Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
Next revisionBoth sides next revision
docs:guide-user:services:dns:adguard-home [2022/01/02 16:44] – [Configuration] Clarify verbose flag is not default jamesmacwhitedocs:guide-user:services:dns:adguard-home [2022/06/25 22:41] – [Bypassing encrypted DNS for NTP] enhanced warning for NTP bypass for lookups. mercygroundabyss
Line 1: Line 1:
 ====== AdGuard Home ====== ====== AdGuard Home ======
  
-AdGuard Home (AGH) is a free and open source network-wide advertising and trackers blocking DNS server. It operates as a DNS server that re-routes tracking domains to a "black hole", thus preventing your devices from connecting to those servers. It is based on software used with public AdGuard DNS servers.+[[https://adguard.com/en/adguard-home/overview.html|AdGuard Home]] (AGH) is a free and open source network-wide advertising and trackers blocking DNS server. It operates as a DNS server that re-routes tracking domains to a "black hole", thus preventing your devices from connecting to those servers. It is based on software used with public AdGuard DNS servers.
  
 In addition, AdGuard Home also offers DNS encryption features such as DNS over TLS (DoT) and DNS over HTTPS (DoH) built-in without any additional packages needed. In addition, AdGuard Home also offers DNS encryption features such as DNS over TLS (DoT) and DNS over HTTPS (DoH) built-in without any additional packages needed.
  
-<WRAP center info 100%>This wiki page is currently a work in progress and information is currently in the process of being transferred from the community forum. +{{:media:docs:howto:aghome.png|}}
-Certain defaults are assumed per a default OpenWrt install i.e. router being at ''192.168.1.1'' You will need to make changes if you do not have standard defaults!</WRAP>+
  
 ===== Prerequisites ===== ===== Prerequisites =====
Line 15: Line 14:
  
   * Minimum of 50MB free RAM.   * Minimum of 50MB free RAM.
-  * Minimum of 30MB free disk/flash space ([[#flashstorage_space_requirements|see flash/storage requirements]]).+  * Minimum of 100MB free disk/flash space ([[#flashstorage_space_requirements|see flash/storage requirements]]).
   * Higher performance routers i.e. dual-core with higher processor clock speeds are recommended.   * Higher performance routers i.e. dual-core with higher processor clock speeds are recommended.
  
Line 23: Line 22:
  
 An alternative option could be to use a Raspberry Pi Zero plugged into your routers USB port to run AGH. [[https://forum.openwrt.org/t/raspberry-pi-zero-as-a-router-attached-ethernet-gadget/112329|Using a Pi Zero for AGH]]. An alternative option could be to use a Raspberry Pi Zero plugged into your routers USB port to run AGH. [[https://forum.openwrt.org/t/raspberry-pi-zero-as-a-router-attached-ethernet-gadget/112329|Using a Pi Zero for AGH]].
 +
 +==== DNS latency/performance ====
 +
 +For the best performance and lowest latency on DNS requests, AGH should be your primary DNS resolver in your DNS chain. If you currently have dnsmasq or unbound installed, you should move these services to an alternative port and have AGH use DNS port 53 with upstream DNS resolvers of your choice configured. This wiki recommends keeping dnsmasq/unbound as your local/PTR resolver for Reverse DNS.
 +
 +The rationale for this is due to resolvers like dnsmasq forking each DNS request when AGH is set as an upstream, this will have an impact on DNS latency which is can be viewed in the AGH dashboard. You will also not benefit from being able to see the DNS requests made by each client if AGH is not your primary DNS resolver as all traffic will appear from your router.
 +
 +The install script in the setup section will move dnsmasq to port 5353 and set it for AGH to use as local PTR / reverse DNS lookups.
 +
 +==== Flash/storage space requirements ====
 +
 +The compiled ''AdGuardHome'' binary has grown since the 0.107.0 release. For many routers this will be quite a significant amount of storage taken up in the overlay filesystem. In addition, features like statistics and query logging will also require further storage space when being written to the working directory. For routers with less flash space, it is highly recommended to use USB or an external storage path to avoid filling up your overlay filesystem. If you have low flash space, you may want to use the custom installation method and have all of the AdGuard Home installation stored outside of your flash storage. Alternatively you can also perform an [[:docs:guide-user:additional-software:extroot_configuration|exroot configuration]].
 +
 +Currently (May 2022 edge build 108) a full install to the /opt folder you really require about 100mb of space.
 +  * (70mb) 35mb x2 for the AGH binary and again for when it backups and upgrades. (that's in the agh-backup folder)
 +  * 20mb for my filters. (Again you can raise or lower this depending on what lists you use)
 +  *  2mb - 90 days of statistics.
 +  * 53mb - 7 days of query logs.
 +
 +You can tweak your logging to keep things smaller if required.
 +
 +==== Query/statistics logging ====
 +
 +One of the main benefits of AGH is the detailed query and statistics data provided, however for many routers having long retention periods for this data can cause issues (see flash/storage space requirements). If you are using the default tmpfs storage, you should set a relatively short retention period or disable logging altogether. If you want to have longer retention periods for query/statistics data, consider moving the storage directory to outside your routers flash space.
  
