Here is another way to look at it, if the only cloudflare server near your geolocation goes down; and, you are using that cloudflare server you may notice a service interruption. Probably even suspect your internet went down. However, when using unbound recursive, you would not normally be succeptible to this since you are your own dns provider who gets answers from multiple root servers.
it is built in design of the script, it periodically does an NSlookup of google.com to see if your DNS is active. if the test fails, then it will restart adguardhome for you. The whole test came about since some users reported that AdGuardHome was occasionally failing, but some how was still "active". So, I added a check that runs approximately every 5 minutes. (give or take a few seconds). The NSlookup wouldn't cause "extra stress" and would be of negligible impact to your overall performance other than the fact it "may" make sure your DNS stays active if adguardhome somehow snafus through normal operations.
Aug 3 09:52:36 AdGuardHome[20795]: 2022/08/03 09:52:36.506790 [error] unpacking udp packet: dns: buffer size too small
Aug 3 09:52:39 AdGuardHome[20795]: 2022/08/03 09:52:39.547838 [error] unpacking udp packet: dns: buffer size too smallIf you are using plain dns make sure you are using a tcp variety as well.
1.1.1.1
tcp://1.1.1.1If you are talking about site tunnel, you may need to configure a push dns directive for your router's dns, but it really boils down to what your configuration is. That is why it is important to share your setup details as much as possible with regard to your problem.
The part that was a little concerning was when you mentioned local requests getting leaked upstream. So I inspected /etc/resolv.conf and found the address there to be 127.0.0.1. Is this how it should be? I take it with this then there won't be any leaks or privacy concerns?
9.9.9.9
8.8.8.8tcp://9.9.9.9
tcp://8.8.8.8
www.snbforums.com
www.snbforums.com
1) This question pertains to use DNSFilter to force hardcoded clients to use AdGuardHome.
View attachment 43972
It will make sure to turn off your DNSFilter if you select "NO" and it is turned "ON". This would mean Clients with their own hardcoded DNS servers could bypass AdGuardHome.
2) Lets assume you select "YES" , but you already have DNSFilter turned on with some custom defined rules for specific clients on your rule list.
View attachment 43973
If you want to leave these rules intact you select "YES" here. This will mean your custom defined rules will be left alone while the other clients are forced to use DNSFilter with the globally defined rule set to "ROUTER".
If you select "NO" all custom rules get cleared and every client is forced to use "ROUTER" as the globally defined DNS rule.
3) This question wants to know if you want your router traffic to also pass through adguardhome. Normally your router would use your ISP (or WAN dns 1 and 2) defined DNS.
View attachment 43974
which leads to this question:
View attachment 43975
This would be completely unnecessary and potentially will break your routers DNS resolution at bootup. May even hinder your router from obtaining DHCP lease renewals from your ISP and failure of initial bootup NTP sync. Leave this aspect as "DEFAULT".
4) These rules are configured for the users local router and client name resolution in mind (they work along with the private reverse DNS section):
View attachment 43976
5) Here are the rules that should be considered change-able without breaking local name resolution:
Code:9.9.9.9 8.8.8.8
Keep in mind these only use plain text UDP. For plain text TCP you would need
Code:tcp://9.9.9.9 tcp://8.8.8.8
By all means, please review this thread:
AdGuardHome - [RELEASE] Asuswrt-Merlin-AdGuardHome-Installer (AMAGHI)
Asuswrt-Merlin-AdGuardHome-Installer The Official Installer of AdGuardHome for Asuswrt-Merlin Requirements: ARM based ASUS routers (not bridges or access points) that use Asuswrt-Merlin Firmware JFFS support and enabled REQUIRES ENTWARE(!) for package management, and a separate USB drive for...
there is a wealth of chatter about usage of adguardhome here.
Here is a good thread where you can see various list discussed:
AdGuardHome - AdGuardHome Blocklists
Hi All... as I embark on making the most of AdGuardHome (thank you, @SomeWhereOverTheRainBow!) I was wondering if anyone has found any good, custom blocklists outside of the standard set available in AGH? I guess the qualifiers for me would be, is the blocklist: * Being regularly maintained? *...
Thanks so much for taking the time to respond to my questions. This is very helpful! Yep, I've spent some time skimming through the majority of the thread but just wanted to be sure I understood some of the discussions over there hence the questions
Would you be able to kindly clarify this query please, I think it may have been missed from my earlier post in regards to "AdGuard Home could not determine suitable private reverse DNS resolvers for this system."
You mentioned this in the previous thread to another poster about the same issue but just wanted additional clarification on this please.
The part that was a little concerning was when you mentioned local requests getting leaked upstream. So I take it that if the /etc/resolv.conf has the address 127.0.0.1 inside this file, this how it should be? I take it with this then there won't be any leaks or privacy concerns?
Oh and Private Reverse DNS Servers section should be left untouched too?
correct. For example: In regards to the ip6.arpa, one of AdGuardHomes methods for resolving client names of clients that use GUA prefix is to use WHOIS. It will literally send a request for the client name to the upstream. One option to strengthen privacy in this regard is to restrict AdGuardHome from using WHOIS by removing it from the runtime sources in the .yaml file. (unfortunately it is only configurable by manually editing the .yaml file with a SSH terminal editor such as vi or nano.)
So in my case, I will not be using Adguardhome as a remote DOH/DOT/DOQ server. Basically I want to keep settings and configurations as close to default as possible. The only change I would be making is adding new ad filters, and also adding another DNS provider such as OpenDNS/Cloudfare etc to the 'Upstream DNS Servers' section rather than using the default Adguard DNS.
If you are not using ipv6 then you don't need to worry about the leak.So in my case, I will not be using Adguardhome as a remote DOH/DOT/DOQ server. Basically I want to keep settings and configurations as close to default as possible. The only change I would be making is adding new ad filters, and also adding another DNS provider such as OpenDNS/Cloudfare etc to the 'Upstream DNS Servers' section rather than using the default Adguard DNS.
I may check out enabling DOH/DOT for my network (I don't really have much experience using this) but definitely not as a remote server or anything like that. It would just be a default setup. Similar to how one would set it up on the Asus WebGUI I guess.
With all of that in mind, would this GUA prefixing leak still be a problem? Would you still recommend removing WHOIS in the .yaml file? If so, where is the .yaml file located exactly and what line would I need to delete?
Sorry, if some of these questions sound noobish.
Requirements:
www.snbforums.com
You may have to update and upgrade your entware repository using AMTM. Recent changes have rendered several entware binaries unusable on the older repository which may include python. It appears the installer is not finding your python binary which is required to generate the user credentials. What I recommend trying is upgrading the entware repository with amtm first. If that fails, then you may have to uninstall and reinstall the python binary.
Welcome To SNBForums
SNBForums is a community for anyone who wants to learn about or discuss the latest in wireless routers, network storage and the ins and outs of building and maintaining a small network.
If you'd like to post a question, simply register and have at it!
While you're at it, please check out SmallNetBuilder for product reviews and our famous Router Charts, Ranker and plenty more!
