Ellenswamy
Regular Contributor
Question: I set some devices to no filtering in Merlin for DNS filter, but checking adguard home it looks like they are still going through it. How do I verify in a config file that I installed it correctly?
what are your settingsMy average processing time for DNS queries are usualy around 2ms. I have some reboots on the router the past 24hrs so the time is abit above that at the moment.
Imgur: The magic of the Internet
Yea make sure you don't use alot of AAAA responses. Other wise some pages you load may have issues loading. I know when I did something like that on dnscrypt proxy, I had issues at somepoint down the line loading certain web pages (or parts of webpages) and using certain services. Keep in mind ipv4 is usually able to also load these responses, so there is no true benefit to having it disabled if at somepoint you have issues loading certain web pages or using certain web services. I am not saying this will happen, but I am bring it up incase it does so you are mindful of the changes you made to your setup, and how it may have impacted things for you.For DNS cache settings this is what I started using last night. My DNS queries went from 39-43ms to right now showing 26ms
I am using unbound running on my router with Adguard Home.what are your settings
I read that you don’t need to enable DNSSEC in AGH if you are pointing to local unbound DNS.
It doesn't hurt but may impact load times. I haven't fully tested it to be sure.I read that you don’t need to enable DNSSEC in AGH if you are pointing to local unbound DNS.
Yeah i have read that too, i just wanted to see if there was any actuall difference. The query log started to show some DNSSEC validated signs atleast. The test pages shows DNSSEC is on though. Regardless if Enable DNSSEC box is ticked or not.I read that you don’t need to enable DNSSEC in AGH if you are pointing to local unbound DNS.
I did not enable it and yet DNSSEC test page passed with unbound DNS. Do you mean you can see DSNSEC validated sign in AGH query log? Can you share a snapshot how it looks like? I will try enable and see.Yeah i have read that too, i just wanted to see if there was any actuall difference. The query log started to show some DNSSEC validated signs atleast. The test pages shows DNSSEC is on though.
Sure, here it is.I did not enable it and yet DNSSEC test page passed with unbound DNS. Do you mean you can see DSNSEC validated sign in AGH query log? Can you share a snapshot how it looks like? I will try enable and see.
It has a lock symbol next to the query.Sure, here it is.
Imgur: The magic of the Internet
Since DNSSEC flag is already set, there should be an option in Adguard to just enable the DNSSEC results for the query log.It doesn't hurt but may impact load times. I haven't fully tested it to be sure.
Might be worth mentioning to adguardhome devs. I don't know what kind of priority they would put on though since it is mostly cosmetic.Since DNSSEC flag is already set, there should be an option in Adguard to just enable the DNSSEC results for the query log.
The DNSSEC option that is now sets both flag and checks the results. And one of them is unnecessary
A 100% focus. Cosmetic is everything.Might be worth mentioning to adguardhome devs. I don't know what kind of priority they would put on though since it is mostly cosmetic.
Hah. Tell that to them.A 100% focus. Cosmetic is everything.
Suggestion made.Hah. Tell that to them.
You may want local caching, but the downside is that is shows your router's traffic, however it ensures that adguardhome doesn't attempt to leak your private reverse lookups to your isp in an unsecured way. Yes adguardhome assumes entries in resolv.conf are private reverse resolvers since most linux implementations use it to point at the loop back or adguardhomeHey all,
When installing the latest version there is a new option to run AGH as a local caching service.
Since I'm going to use Unbound, what is the difference with this new option?
Thanks!
When using this should we turn on "Wan: Use local caching DNS server as system resolver (default: No)" in tools?You may want local caching, but the downside is that is shows your router's traffic, however it ensures that adguardhome doesn't attempt to leak your private reverse lookups to your isp in an unsecured way. Yes adguardhome assumes entries in resolv.conf are private reverse resolvers since most linux implementations use it to point at the loop back or adguardhome
Thanks for your quick answer!You may want local caching, but the downside is that is shows your router's traffic, however it ensures that adguardhome doesn't attempt to leak your private reverse lookups to your isp in an unsecured way. Yes adguardhome assumes entries in resolv.conf are private reverse resolvers since most linux implementations use it to point at the loop back or adguardhome
Welcome To SNBForums
SNBForums is a community for anyone who wants to learn about or discuss the latest in wireless routers, network storage and the ins and outs of building and maintaining a small network.
If you'd like to post a question, simply register and have at it!
While you're at it, please check out SmallNetBuilder for product reviews and our famous Router Charts, Ranker and plenty more!