 ===== Installation ===== ===== Installation =====
  
-Since 21.02, there is a official [[:packages:pkgdata:adguardhome|AdGuard Home package]] which can be installed through [[:docs:guide-user:additional-software:opkg|opkg]]. The official package has also been confirmed to work on 19.07 but it does not exist in the 19.07 packages list.+Since 21.02, there is a official [[:packages:pkgdata:adguardhome|AdGuard Home package]] which can be installed through [[:docs:guide-user:additional-software:opkg|opkg]].  
 + 
 +The opkg package for 21.02 has also been confirmed to work on 19.07but will require transferring the correct ipk through SSH or SCP and installing with opkg manually due to not being present in the 19.07 packages repository.
  
 Required dependencies (ca-bundle) are automatically resolved and installed when using the official package. Required dependencies (ca-bundle) are automatically resolved and installed when using the official package.
Line 54: Line 79:
 ==== Setup ==== ==== Setup ====
  
-After installing the opkg package, run the following commands through SSH to prepare for making AGH the primary DNS resolver, replacing dnsmasq and demoting it to an internal DNS resolver only+After installing the opkg package, run the following commands through SSH to prepare for making AGH the primary DNS resolver. These instructions assume you are using dnsmasq. This will demote dnsmasq to an internal DNS resolver only.
- +
-**Note:** If your router is not at ''192.168.1.1'' then replace the router IP address used in the commands below accordingly.+
  
 <code bash> <code bash>
 +# Get the first IPv4 and IPv6 Address of router and store them in following variables for use during the script.
 +NET_ADDR=$(/sbin/ip -o -4 addr list br-lan | awk 'NR==1{ split($4, ip_addr, "/"); print ip_addr[1] }')
 +NET_ADDR6=$(/sbin/ip -o -6 addr list br-lan scope global | awk 'NR==1{ split($4, ip_addr, "/"); print ip_addr[1] }')
 +
 +echo "Router IPv4 : ""${NET_ADDR}"
 +echo "Router IPv6 : ""${NET_ADDR6}"
 +
 # 1. Disable dnsmasq from needlessly looking at the /etc/resolv.conf file. # 1. Disable dnsmasq from needlessly looking at the /etc/resolv.conf file.
 # 2. Reduce dnsmasq cache size as it will only provide PTR/rDNS info. # 2. Reduce dnsmasq cache size as it will only provide PTR/rDNS info.
 # 3. Disable rebind protection. Filtered DNS service responses from blocked domains are 0.0.0.0 which causes dnsmasq to fill the system log with possible DNS-rebind attack detected messages. # 3. Disable rebind protection. Filtered DNS service responses from blocked domains are 0.0.0.0 which causes dnsmasq to fill the system log with possible DNS-rebind attack detected messages.
 # 4. Move dnsmasq to port 5353. # 4. Move dnsmasq to port 5353.
 +# 5. Set Ipv4 DNS advertised by option 6 DHCP 
 +# 6. Set Ipv6 DNS advertised by DHCP
 uci set dhcp.@dnsmasq[0].noresolv="1" uci set dhcp.@dnsmasq[0].noresolv="1"
 uci set dhcp.@dnsmasq[0].cachesize="1000" uci set dhcp.@dnsmasq[0].cachesize="1000"
 uci set dhcp.@dnsmasq[0].rebind_protection='0' uci set dhcp.@dnsmasq[0].rebind_protection='0'
-uci -q delete dhcp.@dnsmasq[0].server 
-uci add_list dhcp.@dnsmasq[0].server="192.168.1.1" 
 uci set dhcp.@dnsmasq[0].port="5353" uci set dhcp.@dnsmasq[0].port="5353"
 +uci -q delete dhcp.@dnsmasq[0].server
 +uci add_list dhcp.@dnsmasq[0].server="${NET_ADDR}"
 +
 +#Delete existing config ready to install new options.
 +uci -q delete dhcp.lan.dhcp_option
 +uci -q delete dhcp.lan.dns
 +
 +# DHCP option 6: which DNS (Domain Name Server) to include in the IP configuration for name resolution
 +uci add_list dhcp.lan.dhcp_option='6,'"${NET_ADDR}" 
 +
 +#DHCP option 3: default router or last resort gateway for this interface
 +uci add_list dhcp.lan.dhcp_option='3,'"${NET_ADDR}"
 +
 +#Set IPv6 Announced DNS
 +for OUTPUT in $(ip -o -6 addr list br-lan scope global | awk '{ split($4, ip_addr, "/"); print ip_addr[1] }')
 +do
 + echo "Adding $OUTPUT to IPV6 DNS"
 + uci add_list dhcp.lan.dns=$OUTPUT
 +done
 uci commit dhcp uci commit dhcp
 /etc/init.d/dnsmasq restart /etc/init.d/dnsmasq restart
Line 88: Line 137:
 Feel free to change upstream DNS servers to whatever you like (Adguard Home supports DoH, DoT and DoQ out of the box), add the blacklists of your preference and enjoy ad-free browsing on all of your devices. Feel free to change upstream DNS servers to whatever you like (Adguard Home supports DoH, DoT and DoQ out of the box), add the blacklists of your preference and enjoy ad-free browsing on all of your devices.
  
