AdGuard Home setup guide

[yeraycito]

Should we be setting DNS cache size in Adguard to 0 to allow Unbound to handle caching?

I have DNS caching active on both sites and everything works fine.

[mrancier]

Sorry for the hijack, but just wondered if anyone has any idea of how I can solve a particular problem with my Adguard Home Plugin setup:

My LAN interface is a bridge made up of all the ports on a 4 port intel x540, and my WAN is on a different interface altogether (duh).  I can successfully install the plugin and configure it, make it the default dns server by changing the port unbound uses to 5353 and leaving AdguardHome on 53.  Problem is that first time resolution takes about 30 seconds!  I am guessing it has to do with Adguard being bound to all existing interfaces.  I tried to bind it to the bridge address editing the Adguard Yaml config file and restarting the service, but it did not solve the issue.  Unbound works fine in its place, and I have adguard running on a secondary box in lan and unbound forwarding to it, as a workaround, and that works fine.  If anyone knows how to fix that, and can share, I would appreciate it.  Just in case, bridge is built following wiki directions, including tunables, and works as expected.  I am aware of the disadvantages of bridging ports, but it is an experiment and I would like to make it work as is.

Thanks.

[Patrick M. Hausen]

Try binding AdGuard Home to *:53 as you already did if I read your post correctly. Set Unbound to 53530 or similar. Reason being that 5353 is used by mDNS already.

I run AdGuard Home on all interfaces, 53, forwarding to BIND on 127.0.0.1:53530 - no problem so far.

[yodaphone]

2) Now, if I change the following, I get the reverse behaviour.  Inside AdGuards Top Clients, I can see only IPs (no host names), but upstream DNS is now showing up as 108.162.218.241 (Cloudflare).

Adguard/DNS Settings:
127.0.0.1:5353
1.1.1.1
1.0.0.1


I've also experiments with a few things to no avail, like:

[/168.192.in-addr.arpa/]127.0.0.1:5353

[/168.192.in-addr.arpa/]127.0.0.1

[/168.192.in-addr.arpa/]192.168.0.1:5353

[/168.192.in-addr.arpa/]192.168.0.1

Do you have any suggestions what I might be doing wrong?

Hi, were you able to solve this? All I see are IP Addresses. I have way too many devices/clients to enter them manually

[Superduke]

You just need to add your router ip in the upstream and bootstrap fields in the AdGuard DNS Setup menu with the appropriate port if you're still using UnBound...I am.  So I set up Unbound to listen on port 53530 and then added the below in AdGuard

eg. 192.168.1.1:53530

Adguard now processes and listens on all interfaces.

Works well....

[motamedn]

Thanks for posting this guide! In case anyone runs into problems with their Chromecast with Google TV after following these instructions and gets the error saying no internet is available, it might have to do with the optional but recommended port forward step.

Instead of including all sources for the port forward, you can select the devices you want to exclude from the port forward and tick the checkbox to invert the selection. This resolved my Chromecast with Google TV error. I have several so I made an alias. In the end, when I was done it looked like Source: !Google_devices.

Additionally, in the IRC, someone mentioned this port forward setup might lead to some abnormal behavior ie a device asks for 8.8.8.8 DNS but gets confused that Adguard Home responds. It may be better for reliability to set this up via a firewall rule to instead block all outbound DNS requests instead of forwarding the requests. Most devices will then use the local DNS as a back-up. I decided to make the change but still had to except the chromecast devices.

I made the following two rules and disabled the port forward.  These rules are under Firewall -> LAN and are the top rules in the set.

Rule 1:
ALLOW
Source: [Google_devices] -- this is an alias set up with all IP for my google devices
Source Port: *
Destination: !Lan address
Destination Port: 53 (DNS)

Rule 2:
REJECT
Source: *
Source Port: *
Destination: !Lan address
Destination Port: 53 (DNS)

[thebull]

Does anyone know's where the raw config file is stored within OPNsense for AdGuard?

