AdGuardHome Asuswrt-Merlin-AdGuardHome-Installer (AMAGHI) cont.

[Phil Mcavity]

This is awesome . Ive used many adblocking solutions including Pihole , Adguard on the Pi , Diversion and NextDNS. This is just great being able to run Adguard straight from the router.
Great work @SomeWhereOverTheRainBow much appreciated

 

[SomeWhereOverTheRainBow]

This is awesome . Ive used many adblocking solutions including Pihole , Adguard on the Pi , Diversion and NextDNS. This is just great being able to run Adguard straight from the router.
Great work @SomeWhereOverTheRainBow much appreciated

I am glad it works out for you.

 

[Phil Mcavity]

Quick question.... Does Skynet play nicely with AGH?

Edit: To answer my own question , yes it does

 

[Amwjujo]

Noob question....
Should I enable the adway blacklist in dns filter settings or not? I have the adguard one enabled.
Does it bring any advantages or I should stay with the default one?
Thank you.

 

[Phil Mcavity]

Noob question....
Should I enable the adway blacklist in dns filter settings or not? I have the adguard one enabled.
Does it bring any advantages or I should stay with the default one?
Thank you.

The Adaway block list is made for mobile ads. It's a small list, so it wouldn't hurt to enable it...
If your interested im using these lists https://github.com/hagezi/dns-blocklists

 

[Zonkd]

The Adguard Home Setup Guide page says that AdGuard Home DNS server is listening on the WAN IP address. That would be... bad. How can I verify this?

• I tried nslookup google.com against my WAN IP from outside the network. It seems to fail.
• I tried a ShieldsUP port scan of my WAN IP. It says that port 53 is stealth.
• I tried a netstat command on router

  admin@RT-AC86U:/# netstat -anp | awk 'NR<3 || /LISTEN/' | grep AdGuard
  tcp 0 0 :::53 :::* LISTEN 3277/AdGuardHome
  tcp 0 0 :::14711 :::* LISTEN 3277/AdGuardHome

Is there a problem here? Should I change the configuration?

 

[SomeWhereOverTheRainBow]

The Adguard Home Setup Guide page says that AdGuard Home DNS server is listening on the WAN IP address. That would be... bad. How can I verify this?

• I tried nslookup google.com against my WAN IP from outside the network. It seems to fail.
• I tried a ShieldsUP port scan of my WAN IP. It says that port 53 is stealth.
• I tried a netstat command on router

  admin@RT-AC86U:/# netstat -anp | awk 'NR<3 || /LISTEN/' | grep AdGuard
  tcp 0 0 :::53 :::* LISTEN 3277/AdGuardHome
  tcp 0 0 :::14711 :::* LISTEN 3277/AdGuardHome

Is there a problem here? Should I change the configuration?

The stealth means your firewall is working and the port is not open, therefore not wan connectable from outside your network. So you are good to go leaving things alone. You don't have to worry since your firewall is clearly blocking connection attempts to that port. Also, adguardhome also has additional built in security features where you can specify which networks can access it, or which networks you wish to block. Just becareful if you decide to use that feature. Keep in mind all of your networks including VPN, and guestnetworks.

 

[PxP]

Question.
With AX88 + AsusWRT-Merlin-AdGuardHome installed + DNS Director (DNS Filter) intercepting - would I be able to see which local clients queried or would it be like with separate Adguard Home on Raspberry Pi - i.e. all (forced) domain queries would go thru router and be displayed in AGH query log as such?
I`ve got big local network and it`s not fun to see that something is trying to hammer one domain 150 times a second and not be able to easy to find that LAN client.

 

[chongnt]

Question.
With AX88 + AsusWRT-Merlin-AdGuardHome installed + DNS Director (DNS Filter) intercepting - would I be able to see which local clients queried or would it be like with separate Adguard Home on Raspberry Pi - i.e. all (forced) domain queries would go thru router and be displayed in AGH query log as such?
I`ve got big local network and it`s not fun to see that something is trying to hammer one domain 150 times a second and not be able to easy to find that LAN client.

Hi, the installer will make AGH take over port 53. Yes, you will see the query from each client and not everything come from the router ip.
In the client settings, you can also customize upstream DNS server for individual client. This will overwrite the global DNS upstream server for these client.

 

[Gary_Dexter]

Just started using AGH as a replacement for Diversion - great implementation BTW.

For the “Top Clients” or “Runtime Clients” - some show only their IP addresses (marked as ARP as the source) and some show their IP addresses as well as a name/hostname (marked as rDNS as the source).

Rather than add every client as a persistent client to identify them by a more friendly name/hostname, is there a setting on the ASUS I need to change for AGH to pull through the hostnames for all devices?

I assume this info is being pulled from the DHCP Leases page on the ASUS as the client names etc. match what is there - but there’s no option to update hostnames on there.

Cheers!

 

[SomeWhereOverTheRainBow]

Just started using AGH as a replacement for Diversion - great implementation BTW.

For the “Top Clients” or “Runtime Clients” - some show only their IP addresses (marked as ARP as the source) and some show their IP addresses as well as a name/hostname (marked as rDNS as the source).

Rather than add every client as a persistent client to identify them by a more friendly name/hostname, is there a setting on the ASUS I need to change for AGH to pull through the hostnames for all devices?