-=== Reverse DNS (rDNS) ===+{{:media:adguard_home_web_interface.gif?600|}}
  
-To enable rDNS so AGH picks up your DHCP assignments from OpenWrt. 
- 
-  - From the AdGuard Home web interface **Settings** -> **DNS settings** 
-  - Scroll to "Private reverse DNS servers" 
-  - Add ''192.168.1.1:5353'' 
-  - Tick both "//Use private reverse DNS resolvers//" and "//Enable reverse resolving of clients' IP addresses//" boxes and click apply. 
- 
-{{:media:doc:howtos:rdns_agh.png?600|}} 
  
 ==== Manual installation ==== ==== Manual installation ====
Line 111: Line 152:
 Recommendations and best configuration practices for using AGH on OpenWrt. Recommendations and best configuration practices for using AGH on OpenWrt.
  
-=== Web interface ===+==== Web interface ====
  
-AdGuard Home has it's own web interface for configuration and management and is not managed through LuCI. There is no official LuCI application for managing AdGuard Home. By default the web interface will be on port TCP 3000. To access the web interface, use the IP of your router: http://192.168.1.1:3000. If this is the first time you have installed AdGuard Home you will go through the setup process. By default LuCI will be configured to use standard ports TCP 80/443, so AdGuard Home will need to use an alternative port for the web interface. You can use the default port TCP 3000 or change it to an alternative. Once AGH is active then [[https://github.com/AdguardTeam/AdGuardHome/wiki/Configuration|follow the official AdGuard Home wiki instructions]] to configure upstreams and filters.+AdGuard Home has it's own web interface for configuration and management and is not managed through LuCI. There is no official LuCI application for managing AdGuard Home. By default the web setup interface will be on port TCP 3000. To access the web interface, use the IP of your router: http://192.168.1.1:3000. If this is the first time you have installed AdGuard Home you will go through the setup process.  
 + 
 +By default LuCI will be configured to use standard ports TCP 80/443, so AdGuard Home will need to use an alternative port for the web interface. You can use the default setup port TCP 3000 or change it to an alternative (8080 is the usual port 80 replacememt) 
 + 
 +Once AGH is active then [[https://github.com/AdguardTeam/AdGuardHome/wiki/Configuration|follow the official AdGuard Home wiki instructions]] to configure upstreams and filters. A list of known DNS providers and settings is here : [[https://adguard-dns.io/kb/general/dns-providers/|Known DNS Providers]]
  
 Note: Some settings may not be editable via the web interface and instead will need to be changed by editing the ''adguardhome.yaml'' configuration file. Note: Some settings may not be editable via the web interface and instead will need to be changed by editing the ''adguardhome.yaml'' configuration file.
  
