What's new

AdGuardHome [RELEASE] Asuswrt-Merlin-AdGuardHome-Installer (AMAGHI)

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Question: I set some devices to no filtering in Merlin for DNS filter, but checking adguard home it looks like they are still going through it. How do I verify in a config file that I installed it correctly?
 
For DNS cache settings this is what I started using last night. My DNS queries went from 39-43ms to right now showing 26ms
Yea make sure you don't use alot of AAAA responses. Other wise some pages you load may have issues loading. I know when I did something like that on dnscrypt proxy, I had issues at somepoint down the line loading certain web pages (or parts of webpages) and using certain services. Keep in mind ipv4 is usually able to also load these responses, so there is no true benefit to having it disabled if at somepoint you have issues loading certain web pages or using certain web services. I am not saying this will happen, but I am bring it up incase it does so you are mindful of the changes you made to your setup, and how it may have impacted things for you.
 
Last edited:
I read that you don’t need to enable DNSSEC in AGH if you are pointing to local unbound DNS.
Yeah i have read that too, i just wanted to see if there was any actuall difference. The query log started to show some DNSSEC validated signs atleast. The test pages shows DNSSEC is on though. Regardless if Enable DNSSEC box is ticked or not.
 
Last edited:
Yeah i have read that too, i just wanted to see if there was any actuall difference. The query log started to show some DNSSEC validated signs atleast. The test pages shows DNSSEC is on though.
I did not enable it and yet DNSSEC test page passed with unbound DNS. Do you mean you can see DSNSEC validated sign in AGH query log? Can you share a snapshot how it looks like? I will try enable and see.
 
It doesn't hurt but may impact load times. I haven't fully tested it to be sure.
Since DNSSEC flag is already set, there should be an option in Adguard to just enable the DNSSEC results for the query log.
The DNSSEC option that is now sets both flag and checks the results. And one of them is unnecessary
 
Since DNSSEC flag is already set, there should be an option in Adguard to just enable the DNSSEC results for the query log.
The DNSSEC option that is now sets both flag and checks the results. And one of them is unnecessary
Might be worth mentioning to adguardhome devs. I don't know what kind of priority they would put on though since it is mostly cosmetic.
 
Hey all,

When installing the latest version there is a new option to run AGH as a local caching service.

Since I'm going to use Unbound, what is the difference with this new option?

Thanks!
 
Have you read the last few posts (at least)?
 
Hey all,

When installing the latest version there is a new option to run AGH as a local caching service.

Since I'm going to use Unbound, what is the difference with this new option?

Thanks!
You may want local caching, but the downside is that is shows your router's traffic, however it ensures that adguardhome doesn't attempt to leak your private reverse lookups to your isp in an unsecured way. Yes adguardhome assumes entries in resolv.conf are private reverse resolvers since most linux implementations use it to point at the loop back or adguardhome
 
You may want local caching, but the downside is that is shows your router's traffic, however it ensures that adguardhome doesn't attempt to leak your private reverse lookups to your isp in an unsecured way. Yes adguardhome assumes entries in resolv.conf are private reverse resolvers since most linux implementations use it to point at the loop back or adguardhome
When using this should we turn on "Wan: Use local caching DNS server as system resolver (default: No)" in tools?
 
You may want local caching, but the downside is that is shows your router's traffic, however it ensures that adguardhome doesn't attempt to leak your private reverse lookups to your isp in an unsecured way. Yes adguardhome assumes entries in resolv.conf are private reverse resolvers since most linux implementations use it to point at the loop back or adguardhome
Thanks for your quick answer!

If I understand correctly:
- Unbound replaces the Google or Cloudflared Dns provider in order to avoid DNS leak and maybe improve overall DNS response and stability
- Adguard is a DNS filter and can be linked to the Ubound install instead of Google or Cloudflare so that it uses local resolving stuff

If you send all traffic to Adguard, how can it leak to the ISP since you add upstream DNS resolvers? Unless some traffic is still router to ISP ?
 

Similar threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top