AdGuardHome Asuswrt-Merlin-AdGuardHome-Installer (AMAGHI) cont.

[xmanyes]

Will try also the manual install later, here is the screenshot of your command:

 

[xmanyes]

Besides dnscrypt, all other scripts are working fine... But I did experience error with AGH for missing bcrypt package which I installed it then manually (I've got terminal command here on the forum).

 

[xmanyes]

To mke it clear... Dnscrypt is also working fine now, but it had some hiccups earlier this year and would want to install, I guess because of the same architecture pecularities...

 

[SomeWhereOverTheRainBow]

To mke it clear... Dnscrypt is also working fine now, but it had some hiccups earlier this year and would want to install, I guess because of the same architecture pecularities...

Well you cannot run dnscrypt proxy and adguardhome side by side because adguardhome requires access to port 53, but dnscrypt proxy would also attempt to occupy this port which would prevent adguardhome from even starting. The scripts are not designed to run complimentary to each other in that sense. Particularly since adguardhome can do dnscrypt, DoH, DoT, and doq. It is pointless to run both.

 

[xmanyes]

ok, will try disable also dnscrypt, no worries... I have ran unbound/diversion/dnscrypt before AGH came, so I would be first to be happy there's one tool instead of 3...

Maybe for info, from your "hand" install manual, I found it courious that for the first time I've seen "done" instead of "dead"... (attached picture) - not that it gives any meaningful result in log or that I could run gui, but still, wasn't "dead"... but I am not sure... I was running "S61AdGuardHome start", and usually it was S99 not S61...

Besides, I have seen there are some differences in my /jffs/scripts/dnsmasq.postconf :

#!/bin/sh
CONFIG=$1
source /usr/sbin/helper.sh
pc_append "neg-ttl=3600" $CONFIG
pc_delete "no-negcache" $CONFIG
#
/jffs/scripts/uiDivStats dnsmasq & # uiDivStats

[ -x /jffs/dnscrypt/manager ] && /jffs/dnscrypt/manager dnsmasq

[ -x /jffs/addons/AdGuardHome.d/AdGuardHome.sh ] && /jffs/addons/AdGuardHome.d/AdGuardHome.sh >

compared to the "manual" install recommendation:

#!/bin/sh
CONFIG=$1
source /usr/sbin/helper.sh
[ "$(pidof AdGuardHome)" ] && pc_append "port=553" $CONFIG && pc_append "local=/1.168.192.in-addr.arpa/" $CONFIG

 

[SomeWhereOverTheRainBow]

ok, will try disable also dnscrypt, no worries... I have ran unbound/diversion/dnscrypt before AGH came, so I would be first to be happy there's one tool instead of 3...

Maybe for info, from your "hand" install manual, I found it courious that for the first time I've seen "done" instead of "dead"... (attached picture) - not that it gives any meaningful result in log or that I could run gui, but still, wasn't "dead"... but I am not sure... I was running "S61AdGuardHome start", and usually it was S99 not S61...

Besides, I have seen there are some differences in my /jffs/scripts/dnsmasq.postconf :

#!/bin/sh
CONFIG=$1
source /usr/sbin/helper.sh
pc_append "neg-ttl=3600" $CONFIG
pc_delete "no-negcache" $CONFIG
#
/jffs/scripts/uiDivStats dnsmasq & # uiDivStats

[ -x /jffs/dnscrypt/manager ] && /jffs/dnscrypt/manager dnsmasq

[ -x /jffs/addons/AdGuardHome.d/AdGuardHome.sh ] && /jffs/addons/AdGuardHome.d/AdGuardHome.sh >

compared to the "manual" install recommendation:

#!/bin/sh
CONFIG=$1
source /usr/sbin/helper.sh
[ "$(pidof AdGuardHome)" ] && pc_append "port=553" $CONFIG && pc_append "local=/1.168.192.in-addr.arpa/" $CONFIG

Yes so using the installation method in the tutorial is a much more "user" customizable method. You have more control over how you want to run it. The AdGuardHome Installer installs adguardhome to be the "only" dns solution with alittle wiggle room left for those who want to run it along side unbound since unbound is a recursive dns server. (adguardhome does not have that feature built within.) It is not really necessary to leave scripts like diversion installed since adguardhome installer pushes DNSmasq out of the way of being the dns server. Diversion relies on dnsmasq, since dnsmasq isn't being used. Diversion is only creating extra "entries" being stored in your routers memory with its own block list.