-=== Nginx Reverse proxy through LuCI ===+==== Nginx Reverse proxy through LuCI ====
  
-If you already use Nginx for LuCI rather than uhttpd you can reverse proxy the AdGuard Home interface. This can simplify accessing the AdGuard Home interface and not having to worry about URLs with non standard HTTP ports. Using a reverse proxy also means you don't have to specifically configure HTTPS access through AdGuard Home and can instead utilise the HTTPS configuration of LuCI instead.+If you already use [[:docs:guide-user:services:webserver:nginx|Nginx with LuCI]] rather than [[:docs:guide-user:services:webserver:uhttpd|uHTTPd]] you can reverse proxy the AdGuard Home interface. This can simplify accessing the AdGuard Home interface and not having to worry about URLs with non standard HTTP ports. Using a reverse proxy also means you don't have to specifically configure HTTPS access through AdGuard Home and can instead utilise the HTTPS configuration of LuCI instead.
  
 The following example will allow accessing the AdGuard Home interface as a sub directory path /adguard-home. If your router IP or AdGuard Home ''http_port'' value is different, change it accordingly. The following example will allow accessing the AdGuard Home interface as a sub directory path /adguard-home. If your router IP or AdGuard Home ''http_port'' value is different, change it accordingly.
Line 133: Line 178:
 Accessing in your browser: http://[ROUTER]/adguard-home. Accessing in your browser: http://[ROUTER]/adguard-home.
  
-You can read further information [[:docs:guide-user:services:webserver:nginx|on running LuCI through Nginx]] and [[https://docs.nginx.com/nginx/admin-guide/web-server/reverse-proxy/|reverse proxy examples]] from the Nginx docs.+You can read more [[https://docs.nginx.com/nginx/admin-guide/web-server/reverse-proxy/|reverse proxy configurations]] from the Nginx docs.
  
 **Disable DoH encryption on AdGuard Home** **Disable DoH encryption on AdGuard Home**
Line 139: Line 184:
 If you have configured TLS on LuCI, there's no need to use TLS on AdGuard Home. Set ''allow_unencrypted_doh'' to false in ''adguardhome.yaml'' to allow AdGuard Home respond to DoH requests without TLS encryption. If you have configured TLS on LuCI, there's no need to use TLS on AdGuard Home. Set ''allow_unencrypted_doh'' to false in ''adguardhome.yaml'' to allow AdGuard Home respond to DoH requests without TLS encryption.
  
-=== Debugging ===+==== Reverse DNS (rDNS) ====
  
-If AdGuard Home won't start, you will want to view error logs to understand why.+To enable rDNS so AGH picks up your DHCP assignments from OpenWrt.
  
-If using the opkg package you can view syslog for errors using ''logread''.+  - From the AdGuard Home web interface **Settings** -> **DNS settings** 
 +  - Scroll to "Private reverse DNS servers" 
 +  - Add ''192.168.1.1:5353'' 
 +  - Tick both "//Use private reverse DNS resolvers//" and "//Enable reverse resolving of clients' IP addresses//" boxes and click apply.
  
-<code bash> +{{:media:doc:howtos:rdns_agh.png?600|}}
-logread -e AdGuardHome +
-</code>+
  
-You can also run AdGuardHome from command line and see the output directly.+==== LAN domain interception ====
  
-<code bash> +Adding the following to the Upstream DNS Server configuration will intercept any LAN domain request or requests without a FQDN and pass those requests to the appropriate resolver, which is mostly like your OpenWrt router but it doesn't have to be
-AdGuardHome -v -c /etc/adguardhome.yaml -w /var/adguardhome --no-check-update +
-</code>+
  
-This example uses the defaults set in the init script with the exception of the verbose flag.+The default LAN domain configured by OpenWrt is "lan", but if you have configured you own domain, you can use this in the example code below:
  
-  * ''-v --verbose'' - Enables verbose output (useful for debugging). +(127.0.0.1) local loopback is used here to enable statistics tracking but you may also use your router ip (192.168.1.1) here too.
-  * ''-c --config'' - Path to the AdGuard Home YAML config. +
-  * ''-w --work-dir'' - Path to the set working directory where data such as logs and statistics are stored. +
-  * ''--no-check-update'' - Disables the built in update checker.+
  
-The most common reason for AdGuard Home not starting is due to syntax errors in the ''adguardhome.yaml'' config.+**Settings** -> **DNS Settings** > **Upstream Servers**
  
-=== Flash/storage space requirements ===+<code> 
 +[/lan/]127.0.0.1:5353 
 +[//]127.0.0.1:5353 
 +</code>
  
-The compiled ''AdGuardHome'' binary has grown since the 0.107.0 release. For many routers this will be quite a significant amount of storage taken up in the overlay filesystem. In addition, features like statistics and query logging will also require further storage space when being written to the working directory. For routers with less flash space, it is highly recommended to use USB or an external storage path to avoid filling up your overlay filesystem. If you have low flash space, you may want to use the custom installation method and have all of the AdGuard Home installation stored outside of your flash storage. Alternatively you can also perform an [[:docs:guide-user:additional-software:extroot_configuration|exroot configuration]]. 
  
