What's new

AdGuardHome [RELEASE] Asuswrt-Merlin-AdGuardHome-Installer (AMAGHI)

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Does AGH and Skynet work well together?

Regards, Kieran.
 
Hey everyone,

I've been using Adguard on my asus AX88u router and it works pretty well. I had to add the SWAP since my RAM is taken at almost 100% but everything seems snappy.

I'm trying to use this DNS server when I'm not at home. Anyone managed to make it work? I tried using Wireguard through Home Assistant (yeah i'm in that too). I can connect to my router and the Adguard home page but my DNS requests doesn't seem to pass through and go to my router DNS. Do I need to specify another port than the DNS one (53)?

Also, how can you activate the DNS over TLS? I specified a port but it doesn't seem to be open :S (I already have a domain name with wildcard cert keys added inside)

///EDIT - So I stopped using the wireguard from HA and the one from my router + Wireguard Manager and I reinstalled Wireguard on my phone and now it works fine. However I need to add the DNS server used in the Allowed IPs, otherwise won't work. So TLS stuff not needed anymore as well :)



Another question, I was thinking about activating DNSSEC for increased security. Is it really a good idea if my DNS stays on my local network or via Wireguard?

Another another question ( ;-) ), during installation you can choose to redirect only non-custom traffic. What is this non-custom traffic?

Thanks a bunch!!
 
Last edited:
Hey everyone,

I've been using Adguard on my asus AX88u router and it works pretty well. I had to add the SWAP since my RAM is taken at almost 100% but everything seems snappy.

I'm trying to use this DNS server when I'm not at home. Anyone managed to make it work? I tried using Wireguard through Home Assistant (yeah i'm in that too). I can connect to my router and the Adguard home page but my DNS requests doesn't seem to pass through and go to my router DNS. Do I need to specify another port than the DNS one (53)?

Also, how can you activate the DNS over TLS? I specified a port but it doesn't seem to be open :S (I already have a domain name with wildcard cert keys added inside)

///EDIT - So I stopped using the wireguard from HA and the one from my router + Wireguard Manager and I reinstalled Wireguard on my phone and now it works fine. However I need to add the DNS server used in the Allowed IPs, otherwise won't work. So TLS stuff not needed anymore as well :)



Another question, I was thinking about activating DNSSEC for increased security. Is it really a good idea if my DNS stays on my local network or via Wireguard?

Another another question ( ;-) ), during installation you can choose to redirect only non-custom traffic. What is this non-custom traffic?

Thanks a bunch!!
Only enable dnssec via the adguardhome webui because the routers dnssec gets bypassed. Make sure you are only using dns servers that support dnssec in your adguardhome upstream dns.
 
Another another question ( ;-) ), during installation you can choose to redirect only non-custom traffic. What is this non-custom traffic?

On the dnsfilter page of asuswrt merlin, you have the ability to force a client to use a specified custom dns server. If you choose not to keep custom traffic, then all these custom defined rules for clients will be erased, thus forcing ALL clients to use the router a.k.a adguardhome as their dns service.
 
Hey everyone,

I've been using Adguard on my asus AX88u router and it works pretty well. I had to add the SWAP since my RAM is taken at almost 100% but everything seems snappy.

I'm trying to use this DNS server when I'm not at home. Anyone managed to make it work? I tried using Wireguard through Home Assistant (yeah i'm in that too). I can connect to my router and the Adguard home page but my DNS requests doesn't seem to pass through and go to my router DNS. Do I need to specify another port than the DNS one (53)?

Also, how can you activate the DNS over TLS?

In the dns upstream section of your Adguardhome put a dot address similar to this

tls://1.1.1.1:853

But replace 1.1.1.1 with the address of the DoT server you are trying to use.

If you are talking about using adguardhome as a dot server, you have to open up the port using iptables and a firewall start script.
 
Last edited:
If I want to use unbound same time, how I have to config to get it work correctly? Disable cache from unbound?
 
If I want to use unbound same time, how I have to config to get it work correctly? Disable cache from unbound?
You actually won't have to disable either cache, but the correct answer is you would want to disable the cache on AdGuardhome by setting it to zero. Disabling unbound cache kind of makes using it pointless. You also have to point adguardhomes upstream to use the listen address and port of unbound as a dns server for both udp and tcp connections.
 
OK I have some comparison numbers I'll make a new thread for (between diversion and a few different AGH setups/configs).... but before I go there...

When I start AGH after a reboot, mem usage overall on the router (ax86u) sits around 62%. A day or two later I've seen total mem usage go up to 99%. I have swap enabled but it doesn't seem to be getting used.

Is there a mem leak somewhere?

(and yes, AGH is the culprit)

Edit: is it weird that the system would be at 99% mem usage with 0% swap usage? It's been a while since playing with that sort of thing, but should swap usage kick in before mem usage is at 99%? I know there's some "swappiness" parameter that can be tuned. Not sure if amtm tunes that on creation (but that's all getting a little off topic I guess)
 
OK I have some comparison numbers I'll make a new thread for (between diversion and a few different AGH setups/configs).... but before I go there...

When I start AGH after a reboot, mem usage overall on the router (ax86u) sits around 62%. A day or two later I've seen total mem usage go up to 99%. I have swap enabled but it doesn't seem to be getting used.

Is there a mem leak somewhere?

(and yes, AGH is the culprit)

Edit: is it weird that the system would be at 99% mem usage with 0% swap usage? It's been a while since playing with that sort of thing, but should swap usage kick in before mem usage is at 99%? I know there's some "swappiness" parameter that can be tuned. Not sure if amtm tunes that on creation (but that's all getting a little off topic I guess)
No the fact that your memory is being used is completely normal. Some of it is cached memory. You really should download SCMerlin, if you haven't already, and look at what the memory usage percentages are . That will give you a better idea. for example

1648855925916.png
 
Last edited:
OK I have some comparison numbers I'll make a new thread for (between diversion and a few different AGH setups/configs).... but before I go there...