Now Dnscrypt-Proxy can run fine with Diversion, since it does not push dnsmasq out of the way. The two are completely complimentary to each other in usage.

AdGuardHome is a differen't story because it takes over

0.0.0.0:53.

where as Dnscrypt-Proxy uses

127.0.1.1:53.

which creates a conflict for AdGuardHome since it wants all addresses on port 53.

For now I have added an exclusion to the AdGuardHome installer that will prevent installation of AdGuardHome if the user has Dnscrypt-Proxy installed.

 

[xmanyes]

So yes... SOLVED !!!

The dnscrypt was the culprit and I remember I was happy it started working and probably at the same time AdGuardHome stopped working... Now that the dnscrypt was uninstalled, TADA... ALIVE !!! (Picture)

And I can also login to AGH gui

Thank you!

 

[SomeWhereOverTheRainBow]

So yes... SOLVED !!!

The dnscrypt was the culprit and I remember I was happy it started working and probably at the same time AdGuardHome stopped working... Now that the dnscrypt was uninstalled, TADA... ALIVE !!! (Picture)

And I can also login to AGH gui

Thank you!

I made rules in both installers that will now tell the user not to install the other if one of them is present on the system.

 

[xmanyes]

That would be great yes!

Can you maybe clarify if there is any added value switching on "ad and tracker blocker" and "dns firewall" or is this better maintained through AGH?

 

[xmanyes]

That would be great yes!

Can you maybe clarify if there is any added value switching on "ad and tracker blocker" and "dns firewall" or is this better maintained through AGH?

Sorry, I am referring to Unbound...

 

[SomeWhereOverTheRainBow]

That would be great yes!

Can you maybe clarify if there is any added value switching on "ad and tracker blocker" and "dns firewall" or is this better maintained through AGH?

Can you clarify? you are talking about using unbound along side? if you are using unbound, do not use any of the extra features.

You wont need to unbound "ad and tracker blocker" or "dns firewall" options, since adguardhome will already be doing these features based on whatever blocklist you use in it. You will simply be using basic unbound with none of the statistic tracking or extra advanced features.

@Martineau

If using AdGuardHome with Unbound as upstream using unbound-manager, wouldn't you recommend only using unbound basic without the extra features?

I have even tested AdGuardHome using @dave14305 highly user-friendly version of unbound.

GitHub - dave14305/Unbound-Merlin-UI: ASUSWRT-Merlin Unbound User Interface

ASUSWRT-Merlin Unbound User Interface. Contribute to dave14305/Unbound-Merlin-UI development by creating an account on GitHub.

github.com

 

[SomeWhereOverTheRainBow]

@xmanyes

The key take aways for running unbound with adguardhome.

In AdGuardHome UI, replace the

upstream dns servers e.g. 8.8.8.8 and 9.9.9.9 with

127.0.0.1:unbound-listenport
tcp://127.0.0.1:unbound-listenport

.

Then adguardhome will be using unbound as upstream.

All blocking and statistics are kept by adguardhomes query log.

Unbound-manager to be installed as basic without any advanced features.

AdGuardHome benefits from unbound being a local recursive dns service instead of having to use a BIG-BOX service like google or cloudflare.

 

[xmanyes]

PERFECT, just what I wanted to know and also didn't "turned on" anything.

Thank you again for your unselfish support of community. I hope small part of gratitude also arrived already. Thank you again.

 

[SomeWhereOverTheRainBow]

PERFECT, just what I wanted to know and also didn't "turned on" anything.

Thank you again for your unselfish support of community. I hope small part of gratitude also arrived already. Thank you again.

Not a problem. Please keep in touch here to share any new findings or anything you think other users may find useful. This community is better with openness and shared experiences. And I appreciate you for your donation.

 

[gspannu]

@xmanyes

The key take aways for running unbound with adguardhome.

In AdGuardHome UI, replace the

upstream dns servers e.g. 8.8.8.8 and 9.9.9.9 with

127.0.0.1:unbound-listenport
tcp://127.0.0.1:unbound-listenport

.

Then adguardhome will be using unbound as upstream.

All blocking and statistics are kept by adguardhomes query log.

Unbound-manager to be installed as basic without any advanced features.