-=== Query/statistics logging ===+==== Creating ipset policies ====
  
-One of the main benefits of AGH is the detailed query and statistics data provided, however for many routers having long retention periods for this data can cause issues (see flash/storage space requirements). If you are using the default tmpfs storage, you should set a relatively short retention period or disable logging altogether. If you want to have longer retention periods for query/statistics data, consider moving the storage directory to outside your routers flash space.+For users using ipset policies for purposes such as VPN split tunnelling, AGH provides ipset functionality similar to dnsmasq. The configuration/syntax is slightly different and you will need to migrate any existing dnsmasq ipset policies to the AGH format and apply these to AGH instead.
  
-=== DNS latency/performance ===+An ipset policy is defined in the ''adguardhome.yaml'' file, there is currently no web interface available to add these policies, therefore you must add these to the yaml config manually.
  
-For the best performance and lowest latency on DNS requests, AGH should be your primary DNS resolver in your DNS chain. If you currently have dnsmasq or unbound installed, you should move these services to an alternative port and have AGH use DNS port 53 with upstream DNS resolvers of your choice configured. The reason for this is due to resolvers like dnsmasq forking each DNS request when AGH is set as an upstream, this will increase latency on DNS requests. You will also not benefit from being able to see the DNS requests made by each client if AGH is not your primary DNS resolver. +If ipset is not already installedinstall it:
- +
-=== Creating ipset policies === +
- +
-AGH provides ipset functionality similar to dnsmasq. The configuration/syntax is slightly different and you will need to migrate any existing dnsmasq ipset policies to the AGH format. An ipset policy is defined in the ''adguardhome.yaml'' file, there is currently no web interface available to add these policiestherefore you must add these to the yaml config manually.+
  
 <code bash> <code bash>
 +opkg update
 opkg install ipset opkg install ipset
 </code> </code>
  
-Example syntax:+**Example dnsmasq syntax** 
 + 
 +Using the following example ipset rules in dnsmasq as a reference, the AGH equivalent is demonstrated. 
 + 
 +<code> 
 +ipset=/domain.com/ipset_name 
 +ipset=/domain1.com/domain2.com/ipset_name,ipset_name2 
 +</code> 
 + 
 +**Example AGH syntax**
  
 <code yaml> <code yaml>
Line 194: Line 243:
 </code> </code>
  
-An ipset policy in AGH can have one or more domains as well as be assigned to multiple ipset chains. Further information on ipset functionality can be found on the [[https://github.com/AdguardTeam/AdGuardHome/wiki/Configuration#configuration-file|official AdGuard Home wiki]] under "other settings".+The main syntax differences is each domain is separated using a comma ('','') not a forward slash (''/''). A forward slash denotes the end of a domain rule with AGH. When specifying the ipset chain, a comma is used in both examples to denote multiple chains if required.
  
-**Note:** The ipset chains must exist before being used or referenced in AGH to work.+Like dnsmasq, an ipset policy in AGH can have one or more domains as well as be assigned to multiple ipset chains. Further information on ipset functionality can be found on the [[https://github.com/AdguardTeam/AdGuardHome/wiki/Configuration#configuration-file|official AdGuard Home wiki]] under "other settings".
  
