Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
Next revisionBoth sides next revision
docs:guide-user:services:dns:adguard-home [2022/06/25 22:29] – More section moves mercygroundabyssdocs:guide-user:services:dns:adguard-home [2022/06/25 22:41] – [Bypassing encrypted DNS for NTP] enhanced warning for NTP bypass for lookups. mercygroundabyss
Line 158: Line 158:
 By default LuCI will be configured to use standard ports TCP 80/443, so AdGuard Home will need to use an alternative port for the web interface. You can use the default setup port TCP 3000 or change it to an alternative (8080 is the usual port 80 replacememt).  By default LuCI will be configured to use standard ports TCP 80/443, so AdGuard Home will need to use an alternative port for the web interface. You can use the default setup port TCP 3000 or change it to an alternative (8080 is the usual port 80 replacememt). 
  
-Once AGH is active then [[https://github.com/AdguardTeam/AdGuardHome/wiki/Configuration|follow the official AdGuard Home wiki instructions]] to configure upstreams and filters.+Once AGH is active then [[https://github.com/AdguardTeam/AdGuardHome/wiki/Configuration|follow the official AdGuard Home wiki instructions]] to configure upstreams and filters. A list of known DNS providers and settings is here : [[https://adguard-dns.io/kb/general/dns-providers/|Known DNS Providers]]
  
 Note: Some settings may not be editable via the web interface and instead will need to be changed by editing the ''adguardhome.yaml'' configuration file. Note: Some settings may not be editable via the web interface and instead will need to be changed by editing the ''adguardhome.yaml'' configuration file.
Line 295: Line 295:
  
 <WRAP important 100%> <WRAP important 100%>
-In order for SSL to work the correct date/time MUST be set on the device. Not all routers have a Real Time Clock and thus must use NTP to update to the correct date/time on boot. As SSL will NOT work without the correct date/time you MUST bypass encrypted DNS to enable NTP updates to work.+In order for SSL to work the correct date/time MUST be set on the device. Not all routers have a Real Time Clock and thus must use NTP to update to the correct date/time on boot. As SSL will NOT work without the correct date/time you MUST bypass encrypted DNS to enable NTP updates to work.  
 +</WRAP> 
 +<WRAP important 100%> 
 +Your router does NOT need encrypted DNS. Only your clients behind the router require filtering and encryption. Setting your router to use AGH as its DNS **WILL** result in failed NTP lookups unless you bypass encrypted lookups for NTP. This is **NOT** a recommended setup. Your router should have its own unencrypted upstream for NTP lookups.
 </WRAP> </WRAP>
- 
 When using a upstream DNS setup that utilises DNS encryption e.g. DoT or DoH, you may come across a race condition on startup where communication to such DNS resolvers is not possible because of the NTP service not being able to establish a connection to a network time source and the set the correct time on your router. Given encrypted DNS relies on TLS/certificates, having accurate time is more important. To prevent this, you can allow NTP DNS requests to use plain DNS, regardless of the upstream DNS resolvers set. When using a upstream DNS setup that utilises DNS encryption e.g. DoT or DoH, you may come across a race condition on startup where communication to such DNS resolvers is not possible because of the NTP service not being able to establish a connection to a network time source and the set the correct time on your router. Given encrypted DNS relies on TLS/certificates, having accurate time is more important. To prevent this, you can allow NTP DNS requests to use plain DNS, regardless of the upstream DNS resolvers set.
  
  • Last modified: 2022/07/01 17:56
  • by mercygroundabyss