Ellenswamy
Regular Contributor
when we enable DNS filter, should we set it to no filtering or router?
routerwhen we enable DNS filter, should we set it to no filtering or router?
Probably just my usual approach of, after consideration and research, concluding "I will only learn by giving it a go and making mistakes", plus my penchant for looking like a fool in public. It's a heady cocktail!I commend you for taking on as much as you have so far on your own!
I'm PRETTY sure I've never touched that bit of the config ...Can someone share the default settings for dns cache for AdGuard home?
[/router.asus.com/][::]:553
[/www.asusnetwork.net/][::]:553
[/www.asusrouter.com/][::]:553
[/use-application-dns.net/][::]:553
[/dns.resolver.arpa/][::]:553
[/baserouter/][::]:553
[//][::]:553
[::]:553
[/10.in-addr.arpa/][::]:553
[/168.192.in-addr.arpa/][::]:553
pid-file=/var/run/dnsmasq.pid
user=nobody
bind-dynamic
interface=br0
interface=pptp*
no-dhcp-interface=pptp*
no-resolv
servers-file=/tmp/resolv.dnsmasq
no-poll
no-negcache
cache-size=1500
min-port=4096
domain=baserouter
expand-hosts
bogus-priv
domain-needed
local=/baserouter/
dhcp-range=lan,192.168.1.2,192.168.1.254,255.255.255.0,86400s
dhcp-option=lan,3,192.168.1.1
dhcp-option=lan,15,baserouter
dhcp-option=lan,252,"\n"
dhcp-authoritative
interface=br1
dhcp-range=br1,192.168.101.2,192.168.101.254,255.255.255.0,86400s
dhcp-option=br1,3,192.168.101.1
interface=br2
dhcp-range=br2,192.168.102.2,192.168.102.254,255.255.255.0,86400s
dhcp-option=br2,3,192.168.102.1
dhcp-host=80:CC:9C:30:E3:46,set:80:CC:9C:30:E3:46,192.168.1.22
dhcp-host=94:C6:91:A7:71:C2,set:94:C6:91:A7:71:C2,192.168.1.253
dhcp-host=80:CC:9C:33:2F:B4,set:80:CC:9C:33:2F:B4,192.168.1.204
dhcp-host=80:CC:9C:30:E3:61,set:80:CC:9C:30:E3:61,192.168.1.49
dhcp-host=B0:05:94:63:AE:71,set:B0:05:94:63:AE:71,192.168.1.40
dhcp-host=80:60:B7:FE:95:EF,set:80:60:B7:FE:95:EF,192.168.1.41
dhcp-host=50:1A:C5:22:69:C4,set:50:1A:C5:22:69:C4,192.168.1.16
dhcp-host=80:F3:EF:A4:EA:A8,set:80:F3:EF:A4:EA:A8,192.168.1.174
dhcp-host=DC:A6:32:BD:4E:17,set:DC:A6:32:BD:4E:17,192.168.1.31
address=/use-application-dns.net/
address=/_dns.resolver.arpa/
dhcp-name-match=set:wpad-ignore,wpad
dhcp-ignore-names=tag:wpad-ignore
dhcp-script=/sbin/dhcpc_lease
script-arp
edns-packet-max=1280
port=553
local=/168.192.in-addr.arpa/
local=/10.in-addr.arpa/
local=//
dhcp-option=lan,6,0.0.0.0
It’s finding one of these files:Stubby isn't installed (i guess) how to check or remove it?
You are fine, this is false alarm because you must have selected you wanted local servers. AdGuardHome prints this error when it cannot determine anything but 127.0.0.1 insidePrivate reverse DNS servers are not working
"AdGuard Home could not determine suitable private reverse DNS resolvers for this system."