-=== AGH as a NextDNS client ===+**Note:** The ipset chains must exist before being used or referenced as AGH does not initialise them. It is possible to potentially encounter a race condition on startup if the ipset chains are not created in time when AGH attempts to start. An alternative is creating a [[:docs:techref:initscripts|custom init script]] that runs the ipset create command earlier than the START value of AGH. 
 + 
 +==== AGH as a NextDNS client ====
  
 AGH is recommended to be used with filtering disabled as a NextDNS client. [[https://forum.openwrt.org/t/how-to-updated-2021-installing-adguardhome-on-openwrt/113904/6|Using AGH as a NextDNS Client]] AGH is recommended to be used with filtering disabled as a NextDNS client. [[https://forum.openwrt.org/t/how-to-updated-2021-installing-adguardhome-on-openwrt/113904/6|Using AGH as a NextDNS Client]]
  
-=== DNS interception ===+===== DNS Interception =====  
 + 
 +Some devices will bypass DHCP provided DNS servers e.g. Google Chromecast.  
 + 
 +In order to make sure all DNS traffic goes through your primary DNS resolver, you can enforce this through firewall rules.
  
-Some devices will bypass DHCP provided DNS servers e.g. Google Chromecast. In order to make sure all DNS traffic goes through your primary DNS resolver. You can enforce this through iptables/firewall.+==== IPTables (firewall3) ====
  
 Copy and paste these iptables rules in **Network -> Firewall -> Custom Rules Tab** or directly to ''/etc/firewall.user''. Copy and paste these iptables rules in **Network -> Firewall -> Custom Rules Tab** or directly to ''/etc/firewall.user''.
Line 230: Line 285:
 [[:docs:guide-user:firewall:fw3_configurations:intercept_dns|Further information on DNS interception]] [[:docs:guide-user:firewall:fw3_configurations:intercept_dns|Further information on DNS interception]]
  
-=== Bypassing encrypted DNS for NTP ===+==== NFT Tables (firewall4) ====
  
 +<code bash>
 +nft add rule nat pre udp dport 53 ip saddr 192.168.1.0/24 dnat 192.168.1.1:53
 +</code>
 +This will redirect all DNS traffic from 192.168.1.0/24 to the 192.168.1.1 server.
 +
 +===== Bypassing encrypted DNS for NTP =====
 +
 +<WRAP important 100%>
 +In order for SSL to work the correct date/time MUST be set on the device. Not all routers have a Real Time Clock and thus must use NTP to update to the correct date/time on boot. As SSL will NOT work without the correct date/time you MUST bypass encrypted DNS to enable NTP updates to work. 
 +</WRAP>
 +<WRAP important 100%>
 +Your router does NOT need encrypted DNS. Only your clients behind the router require filtering and encryption. Setting your router to use AGH as its DNS **WILL** result in failed NTP lookups unless you bypass encrypted lookups for NTP. This is **NOT** a recommended setup. Your router should have its own unencrypted upstream for NTP lookups.
 +</WRAP>
 When using a upstream DNS setup that utilises DNS encryption e.g. DoT or DoH, you may come across a race condition on startup where communication to such DNS resolvers is not possible because of the NTP service not being able to establish a connection to a network time source and the set the correct time on your router. Given encrypted DNS relies on TLS/certificates, having accurate time is more important. To prevent this, you can allow NTP DNS requests to use plain DNS, regardless of the upstream DNS resolvers set. When using a upstream DNS setup that utilises DNS encryption e.g. DoT or DoH, you may come across a race condition on startup where communication to such DNS resolvers is not possible because of the NTP service not being able to establish a connection to a network time source and the set the correct time on your router. Given encrypted DNS relies on TLS/certificates, having accurate time is more important. To prevent this, you can allow NTP DNS requests to use plain DNS, regardless of the upstream DNS resolvers set.
  
Line 246: Line 314:
  
