On a different note: if clients on LAN use their own DNS and not the system DNS (i.e. not the DNS provided by OpenWrt router and AGH), is it possible to direct these requests to AGH, too?
For example, a browser is set to use its own DNS, most likely not the plain text DNS, but secured DNS. Is it possible to resolve such requests through AGH?
Thanks! Seems like this is possible, but will need to go down the rabbit hole to figure out how 
Perhaps, you might have come across a ready solution elsewhere?
Major Revision To This Guide / Tutorial
Rationale For Major Revision To This Guide / Tutorial
Read Post # 24 in this thread from mercygroundabyss below :
By using AGH on Port 5353 this routing behavior is put into effect :
Because you are double looking up ( DNS queries - with AGH on Port 5353 ).
By making AGH the primary DNS ( meaning AGH on Port 53 ) AGH looks upstream
for whatever provider you set AGH up with (and uses encrypted DNS and DNSSEC),
and ( AGH ) looks downstream to DNSMASQ for internal DHCP addresses.
By having DNSMASQ on port 53 and AGH on port 5353 you introduce another
hop to DNS and repeat effort. Also it doubles the load on your router
and increases memory use as DNSMASQ forks for every request.
I corrected instructions on the tutorial as per your rationale and instructions concerning moving DNSMASQ port ( to port 5353 ) and keeping AGH on Default DNS Port 53 - thanks once again for all you do to advance this project for all of us
Peace and Stay Safe - God Bless
I finally redid all my work and posted up a new thread if you wanted to read exactly how I did things.
The closest thing that has ever worked to DNS hijacking is blocking all external DNS servers.
Hi Directnupe: great write up. But I have a question regarding the Unbound setup with Adguardhome in openwrt. I read your guide and I am struck at issuing the last 3 commands after editing Unbound configs to save and apply those settings.
Can you please tell me where should I issue those commands??? Because in ssh it says command unknown.
And also can you please tell me what kind of config adjustments I should do in Unbound for my Rpi4 as Router ( because you have told that to adjust the parameters according to your router)
I once again thank you for your hard work and dedication in helping the people in this forum.
Thanks in advance
Thanks for the tip around making AdGuardHome the main DNS and not having dnsmasq use AGH as an upstream. DNS latency went from around 33ms to 19ms, I didn't know this would have such a performance hit with dnsmasq forking each request until recently and the stats clearly show it. I originally kept dnsmasq as the primary due to using ipset policies, however it appears AdGuardHome supports ipset as well like dnsmasq, so I can basically reduce dnsmasq to local/internal or rDNS requests only.
I must say after using Pi-Hole, Adblock, Stubby etc. AGH seems to be the best package so far that does it all i.e. Adblocking, DNSSEC validation, DoH/DoT in one single package. Hopefully once the 107 release is merged into 21.02, the opkg package will make installation much easier. Currently, it's got a broken binary with 106.3, so you can install the opkg package but have to overwrite the binary from GitHub but you can take advantage of the startup script, config etc.
or just follow this? [How-To-Updated 2021] Installing AdGuardHome on OpenWrt [Manual and opkg method]
Because last time i looked, openwrt installs okpg AGH to tmp folder
so every time you reboot. you have to redo AGH.
The opkg package writes the configuration to /etc/ so that won't be lost on a reboot.
But logs and stats will be stored in /tmp yes, so you'll lose those.
The configuration of AGH is persistent though, so you don't have to set it up each time no. You will however want to add /etc/adguardhome.yaml to your backup file list though for sysupgrades.
hmm. 106 still has some wierd bugs. 107 is now out stable. I'm still using the edge builds and they work nicely.
I didnt see where they install AGH in that script. do they use /opt too?
Theres a few issues in that smaller space routers the AGH binary is 35mb and it backs it up to a subfolder when you upgrade via the webfrontend. Thats 70mb you need spare +logs and filters.
You can avoid that by unpacking the new version of the top of the existing version if you are confident. I made a script for it in my new thread.