When I start AGH after a reboot, mem usage overall on the router (ax86u) sits around 62%. A day or two later I've seen total mem usage go up to 99%. I have swap enabled but it doesn't seem to be getting used.

Is there a mem leak somewhere?

(and yes, AGH is the culprit)

Edit: is it weird that the system would be at 99% mem usage with 0% swap usage? It's been a while since playing with that sort of thing, but should swap usage kick in before mem usage is at 99%? I know there's some "swappiness" parameter that can be tuned. Not sure if amtm tunes that on creation (but that's all getting a little off topic I guess)
Also, on adguardHome dns page, disabling the use of cache_optimistic seems to aid in restoring unused memory pools.
 
No the fact that your memory is being used is completely normal. Some of it is cached memory. You really should download SCMerlin, if you haven't already, and look at what the memory usage percentages are . That will give you a better idea. for example

View attachment 40517
I do have it. My cache pie piece is larger than yours.

When I was at 99% overall usage, the culprit was by far AGH. Going to keep an eye on it.
 
I do have it. My cache pie piece is larger than yours.

When I was at 99% overall usage, the culprit was by far AGH. Going to keep an eye on it.
Are you seeing any actual negative effects of having 99% memory utilization? Slowing performance, etc.? If not (and I suspect you won't), then ignore it: Linux and Unix based operating systems tend to be pretty efficient in managing memory and may report "high" numbers like that but still work just fine, unlike Windows.
 
I do have it. My cache pie piece is larger than yours.

When I was at 99% overall usage, the culprit was by far AGH. Going to keep an eye on it.
As you indicate your cache pie piece is larger, this indicates that your memory is properly prioritizing its memory usage (probably as consequence of usage by adguardhome). Which also may indicate why your swap isn't firing at all pistons. Adguardhome itself is not 100% the culprit to high memory usage, but it is the consequence of your router prioritizing memory for AdGuardHome.

Here is an instance where AdGuardHome usage required swap resources, I had over 3 million domains in my block.
1648928334771.png


As a proposal for you to try:

You can edit /opt/etc/init.d/S99AdGuardHome
And issue service restart_AdGuardHome

Code:
#!/bin/sh
ENABLED="yes"
WORK_DIR="/opt/etc/AdGuardHome"
PID_FILE="/opt/var/run/AdGuardHome.pid"
PROCS="AdGuardHome"
ARGS="-s run -c ${WORK_DIR}/AdGuardHome.yaml -w $WORK_DIR --pidfile $PID_FILE --no-check-update -l syslog"
PREARGS="nohup env TZ=/etc/localtime"
PRECMD="killall -9 dnsmasq"
POSTCMD="service restart_dnsmasq"
DESC="$PROCS"
PATH="/opt/sbin:/opt/bin:/opt/usr/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
export TZ="$(cat /etc/TZ)"
[ -z "$SCRIPT_LOC" ] && . /jffs/addons/AdGuardHome.d/AdGuardHome.sh

Code:
#!/bin/sh
ENABLED="yes"
WORK_DIR="/opt/etc/AdGuardHome"
PID_FILE="/opt/var/run/AdGuardHome.pid"
PROCS="AdGuardHome"
ARGS="-s run -c ${WORK_DIR}/AdGuardHome.yaml -w $WORK_DIR --pidfile $PID_FILE --no-check-update -l syslog --no-mem-optimization"
PREARGS="nohup env TZ=/etc/localtime"
PRECMD="killall -9 dnsmasq"
POSTCMD="service restart_dnsmasq"
DESC="$PROCS"
PATH="/opt/sbin:/opt/bin:/opt/usr/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
export TZ="$(cat /etc/TZ)"
[ -z "$SCRIPT_LOC" ] && . /jffs/addons/AdGuardHome.d/AdGuardHome.sh

This will add the --no-mem-optimization as a starting argument. I suspect this will mean that AdGuardHome will no longer aid in memory prioritization to serve its purpose.

W/o --no-mem-optimiztion
1648929782431.png



W --no-mem-optimization
1648929742190.png


While I am not sure if this is indicative of any significance, the platform I ran the --no-mem-optimization test uses the OISD-Basic Domains list for blocking and I do not have Diversion or unbound or any other DNS solution running on it.

If there are other things you would like to adjust this page https://github.com/AdguardTeam/AdGuardHome/wiki/Configuration
list all the memory .yaml options for /opt/etc/AdGuardHome/AdGuardHome.yaml, maybe experimenting with memory values will aid in your memory concerns. If you do head down this path, feel free to share your findings as it may prove to be beneficial to other users.
 
Last edited:
I can confirm that setting up unbound and setting AdGuard's cache to 0 got my AX88U memory usage from 99% to 82%. I don't see any noticeable difference in the router's responsiveness tbh.
 
Last edited:
Now that I have unbound listening address set up as an upstream DNS in the AdGuard settings, when I do DNS Leak test it shows my ISP's DNS server. Does this mean that all my DNS queries that are not cached within unbound are going through my ISP's DNS server? If so, is it possible to set up Cloudflare as my default DNS server rather than using my ISP's DNS?

EDIT: Never-mind, I just edited the unbound.conf and un-commented the forward-zone:#DoT part. now my DNS is showing as coudflare. I hope it not going to cause any issues.
 
Last edited:

Similar threads

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top