Config the port of dnsmasq to 9153 instead of 53
Remove all « non-local » upstreams DNS (ISP, and others, we will move them to AdGuardHome)
Configure AdGuardHome DNS port to bind 53
Add your DNSMASQ IP with port 9153 to AdGuardHome (for local resolution)
Add also your upstreams DNS servers (IPv4 and IPv6) to the AdGuardHome DNS
Remove the use upstream DNS from the Network config of the WAN
Configure the DHCP options to use the DNS local (optionnal)
Although DNS-over-HTTPS works, I'm having challenges to understand how the dns packet flows client->dnsmasq<>adguard<>upstream-dns in relation to adguard and dnsmasq configuration?
My dnsmasq config
config dnsmasq
option domainneeded '1'
option localise_queries '1'
option rebind_protection '1'
option rebind_localhost '1'
option local '/lan/'
option domain 'lan'
option expandhosts '1'
option authoritative '1'
option readethers '1'
option leasefile '/tmp/dhcp.leases'
option localservice '1'
option confdir '/tmp/dnsmasq.d'
list server '/0.sg.pool.ntp.org/1.1.1.1'
list server '/1.sg.pool.ntp.org/1.0.0.1'
list server '/2.sg.pool.ntp.org/1.1.1.1'
list server '/3.sg.pool.ntp.org/1.0.0.1'
# list server '127.0.0.1#5453'
# list server '0::1#5453'
list server '127.0.0.1#5353'
list server '0::1#5353'
option noresolv '1'
option dnssec '1'
option nonegcache '1'
option cachesize '1000'
option ednspacket_max '1280'
What you’ve done is a DNS resolution like this :
[DSN REQUEST] from clients -> [DNSMASQ] + [UPSTREAMS DNS]
[DNSMASQ] -> [ADGUARD DNS]
Not the one like I have recommended
Thank you @erdoukki for your suggestions. I still have some confusion.
Remove all « non-local » upstreams DNS (ISP, and others, we will move them to AdGuardHome)
When you say remove all non-local upstream DNS, do you mean unchecking "Use custom DNS servers" from Interfaces>WAN>Advanced Settings and removing anything from "Use custom DNS servers"?
Add your DNSMASQ IP with port 9153 to AdGuardHome (for local resolution)
I haven't found this option in AdGuardHome Web Interface yet?
Configure the DHCP options to use the DNS local (optionnal)
Do you mean got to OpenWRT>Network>DHCP and DNS and tick "Local Service Only"?
Optionnaly add firewall rules to Hijack DNS on your LAN
I can't seem to get AdGuardHome to start automatically on boot. I did run the install ( ./AdGuardHome -s install) and I can manually start as service (priority 95).
Am I missing something?
Apart from the start-up everything else work amazing.
Note: I've installed AdGuardHome on an external HDD attached to the router ( /mnt/sda1/opt/AdGuardHome) but judging by the priority the HDD is mounted before an attempt to start the service.
You still need a good amount of RAM and if you have it, you most likely have internal storage. And to be able to install you need to use the snapshots since it is not in the stable version of OpenWrt. And according to opkg, 7.8 Megabytes are needed.