[efahl]

Mine's in /usr/local/AdGuardHome/AdGuardHome.yaml

[sp33dy]

i keep having problem with adguard not being started autmaticly

did reinstall/reboot removed other packages etc etc but still same prb

i followed last in this post https://forum.opnsense.org/index.php?topic=16692.15

root@OPNsense:/usr/local/AdGuardHome #  ./AdGuardHome -s install
2021/07/27 10:02:41 [info] Service control action: install
2021/07/27 10:02:41 [fatal] Failed to install AdGuard Home service: Init already exists: /usr/local/etc/rc.d/AdGuardHome


problem is that only way for me to get it running after reboot is eather cli or webgui

why does it not start automatically?
ideas

regards /s

[mimugmail]

i followed last in this post https://forum.opnsense.org/index.php?topic=16692.15

root@OPNsense:/usr/local/AdGuardHome #  ./AdGuardHome -s install
2021/07/27 10:02:41 [info] Service control action: install
2021/07/27 10:02:41 [fatal] Failed to install AdGuard Home service: Init already exists: /usr/local/etc/rc.d/AdGuardHome

This is not the way it should be done .. don't do this.
Usually installing the plugin and enable is enough.

Now your install dir can be anywhere.

[sp33dy]

ok, well that sux that people give wrong instructions

is there anyway for me to fix this?

EDIT: like i stated i have deleted/installed package and rebooted and the problem still persisted, when it still did´t work i tried those instructions

[mimugmail]

/usr/local/AdGuardHome #  ./AdGuardHome -s uninstall / delete possibly?
Maybe then also remove the plugin and also /usr/local/AdGuard/Home folder.

Then install plugin again, enable and reboot. During reboot watch the console for errors

[sp33dy]

/usr/local/AdGuardHome #  ./AdGuardHome -s uninstall / delete possibly?
Maybe then also remove the plugin and also /usr/local/AdGuard/Home folder.

Then install plugin again, enable and reboot. During reboot watch the console for errors

thanks for your answer, still no good though


service runs fine when started manually, take ages to boot box when dns is not running
are there any startup script i can force run on boot to se if that atleast get it running after boot?

nothing wrong on console when booting up, status also says "not installed", i tried reinstall/reboot but still the same

root@OPNsense:/usr/local/AdGuardHome # ./AdGuardHome -s status
2021/07/28 08:59:59 [info] Service control action: status
2021/07/28 08:59:59 [fatal] failed to get service status: the service is not installed

[mimugmail]

root@OPNsense:/usr/local/AdGuardHome # ./AdGuardHome -s status
2021/07/28 08:59:59 [info] Service control action: status
2021/07/28 08:59:59 [fatal] failed to get service status: the service is not installed

Dont do this! I wrote a startup script cause this AdGuardHome -s XXX is a total mess. And thats why AGH is a community plugin and not in the official plugin repo. This -go stuff with their own service control sucks on BSD.

You can use this:
/usr/local/etc/rc.d/adguardhome

But if you already ran "-s install" your are lost somewhere in the middle :(

[sp33dy]

root@OPNsense:/usr/local/AdGuardHome # ./AdGuardHome -s status
2021/07/28 08:59:59 [info] Service control action: status
2021/07/28 08:59:59 [fatal] failed to get service status: the service is not installed

Dont do this! I wrote a startup script cause this AdGuardHome -s XXX is a total mess. And thats why AGH is a community plugin and not in the official plugin repo. This -go stuff with their own service control sucks on BSD.

You can use this:
/usr/local/etc/rc.d/adguardhome

But if you already ran "-s install" your are lost somewhere in the middle :(

I havent run the -s install on this installation

i´m sure there is something with my install that´s causing this and not the plugins itself, just trying to get a working installation here ;)

i asume this should run on bootup "/usr/local/etc/rc.d/adguardhome"

can i force run it in some other startup script?...for some reason it wont start for me