Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revisionBoth sides next revision
docs:guide-user:services:dns:adguard-home [2022/06/25 22:33] – [Web interface] added known dns providers link mercygroundabyssdocs:guide-user:services:dns:adguard-home [2022/06/25 22:41] – [Bypassing encrypted DNS for NTP] enhanced warning for NTP bypass for lookups. mercygroundabyss
Line 295: Line 295:
  
 <WRAP important 100%> <WRAP important 100%>
-In order for SSL to work the correct date/time MUST be set on the device. Not all routers have a Real Time Clock and thus must use NTP to update to the correct date/time on boot. As SSL will NOT work without the correct date/time you MUST bypass encrypted DNS to enable NTP updates to work.+In order for SSL to work the correct date/time MUST be set on the device. Not all routers have a Real Time Clock and thus must use NTP to update to the correct date/time on boot. As SSL will NOT work without the correct date/time you MUST bypass encrypted DNS to enable NTP updates to work.  
 +</WRAP> 
 +<WRAP important 100%> 
 +Your router does NOT need encrypted DNS. Only your clients behind the router require filtering and encryption. Setting your router to use AGH as its DNS **WILL** result in failed NTP lookups unless you bypass encrypted lookups for NTP. This is **NOT** a recommended setup. Your router should have its own unencrypted upstream for NTP lookups.
 </WRAP> </WRAP>
- 
 When using a upstream DNS setup that utilises DNS encryption e.g. DoT or DoH, you may come across a race condition on startup where communication to such DNS resolvers is not possible because of the NTP service not being able to establish a connection to a network time source and the set the correct time on your router. Given encrypted DNS relies on TLS/certificates, having accurate time is more important. To prevent this, you can allow NTP DNS requests to use plain DNS, regardless of the upstream DNS resolvers set. When using a upstream DNS setup that utilises DNS encryption e.g. DoT or DoH, you may come across a race condition on startup where communication to such DNS resolvers is not possible because of the NTP service not being able to establish a connection to a network time source and the set the correct time on your router. Given encrypted DNS relies on TLS/certificates, having accurate time is more important. To prevent this, you can allow NTP DNS requests to use plain DNS, regardless of the upstream DNS resolvers set.
  
  • Last modified: 2022/07/01 17:56
  • by mercygroundabyss