I assume this info is being pulled from the DHCP Leases page on the ASUS as the client names etc. match what is there - but there’s no option to update hostnames on there.

Cheers!

You can manually assign hostnames on the Asus lan dhcp page and your manually assigned hostnames from there get stored via /etc/host(s) which gets precidence over RDNS in adguardhome. AGH reads /etc/host(s) first before attempting RDNS. On asus routers, the only way to read hostnames is with either rdns or /etc/host(s). There are no hostnames (host data) stored in the arp cache along with ip addresses. If there is no host data present for the ip address via RDNS or /etc/host(s) entry, then all you see is the ip address found in the arp cache.


So the only "easy" way to identify unidentifiable clients is to manually assign ip address and hostname entry on the lan dhcp page of asus via manual assignment option in the webui. Otherwise all you will have is the ip address read from the arp cache.

This is not required for all clients, only the ones that don't share their hostname via the normal conventions.

 

[Gary_Dexter]

You can manually assign hostnames on the Asus lan dhcp page and your manually assigned hostnames from there get stored via /etc/host(s) which gets precidence over RDNS in adguardhome. AGH reads /etc/host(s) first before attempting RDNS. On asus routers, the only way to read hostnames is with either rdns or /etc/host(s). There are no hostnames (host data) stored in the arp cache along with ip addresses. If there is no host data present for the ip address via RDNS or /etc/host(s) entry, then all you see is the ip address found in the arp cache.


So the only "easy" way to identify unidentifiable clients is to manually assign ip address and hostname entry on the lan dhcp page of asus via manual assignment option in the webui. Otherwise all you will have is the ip address read from the arp cache.

This is not required for all clients, only the ones that don't share their hostname via the normal conventions.

Great - thanks.

I've added hostnames to the 20 or so devices I have manually assigned IP's for - when does that pull through to AGH?

 

[Smokey613]

This is the reason I use YazDHCP when running Asus routers with RMerlin firmware. I assign all devices IPs in DHCP and if you need to do a full router reset, you can reinstall YazDHCP and import your saved static assignments. It usually takes a little time for the hostnames to fully update, depending on your DHCP server lease time settings.

I originally started using YazDHCP when I was using the NextDNS CLI script. Otherwise, it did not pull in my custom hostnames into the NextDNS logs.

 

[SomeWhereOverTheRainBow]

Great - thanks.

I've added hostnames to the 20 or so devices I have manually assigned IP's for - when does that pull through to AGH?

Run an adguardhome reload

 

[Gary_Dexter]

Run an adguardhome reload

Seems to have populated themselves over time.

Is there anyway of amending hostnames without setting static IP’s?

 

[SomeWhereOverTheRainBow]

Seems to have populated themselves over time.

Is there anyway of amending hostnames without setting static IP’s?

Not that I know of, there maybe a way to do it with the macaddress and dnsmasq options listed on dnsmasq manpage, but I am not sure how solid or viable of an option that is. Adding a static option per client is about as easy as it gets. You can also run Yazdhcp per another user's suggestion which greatly expands the amount of static addresses you can assign.

 

[Gary_Dexter]

What’s the correct(?) setting to use here during setup/installation and what are the pro’s and con’s of choosing either yes or no?

Do you want to run AdGuardHome as a local caching DNS service which includes router traffic?

 

[SomeWhereOverTheRainBow]

What’s the correct(?) setting to use here during setup/installation and what are the pro’s and con’s of choosing either yes or no?

Do you want to run AdGuardHome as a local caching DNS service which includes router traffic?

If you specify "yes" to "Do you want to run AdGuardHome as a local caching DNS service which includes router traffic?" it means your routers local traffic + plus your clients traffic will use AdGuardHome as upstream.

If you specify "no" to that same question, then only your client traffic will use Adguardhome as upstream.

The routers "default" method for local router dns requests is to send the router queries to the ISP or WAN DNS upstream.

By specifying "no" to the question you are referring to, you would be allowing the continuation of the routers default behavior; however, you would also be allowing the same behavior for adguardhome when it decides to use WHOIS to identify local client names that are not identifiable via local arpa requests or /etc/host(s). I have no clue why AdGuardHome tries to use WHOIS to identify local client names . This behavior should only be attempted with clients that are more than one hop away (a.k.a clients that are connecting remotely).

 

[Terrabytes]

Have been running AdGuardHome for a few months and over the weekend it crashed. Started troubleshooting today and getting a strange error "...UUUU: File name too long" when starting the service. System log didn't provide any insight. Thought it was related to a corrupted file so I stopped the service uninstall and tried reinstalling but I am still getting the same error. Installing via amtm and curl result in the same issue. Anyone have any suggestions greatly appreciated. Please advise if any further details required. Thanks

Router: AX86u
Merlin: 386.7_2

 

[SomeWhereOverTheRainBow]

Have been running AdGuardHome for a few months and over the weekend it crashed. Started troubleshooting today and getting a strange error "...UUUU: File name too long" when starting the service. System log didn't provide any insight. Thought it was related to a corrupted file so I stopped the service uninstall and tried reinstalling but I am still getting the same error. Installing via amtm and curl result in the same issue. Anyone have any suggestions greatly appreciated. Please advise if any further details required. Thanks

Router: AX86u
Merlin: 386.7_2

View attachment 47251

First time I have seen this myself. On a fresh terminal, what output do you get echo $PATH