The package currently ships a broken binary for 106.3 anyway, so it should be avoided currently. At the moment, I just install the opkg package for the init.d script and then overwrite the binary. As you say, it has bloated to over 30 MB now, before it was 20 MB, so it's more of an issue for routers with less flash space/RAM.
There is a PR for bumping the package to the latest 107 release: https://github.com/openwrt/packages/pull/17409/
It also provides a way to modify the working DIR directly, so instead of /tmp you could configure it to /opt or even /mnt if you have external storage configured. Hopefully it gets accepted and merged, as it will fix the binary and allow more customisation for avoiding storing everything in tmp, without having to directly modifying the init.d script.
Nice. i added a note that they should consider using /opt/AdGuardHome so people using the AGH wiki find the files in same location. Also makes it easier to mount and use that folder from a usb key as it is only for AGH.
Looks like they've chosen /var because it's a symlink to /tmp but if you configure /var on persistent storage then you'll benefit.
Whether or not it will default to /opt for the official package I don't know. Of course, may can follow your guide with /opt and it will work just fine also.
It was my frustrations with the 104 opkg version that caused me to look into things and help improve install instructions to do it manually and integrate into OpenWrt and now they have the 107 version packaged and put me out of work! 
Still it was good practise and helped people so its all good. I added to the PR and hopefully some of my notes will improve things for the opkg version so it will be far easier to use AGH on OpenWrt for future users.
Your guide is really helpful and certain has helped and will continue to help users. The official package was a little rough in the beginning but hopefully the 107 release will make it a lot better, so you can just use opkg. This however is officially tested and supported for 21.02 onwards, so manually installation may still be needed for those on older builds. You can run the package on 19.07, but there is a possibility dependencies and such may not work, so manually installation is still maybe required for certain users.
What might be good is preserving these guides into the official wiki?
Currently there is no official wiki page for AdGuardHome on OpenWrt, I think there's some great tips and guidance in this that should be incorporated.
I have wiki access, but I'm not going to take parts from your guide without permission, but that could be a really good thing. We could then even get the official AGH team to link to the OpenWrt wiki for anyone using on OpenWrt and have a single source, where others can contribute?
A big part of the issues with the opkg version (certainly in the 104 release) was that it installed into /tmp and thus lost everything when you rebooted. That may have resulted in some colourful language on my part and a look into AGH offical install. 106 as you say is broken due to dependencies on Go but a simple replace of the binary solves that.
107 brings a HUGE chunk of fixes and some that were badly needed for OpenWrt.
With the updated package things should be vastly easier for users now and I had a good back and forth with the PR requester and I think he is aiming to add some of the things from my guide into the opkg version.
I could certainly try wikify my updated article for those who wish to keep on the "bleeding" edge version of AGH. Regular users can use the opkg version now its more current and has some nasty issues resolved.
One of the things I'd like but its only timeframed for a later 107 build or even 108 is their fixes to DHCP.
That way you would just replace OpenWrt's dhcp and flip DNS and DHCP over to AGH and avoid the reconfiguring. (may need to be some tweaking of NTP for updating time/date and also DoH certs)
(edit - this explains it more. https://github.com/AdguardTeam/AdGuardHome/issues/2830 )
Stable vs edge builds is a good point. There's certainly a need for the edge builds i.e. testers, getting new features immediately etc, but it's also important to highlight and encourage using the stable release for those certainly on release builds. If you're on snapshot, chances are you are more likely to be aware of this.
The wiki could basically present two paths stable and edge and go from there, I'd imagine OpenWrt devs would encourage the use of opkg and as you've said that could be classed as the stable installation and then edge builds could be using your original guidance/script. I'm not sure if the opkg package will ever ship an edge build, it is more likely to probably move between the stable versions even in master.
It was more on the AGH end tbh. the 106 > 107 was a bumpy road and its why i switched to using edge builds to keep fixing issues. That being said. 107 is far better place now and is a much more capable "beta" if you will.