 Click apply to enable these specific DNS rules. Click apply to enable these specific DNS rules.
 +
 +===== Debugging =====
 +
 +If AdGuard Home won't start, you will want to view error logs to understand why.
 +
 +If using the opkg package you can view syslog for errors using ''logread''.
 +
 +<code bash>
 +logread -e AdGuardHome
 +</code>
 +
 +You can also run AdGuardHome from command line and see the output directly.
 +
 +<code bash>
 +AdGuardHome -v -c /etc/adguardhome.yaml -w /var/adguardhome --no-check-update
 +</code>
 +
 +This example uses the defaults set in the init script with the extra addition of the verbose flag.
 +
 +  * ''-v --verbose'' - Enables verbose output (useful for debugging).
 +  * ''-c --config'' - Path to the AdGuard Home YAML config.
 +  * ''-w --work-dir'' - Path to the set working directory where data such as logs and statistics are stored.
 +  * ''--no-check-update'' - Disables the built in update checker.
 +
 +The most common reason for AdGuard Home not starting is due to syntax errors in the ''adguardhome.yaml'' config.
 +
 +===== Uninstalling =====
 +This script uninstalls AGH and resets your router DNS to Google DNS. This is a known good default and should always work.
 +
 +**Note:** If your router is not at ''192.168.1.1'' then replace the router IP address used in the commands below accordingly.
 +
 +''uninstallAGH.sh''
 +<code bash>
 +#!/bin/sh
 +opkg update
 +service adguardhome stop
 +service adguardhome disable
 +opkg remove adguardhome
 +
 +# 1. Reverts AdGuard Home configuration and resets settings to default.
 +# 2. Enable rebind protection.
 +# 3. Remove DHCP options for IPv4 and IPv6 
 +uci -q delete dhcp.@dnsmasq[0].noresolv
 +uci -q delete dhcp.@dnsmasq[0].cachesize
 +uci set dhcp.@dnsmasq[0].rebind_protection='1'
 +uci -q delete dhcp.@dnsmasq[0].server
 +uci -q delete dhcp.@dnsmasq[0].port
 +uci -q delete dhcp.lan.dhcp_option
 +uci -q delete dhcp.lan.dns
 +
 +# Network Configuration
 +# Disable peer/ISP DNS
 +uci set network.wan.peerdns="0"
 +uci set network.wan6.peerdns="0"
 +
 +# Configure DNS provider to Google DNS
 +uci -q delete network.wan.dns
 +uci add_list network.wan.dns="8.8.8.8"
 +uci add_list network.wan.dns="8.8.4.4"
 + 
 +# Configure IPv6 DNS provider to Google DNS
 +uci -q delete network.wan6.dns
 +uci add_list network.wan6.dns="2001:4860:4860::8888"
 +uci add_list network.wan6.dns="2001:4860:4860::8844"
 + 
 +# Save and apply
 +uci commit dhcp
 +uci commit network
 +/etc/init.d/network restart
 +/etc/init.d/dnsmasq restart
 +/etc/init.d/odhcpd restart
 +</code>
 +
 +Reconnect your clients to apply the changes.
 +
 +===== Data Files =====
 +
 +The ''AdGuardHome/data'' folder contains the following.
 +<code>
 +root@OpenWrt:/opt/AdGuardHome/data# ll -h
 +drwxr-xr-x    3 root     root         512 Oct 29 09:42 ./
 +drwxrwxrwx    4 root     root         736 Oct 30 09:06 ../
 +drwxr-xr-x    2 root     root         800 Nov  2 09:52 filters/
 +-rw-r--r--    1 root     root       45.4M Nov  2 20:42 querylog.json
 +-rw-r--r--    1 root     root        8.9M Oct 29 09:00 querylog.json.1
 +-rw-r--r--    1 root     root       32.0K Oct 30 05:28 sessions.db
 +-rw-r--r--    1 root     root        4.0M Nov  2 21:00 stats.db
 +</code>
 +
 +  * ''querylog.json'': These are your DNS queries. Can be removed.
 +  * ''sessions.db'': active logins to AGH currently. This can be deleted but you will need to relog back in.
 +  * ''stats.db'': Your statistics database. can purge but you will lose your statistics data.
 +
 +The filters folder contains all your filter downloads. Purge if it is full but AGH will re-download your filters.
 +
 +If your filters are too large for your diskspace you will have to disable large filters and restrict their usage.
 +
 +The ''AdGuardHome/agh-backup'' folder contains the previous version of AGH. This also can be removed if space is at a premium.
 +
 ===== References ===== ===== References =====
  
   * [[https://github.com/AdguardTeam/AdGuardHome/wiki/Configuration|AdGuard Home official Wiki]]   * [[https://github.com/AdguardTeam/AdGuardHome/wiki/Configuration|AdGuard Home official Wiki]]
-  * [[https://github.com/openwrt/packages/tree/master/net/adguardhome|OpenWrt AdGuard Home package source]] 
   * [[https://github.com/AdguardTeam/AdGuardHome|AdGuard Home source tree]]   * [[https://github.com/AdguardTeam/AdGuardHome|AdGuard Home source tree]]
 +  * [[https://github.com/AdguardTeam/AdGuardHome/wiki/Platforms|AdGuard Home Supported Platforms and Releases]]
 +  * [[https://github.com/openwrt/packages/tree/master/net/adguardhome|OpenWrt AdGuard Home package source]]
  • Last modified: 2022/07/01 17:56
  • by mercygroundabyss