Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision Next revisionBoth sides next revision | ||
| docs:guide-user:services:dns:adguard-home [2022/06/25 22:22] – Moved sections for more logical layout. mercygroundabyss | docs:guide-user:services:dns:adguard-home [2022/06/25 22:41] – [Bypassing encrypted DNS for NTP] enhanced warning for NTP bypass for lookups. mercygroundabyss | ||
|---|---|---|---|
| Line 139: | Line 139: | ||
| {{: | {{: | ||
| - | ==== Reverse DNS (rDNS) ==== | ||
| - | |||
| - | To enable rDNS so AGH picks up your DHCP assignments from OpenWrt. | ||
| - | |||
| - | - From the AdGuard Home web interface **Settings** -> **DNS settings** | ||
| - | - Scroll to " | ||
| - | - Add '' | ||
| - | - Tick both "//Use private reverse DNS resolvers//" | ||
| - | |||
| - | {{: | ||
| - | |||
| - | ==== LAN domain interception ==== | ||
| - | |||
| - | Adding the following to the Upstream DNS Server configuration will intercept any LAN domain request or requests without a FQDN and pass those requests to the appropriate resolver, which is mostly like your OpenWrt router but it doesn' | ||
| - | |||
| - | The default LAN domain configured by OpenWrt is " | ||
| - | |||
| - | (127.0.0.1) local loopback is used here to enable statistics tracking but you may also use your router ip (192.168.1.1) here too. | ||
| - | |||
| - | **Settings** -> **DNS Settings** > **Upstream Servers** | ||
| - | |||
| - | < | ||
| - | [/ | ||
| - | [// | ||
| - | </ | ||
| ==== Manual installation ==== | ==== Manual installation ==== | ||
| Line 178: | Line 153: | ||
| ==== Web interface ==== | ==== Web interface ==== | ||
| - | |||
| AdGuard Home has it's own web interface for configuration and management and is not managed through LuCI. There is no official LuCI application for managing AdGuard Home. By default the web setup interface will be on port TCP 3000. To access the web interface, use the IP of your router: http:// | AdGuard Home has it's own web interface for configuration and management and is not managed through LuCI. There is no official LuCI application for managing AdGuard Home. By default the web setup interface will be on port TCP 3000. To access the web interface, use the IP of your router: http:// | ||
| Line 184: | Line 158: | ||
| By default LuCI will be configured to use standard ports TCP 80/443, so AdGuard Home will need to use an alternative port for the web interface. You can use the default setup port TCP 3000 or change it to an alternative (8080 is the usual port 80 replacememt). | By default LuCI will be configured to use standard ports TCP 80/443, so AdGuard Home will need to use an alternative port for the web interface. You can use the default setup port TCP 3000 or change it to an alternative (8080 is the usual port 80 replacememt). | ||
| - | Once AGH is active then [[https:// | + | Once AGH is active then [[https:// |
| Note: Some settings may not be editable via the web interface and instead will need to be changed by editing the '' | Note: Some settings may not be editable via the web interface and instead will need to be changed by editing the '' | ||
| Line 210: | Line 184: | ||
| If you have configured TLS on LuCI, there' | If you have configured TLS on LuCI, there' | ||
| - | ==== Debugging | + | ==== Reverse DNS (rDNS) |
| - | If AdGuard Home won't start, you will want to view error logs to understand why. | + | To enable rDNS so AGH picks up your DHCP assignments from OpenWrt. |
| - | If using the opkg package you can view syslog for errors using '' | + | - From the AdGuard Home web interface **Settings** -> **DNS settings** |
| + | - Scroll to " | ||
| + | - Add '' | ||
| + | - Tick both "//Use private reverse DNS resolvers//" | ||
| - | <code bash> | + | {{: |
| - | logread -e AdGuardHome | + | |
| - | </ | + | |
| - | You can also run AdGuardHome from command line and see the output directly. | + | ==== LAN domain interception ==== |
| - | <code bash> | + | Adding the following to the Upstream DNS Server configuration will intercept any LAN domain request or requests without a FQDN and pass those requests to the appropriate resolver, which is mostly like your OpenWrt router but it doesn' |
| - | AdGuardHome -v -c / | + | |
| - | </ | + | |
| - | This example uses the defaults set in the init script with the extra addition of the verbose flag. | + | The default LAN domain configured by OpenWrt is " |
| - | * '' | + | (127.0.0.1) local loopback is used here to enable |
| - | * '' | + | |
| - | * '' | + | **Settings** -> **DNS Settings** > **Upstream Servers** |
| - | * '' | + | |
| + | < | ||
| + | [/lan/]127.0.0.1: | ||
| + | [// | ||
| + | </ | ||
| - | The most common reason for AdGuard Home not starting is due to syntax errors in the '' | ||
| ==== Creating ipset policies ==== | ==== Creating ipset policies ==== | ||
| Line 319: | Line 295: | ||
| <WRAP important 100%> | <WRAP important 100%> | ||
| - | In order for SSL to work the correct date/time MUST be set on the device. Not all routers have a Real Time Clock and thus must use NTP to update to the correct date/time on boot. As SSL will NOT work without the correct date/time you MUST bypass encrypted DNS to enable NTP updates to work. | + | In order for SSL to work the correct date/time MUST be set on the device. Not all routers have a Real Time Clock and thus must use NTP to update to the correct date/time on boot. As SSL will NOT work without the correct date/time you MUST bypass encrypted DNS to enable NTP updates to work. |
| + | </ | ||
| + | <WRAP important 100%> | ||
| + | Your router does NOT need encrypted DNS. Only your clients behind the router require filtering and encryption. Setting your router to use AGH as its DNS **WILL** result in failed NTP lookups unless you bypass encrypted lookups for NTP. This is **NOT** a recommended setup. Your router should have its own unencrypted upstream for NTP lookups. | ||
| </ | </ | ||
| - | |||
| When using a upstream DNS setup that utilises DNS encryption e.g. DoT or DoH, you may come across a race condition on startup where communication to such DNS resolvers is not possible because of the NTP service not being able to establish a connection to a network time source and the set the correct time on your router. Given encrypted DNS relies on TLS/ | When using a upstream DNS setup that utilises DNS encryption e.g. DoT or DoH, you may come across a race condition on startup where communication to such DNS resolvers is not possible because of the NTP service not being able to establish a connection to a network time source and the set the correct time on your router. Given encrypted DNS relies on TLS/ | ||
| Line 336: | Line 314: | ||
| Click apply to enable these specific DNS rules. | Click apply to enable these specific DNS rules. | ||
| + | |||
| + | ===== Debugging ===== | ||
| + | |||
| + | If AdGuard Home won't start, you will want to view error logs to understand why. | ||
| + | |||
| + | If using the opkg package you can view syslog for errors using '' | ||
| + | |||
| + | <code bash> | ||
| + | logread -e AdGuardHome | ||
| + | </ | ||
| + | |||
| + | You can also run AdGuardHome from command line and see the output directly. | ||
| + | |||
| + | <code bash> | ||
| + | AdGuardHome -v -c / | ||
| + | </ | ||
| + | |||
| + | This example uses the defaults set in the init script with the extra addition of the verbose flag. | ||
| + | |||
| + | * '' | ||
| + | * '' | ||
| + | * '' | ||
| + | * '' | ||
| + | |||
| + | The most common reason for AdGuard Home not starting is due to syntax errors in the '' | ||
| ===== Uninstalling ===== | ===== Uninstalling ===== | ||