Code:[/router.asus.com/][::]:553 [/www.asusnetwork.net/][::]:553 [/www.asusrouter.com/][::]:553 [/use-application-dns.net/][::]:553 [/dns.resolver.arpa/][::]:553 [/baserouter/][::]:553 [//][::]:553
Code:[::]:553 [/10.in-addr.arpa/][::]:553 [/168.192.in-addr.arpa/][::]:553
Code:pid-file=/var/run/dnsmasq.pid user=nobody bind-dynamic interface=br0 interface=pptp* no-dhcp-interface=pptp* no-resolv servers-file=/tmp/resolv.dnsmasq no-poll no-negcache cache-size=1500 min-port=4096 domain=baserouter expand-hosts bogus-priv domain-needed local=/baserouter/ dhcp-range=lan,192.168.1.2,192.168.1.254,255.255.255.0,86400s dhcp-option=lan,3,192.168.1.1 dhcp-option=lan,15,baserouter dhcp-option=lan,252,"\n" dhcp-authoritative interface=br1 dhcp-range=br1,192.168.101.2,192.168.101.254,255.255.255.0,86400s dhcp-option=br1,3,192.168.101.1 interface=br2 dhcp-range=br2,192.168.102.2,192.168.102.254,255.255.255.0,86400s dhcp-option=br2,3,192.168.102.1 dhcp-host=80:CC:9C:30:E3:46,set:80:CC:9C:30:E3:46,192.168.1.22 dhcp-host=94:C6:91:A7:71:C2,set:94:C6:91:A7:71:C2,192.168.1.253 dhcp-host=80:CC:9C:33:2F:B4,set:80:CC:9C:33:2F:B4,192.168.1.204 dhcp-host=80:CC:9C:30:E3:61,set:80:CC:9C:30:E3:61,192.168.1.49 dhcp-host=B0:05:94:63:AE:71,set:B0:05:94:63:AE:71,192.168.1.40 dhcp-host=80:60:B7:FE:95:EF,set:80:60:B7:FE:95:EF,192.168.1.41 dhcp-host=50:1A:C5:22:69:C4,set:50:1A:C5:22:69:C4,192.168.1.16 dhcp-host=80:F3:EF:A4:EA:A8,set:80:F3:EF:A4:EA:A8,192.168.1.174 dhcp-host=DC:A6:32:BD:4E:17,set:DC:A6:32:BD:4E:17,192.168.1.31 address=/use-application-dns.net/ address=/_dns.resolver.arpa/ dhcp-name-match=set:wpad-ignore,wpad dhcp-ignore-names=tag:wpad-ignore dhcp-script=/sbin/dhcpc_lease script-arp edns-packet-max=1280 port=553 local=/168.192.in-addr.arpa/ local=/10.in-addr.arpa/ local=// dhcp-option=lan,6,0.0.0.0
/etc/resolv.conf
. As long as some of your clients are identified, then is working. The ARP cache clients don't get identified by hostname (yet) because they skip hostnames since the routers arp cache does not hand off hostnames with the address's. I have put in a feature request for adguardhome to try reverse lookup for clients whos hostnames are not found in arpa cache./etc/resolv.conf
. AdGuardHome has a bad privacy practice that they do not "perceive" as a bad privacy practice where your local request get leaked to upstream if anything other than local is listed inside /etc/resolv.conf
.Thank you for clarifying.You are fine, this is false alarm because you must have selected you wanted local servers. AdGuardHome prints this error when it cannot determine anything but 127.0.0.1 inside/etc/resolv.conf
. As long as some of your clients are identified, then is working. The ARP cache clients don't get identified by hostname (yet) because they skip hostnames since the routers arp cache does not hand off hostnames with the address's. I have put in a feature request for adguardhome to try reverse lookup for clients whos hostnames are not found in arpa cache.
Simply asuswrt routers does not support hostname lookups from the arp cache.
and the error you reference comes from adguardhome not being able to find your isp servers (or any other, other than local such as 127.0.0.1) listed inside/etc/resolv.conf
. AdGuardHome has a bad privacy practice that they do not "perceive" as a bad privacy practice where your local request get leaked to upstream if anything other than local is listed inside/etc/resolv.conf
.
You are very much welcome. While I understand alarming concerns by when AdGuardHome might annouce, please still continue to let me know feedback. I also consider the privacy of those who use this script. While I am still what some would consider as a "young" for developing, I share all the main concerns the rest of the Addon Developers share. There are many devs who's opinion I hold the highest regard, so please take their advice into consideration as well. @dave14305 @ColinTaylor @Viktor Jaep @Jack Yaz @thelonelycoder @Martineau @L&LD and @RMerlin (are some of the few) ... and many more. I consider your opinions with the highest regard. Please feel free to share your thoughts any time as well.Thank you for clarifying.
yes, that is the check to see if the DNS is still active. Okay so the manager script has a watch dog to ensure the DNS is active, (just incase adguardhome dies abruptly). Here is the script if you like to examine it.Is it normal to have reverse lookups to google IPs coming from localhost? I'm not using their DNS servers anywhere.