AdGuardHome benefits from unbound being a local recursive dns service instead of having to use a BIG-BOX service like google or cloudflare.

Wouldn't it be a good idea to only use 1 cache (either Unbound or AdGuard Home).
As I understand, the default setting would mean both are aching DNS requests.

I think Unbound cache is (probably!) smarter and a lot more feature rich than AGH - so wouldn't it be better to set AGH cache size to 0 as well as min-max-ttl to 0, so in essence AGH is then just an adblocker (which it is good at) and the DNS recursive fetch/cache is handled by Unbound.

 

[numminorih]

Dear SomeWhereOverTheRainBow,

thank you very much for your work

I just installed AdGuardHometo my AC86U router via amtm and all looks cool.
Bu I have a question - please advise how can I ban access to GUI from internet (http or https://mysite:14711/login.html / http or https://myWhiteIP:14711/login.html) and leave only lan.

 

[SomeWhereOverTheRainBow]

Wouldn't it be a good idea to only use 1 cache (either Unbound or AdGuard Home).
As I understand, the default setting would mean both are aching DNS requests.

I think Unbound cache is (probably!) smarter and a lot more feature rich than AGH - so wouldn't it be better to set AGH cache size to 0 as well as min-max-ttl to 0, so in essence AGH is then just an adblocker (which it is good at) and the DNS recursive fetch/cache is handled by Unbound.

The caching makes no difference. You technically use more than one cache in a multitude of layers exchanges on your network. Since you wouldn't be filtering with unbound, there is no actual reason to worry about disabling cache on adguardhome, since adguardhome would hold cache of the filtered requests. You are simply over thinking it if you feel cache should be disabled in some place. Instead, aim for a minimal cache size on Unbound. Leave adguardhome cache at default. Allow Unbound to expire its entries through the normal exchange of things. You will notice no performance loss.

 

[SomeWhereOverTheRainBow]

Dear SomeWhereOverTheRainBow,

thank you very much for your work

I just installed AdGuardHometo my AC86U router via amtm and all looks cool.
Bu I have a question - please advise how can I ban access to GUI from internet (http or https://mysite:14711/login.html / http or https://myWhiteIP:14711/login.html) and leave only lan.

Well that means you need to make sure your firewall is on and that you are blocking external access(wan) to port 14711. (Which should be the case by default since this script does not open any ports on your firewall.) Just because you can access the gui from inside your lan right after installation does not necessarily mean the same can be done from outside your network. This would require you to have either disabled your firewall, or manually opened the port to the wan side yourself.

 

[Jumpstarter]

I already have unbound setup; I think I might try this out, but first I have some questions....

Wouldn't it be a good idea to only use 1 cache (either Unbound or AdGuard Home).
As I understand, the default setting would mean both are aching DNS requests.

I think Unbound cache is (probably!) smarter and a lot more feature rich than AGH - so wouldn't it be better to set AGH cache size to 0 as well as min-max-ttl to 0, so in essence AGH is then just an adblocker (which it is good at) and the DNS recursive fetch/cache is handled by Unbound.

Wouldn't disabling the cache in AdGuardHome mean that all those blocked request would have to be repeated every single time instead of being returned quick and promptly from AdGuardHomes cache?

What would be the purpose of disabling any cache for that matter?

Dear SomeWhereOverTheRainBow,

thank you very much for your work

I just installed AdGuardHometo my AC86U router via amtm and all looks cool.
Bu I have a question - please advise how can I ban access to GUI from internet (http or https://mysite:14711/login.html / http or https://myWhiteIP:14711/login.html) and leave only lan.

Also, how do I access your GUI? None of those links are properly working from my end..

 

[xmanyes]

@xmanyes

The key take aways for running unbound with adguardhome.

In AdGuardHome UI, replace the

upstream dns servers e.g. 8.8.8.8 and 9.9.9.9 with

127.0.0.1:unbound-listenport
tcp://127.0.0.1:unbound-listenport

.

Then adguardhome will be using unbound as upstream.

All blocking and statistics are kept by adguardhomes query log.

Unbound-manager to be installed as basic without any advanced features.

AdGuardHome benefits from unbound being a local recursive dns service instead of having to use a BIG-BOX service like google or cloudflare.

Trying to implement also this setting on the AGH to use Unbound, but get error about syntax... Should I use actual port instead of "unbound-listenport" argument ?