv '1'
option dnssec '1'
option nonegcache '1'
option cachesize '1000'
option ednspacket_max '1280'
What you’ve done is a DNS resolution like this :
[DSN REQUEST] from clients -> [DNSMASQ] + [UPSTREAMS DNS]
[DNSMASQ] -> [ADGUARD DNS]
Not the one like I have recommended
Does this above mean to change config in adguardhome.yaml as below?
dns:
bind_host: 127.0.0.1
port: 53
The below is what puzzles my understanding where to configure?
Is this referring to below dnsmasq config lines or?
list server '127.0.0.1#5353'
list server '0::1#5353'
What I have in my adguardhome.yaml :
dns:
bind_host: 10.4.2.1, ::1, 127.0.0.1
port: 53
...
upstream_dns:
- '[/local/]10.4.2.1:9153'
- 212.27.40.240
- 212.27.40.241
- 2a01:e00::2
- 2a01:e00::1
upstream_dns_file: ""
bootstrap_dns:
- 212.27.40.240
- 212.27.40.241
- 2a01:e00::2
- 2a01:e00::1
- 2620:fe::10
- 2620:fe::fe:10
and inside my /etc/config/dhcp :
config dnsmasq
option port '9153'
list server '/local/10.4.2.1'
then in my /etc/config/network :
config interface 'wan'
option ifname 'wan'
option proto 'dhcp'
option peerdns '0'
and still inside my /etc/config/dhcp :
config dhcp 'lan'
option interface 'lan'
option start '100'
option limit '150'
option leasetime '12h'
option force '1'
list domain 'local'
...
list dhcp_option '3,10.4.2.1'
list dhcp_option '15,local'
list dhcp_option '6,10.4.2.1'
Thanks, I'm getting there..I'm getting there...
I assume 10.4.2.1 is your lan IP.
May I omit the '/local/' domain references and only config as below?
adguardhome.yaml:
dns:
bind_host: 127.0.0.1, ::1, 192.168.1.1
port: 53
...
upstream_dns:
- https://dns.cloudflare.com/dns-query
- 192.168.1.1:5353
upstream_dns_file: ""
bootstrap_dns:
- 9.9.9.10
- 1.1.1.1
- 1.0.0.1
- 2620:fe::10
- 2620:fe::fe:10
/etc/config/dhcp:
list server '192.168.1.1'
option port '5353'
Haven't defined dhcp options earlier but added now below:
config dhcp 'lan'
list dhcp_option '6,192.168.1.1'
list dhcp_option '3,192.168.1.1'
Yes 
local is a replacement of my "local domain name"...
like in AdGuardHome they says in Parameteres/DNS/Exemples :
[/example.local/]94.140.14.140– Vous pouvez spécifier un DNS en amont pour un/des domaine(s) spécifique(s)
Yes !
I do not know if it is necessary, but I usually add them ; yes
Thanks, works good!
Also netstat shows AdGuardHome is listening :53 and dnsmasq :5353.
Was pretty easy to get DNS-over-HTTPS working and resolution seems as snappy as earlier.
Thank you @erdoukki for your suggestions. I still have some confusion.
Remove all « non-local » upstreams DNS (ISP, and others, we will move them to AdGuardHome)
When you say remove all non-local upstream DNS, do you mean unchecking "Use custom DNS servers" from Interfaces>WAN>Advanced Settings and removing anything from "Use custom DNS servers"?
Add your DNSMASQ IP with port 9153 to AdGuardHome (for local resolution)
I haven't found this option in AdGuardHome Web Interface yet?
Configure the DHCP options to use the DNS local (optionnal)
Do you mean got to OpenWRT>Network>DHCP and DNS and tick "Local Service Only"?
- Optionnaly add firewall rules to Hijack DNS on your LAN
Do I need to change any option from this guide?
Yes, you need this to force the WAN request being done locally and with AdGuardHome.
It is not available in the WebUI, only in the .yaml (config) file.
No, I mean adding dhcp-options to force dns domain and server.
Look's fine... you can apply it !
I can't seem to get AdGuardHome to start automatically on boot. I did run the install ( ./AdGuardHome -s install) and I can manually start as service (priority 95).
Am I missing something?
Apart from the start-up everything else work amazing.
Note: I've installed AdGuardHome on an external HDD attached to the router ( /mnt/sda1/opt/AdGuardHome) but judging by the priority the HDD is mounted before an attempt to start the service.
service adguard enable ?
You no longer need to install the package manually because it is currently in OpenWrt. It is installed with opkg install adguardhome.
It’s enabled already.
If I install via a package how do I handle the 20MB storage required?
BTW I don’t seem to find adguardhome via opkg install. How do I proceed?
You still need a good amount of RAM and if you have it, you most likely have internal storage. And to be able to install you need to use the snapshots since it is not in the stable version of OpenWrt. And according to opkg, 7.8 Megabytes are needed.
ls -la /etc/rc.d/ | grep adguard
S95AdGuardHome -> ../init.d/AdGuardHome*
Move it to S99 and if possible make it sleep a bit to make sure the drive is already mounted.