View attachment 41882
Happens every 5 minutes
Okay, here is my experience .Whenever I run adguardhome with my list, cpu is at about 89 to 91 percent use. If I put Unbound in my upstream without any Unbound block features and minimized cache and not DoT on Unbound, that usage goes to about 97 to 98 percent. This is me using unbound recursively (i.e. no forwarding). I have also not enabled any of the unbound webui statistic features either.Hello everybody, it is about a week when I silently google a lot and was making some experiments with AdguardH and Unbound to see how some of my sites are loaded and some ad sites testers, how ads are handled. I still thinking that I want to use both, but as I read there in forums there is no point of doing that. It would be nice if someone could say about security of using ADH or Unbound. I think about this because of simple knowledge on the internet, that it's okay to encrypt data which you are sending (I mean queries for accessing the web sites and so on). There is DNS-over-TLS, DNSSEC which is some kind of encrypting and checking "thing", but if I install ADH all theses things doesn't mater any more? Because ADH could work as a resolver and everything is filtrated threw it and relays on that company. So is this the logic that because ADH sits on the router it do not need to encrypt data which I am sending and this is why I should not bother my self about DNS-over-TLS, DNSSEC?
As of Unbound perspective, also the same - DNS-over-TLS, DNSSEC should be disabled. Again is it because of that my resolver sits on my router and data is not going out, which in other case scenario (default router behavior with default stuff) is sending some where the data and this is why it is better to encrypt it and check it?
What I liked about ADH is that DNS server is changed and is not exposed as your exact IP address, which happens with Unbound, so on that scenario I thought that ADH it might be better choice with simple default settings than Unbound?
I know that my questions are not straight forward, but it is because when I need to choose, but can't really understand what is better? To have all handled by AGH OR try to configure correctly Unbound, which needs more programmer skills to configure it safe. So experienced opinion with some simple explanations and suggestions are very welcome, because as I was searching information on the internet I founded always the same questions why I need it or why I don't (I mean DNS-over-TLS, DNSSE and other), but can't find correct answer that it is SAFE and if you try to use it - it won't be safer.
I own GT-AX11000 and want to use WireGuard on it (still don't know how, but I will ask about it in other thread). On my plans is simple things - simple safe and clean browsing, safe internet for my smart devices at home, Transmission for Torrents with VPNdirector rules, and some privacy as I can get from the stuff which could be easily handled by my router (maybe some one already founded all needed combinations of scripts and simplicity)
P.S. Want ADH because of simplicity using it, but Unbound was less noticeable in internet browsing so I liked it, but not sure that I am really safe, becauce DNS is exposed as my IP, no other options to choose, just relay on added Unbound scripts which might could be hacked some how on my router or some one could implement something in Unbound adblock script and so on. So again, it would be nice to get some opinions about that or concentrated information (not saying to google it ) to get more knowledge to start to less worry. And sorry if it's not correct thread, but I thought that it's correct because there is already other which worries about ADH and Unbound and want to use them both.
Thanks.
So if understand correct, your opinion is ADH anlone is better choice? And what about that all safety protocols DoT. Is it safer to try to enable it?Okay, here is my experience .Whenever I run adguardhome with my list, cpu is at about 89 to 91 percent use. If I put Unbound in my upstream without any Unbound block features and minimized cache and not DoT on Unbound, that usage goes to about 97 to 98 percent. This is me using unbound recursively (i.e. no forwarding). I have also not enabled any of the unbound webui statistic features either.
So adguardhome has a resolver capable of DoT, DoH,DoQ,dnscrypt. All you have to do is place the correct server format for the upstream, which adguardhome provides you with a link to a site that provides the correct formats for any upstream encryption they support. The link is literally provided right above where you input the upstream servers.So if understand correct, your opinion is ADH anlone is better choice? And what about that all safety protocols DoT. Is it safer to try to enable it?
That you would need to ask someone who pays for those services. Either of which you don't need in order to receive the same level of benefit from adguardhome as someone without those subscriptions.Other simple question - is there any benefit of having ADH pro or ADH family subscription when using Merlin installed ADH?
Welcome To SNBForums
SNBForums is a community for anyone who wants to learn about or discuss the latest in wireless routers, network storage and the ins and outs of building and maintaining a small network.
If you'd like to post a question, simply register and have at it!
While you're at it, please check out SmallNetBuilder for product reviews and our famous Router Charts, Ranker and plenty more!