What's new

AdGuardHome Asuswrt-Merlin-AdGuardHome-Installer (AMAGHI) cont.

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Status
Not open for further replies.
I have a few clients attached only, test setup. Wanted to see what's the complaint about.
I decided to give the RPI a break for a little while. I wanted to see how well AGH is running on the router. Seems pretty stable other than occasional CPU thrashes (the GO garbage collector (GC) choosing more CPU usage in preference to router memory optimizations). The CPU thrashes seem to not hinder the normal function of the router. I am sure this would be a problem if too many filters or lists were utilized though, but using the default AGH filters seems to have no critical impact to router functionality. In other words, this is probably as good as it gets running it directly on the router.
 
Last edited:
For your userland case it is rather simple, LAN > DHCP > DNS should be blank. Otherwise you are forcing clients to use a different DNS other than the router VIA DHCP option, and they are being "redirected" by the firewall to use the router instead. That is why clients appear to be 127.0.0.1. Why you would put those DNS servers in your LAN-DHCP is beyond me, but that is why your client namespace resolution is broken. This is the consequences of making executive decisions.
Looks like that was it. Need to review what DNS Director does and would also like to get DNS encryption working. I cannot imagine it is as simple as a checkbox. Thanks again.
 
and would also like to get DNS encryption working

I've changed the firmware version to check something, but you get the idea. Example with OpenDNS.

On the router (will be used by the router only):

1701565070234.png


1701565100856.png


1701565123673.png


On AdGuard Home (will be used by your clients):

1701565192822.png


1701565251465.png


I'm using 2x servers with parallel requests to speed up resolution, eventually. Experiment what works for you better.

Some details above depend on how you have installed AdGuard Home. The questions and the answers.
 
And the result:

1701565459681.png


DNS-over-HTTPS to OpenDNS.

If you ask some questions tomorrow I may not have the setup running anymore. 🤪
 
Newest update projectile shirt everywhere today and had to redo my config file - minor inconvenience I guess, no biggie.
yes, me too, i ended to unistall all and reconfigure all from the beginnin, probably some incompatibility with the new yaml file.
 
Thankfully it backs itself up before overwiriting - I've quite an extensive list of ipset stuff in there.
yes, me too, i ended to unistall all and reconfigure all from the beginnin, probably some incompatibility with the new yaml file.

Yep, using the back-up option is really the only way to combat the incompatible .yaml changed. Can yall share what version and branch of Adguardhome you are using? The edge version gets changes as soon as the nightly build for it runs. It is nice the installer has an update feature but it can also be a double edge sword. Updating adguardhome can lead to incompatible breaks stemming from the yaml file. Unless you are in dire need of the next upgrade, it may be a better policy to exercise restraint on press the update trigger. Examine the Adguardhome changelog before making the final decision to upgrade.

Release notes:

 
Last edited:
I have installed Unbound on AX6000 and latest Merlin with AdGuard, but I'm getting an error with IPV6 UPstream. I believe I did everything as I did in the original post, but something is off. Would really appreciate some suggestion how to resolve it.

Server "[::1]:5653": could not be used, please check that you've written it correctly
Server "tcp://[::1]:5653": could not be used, please check that you've written it correctly
 
I have installed Unbound on AX6000 and latest Merlin with AdGuard, but I'm getting an error with IPV6 UPstream. I believe I did everything as I did in the original post, but something is off. Would really appreciate some suggestion how to resolve it.

Server "[::1]:5653": could not be used, please check that you've written it correctly
Server "tcp://[::1]:5653": could not be used, please check that you've written it correctly
What is the output of

netstat -nlp | grep unbound

When you type it into the router command line/ ssh terminal.
 
Last edited:
nothing. I have this unbound installed https://github.com/dave14305/Unbound-Merlin-UI

netstat -nlp works just fine and provides output

And while I have your attention do I need to install Unbound from amtm if I had the one above already?
Unbound only listens on 127.0.0.1 using my old add-on, not ::1. Shouldn’t matter for local queries within the router.
 
Unbound only listens on 127.0.0.1 using my old add-on, not ::1. Shouldn’t matter for local queries within the router.
I don't know if you intended to,


but I notice the prefer-ip6: yes actually makes it try to avoid processing queries over ipv4. Not sure if this behavior is best when all instances of IPV6 are available. A simple " do-ip6: yes" would be most sufficient.
 
Sorry it is case sensitive, I meant.

netstat -nlp | grep unbound

This is to make sure you are using the correct addresses in AGH upstream for AGH to communicate to unbound through.

I had to update ports in the Unbound GUI in the router because for some reason port set there wasn't update. How do I check if DNS are properly resolved?

And the server I have in ADGuard

[/router.asus.com/][::]:553
[/www.asusnetwork.net/][::]:553
[/www.asusrouter.com/][::]:553
[/use-application-dns.net/][::]:553
[/dns.resolver.arpa/][::]:553
[/lan/][::]:553
[//][::]:553
127.0.0.1:53535
tcp://127.0.0.1:53535
tls://dns.adguard-dns.com

1702213799326.png



Do I need to enable anything here? Like DNS server?
I don't think I need local queries to upstream since I don't have any extra local service, right?
1702215065121.png


Should I keep google ones here?

1702215454061.png




And when I try to copy DNS address from here


It doesn't work anymore cos when I click here, this is what I get.

adguard%3Aadd_dns_server?address=tls://dns.adguard-dns.com&name=AdGuard%20DNS

View attachment 54764
 
Last edited:
Status
Not open for further replies.

Similar threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top