OpenWrt news, tools, tips and discussion. Related projects, such as DD-WRT, Tomato and OpenSAN, are also on-topic.
Beginner in OpenWRT : Can't set Adguard home as my DNS for all my networks
Hi,
I am new to OpenWRT and managed to have my network configured as well as a guest network. Now I'm trying to put everything behind Adguard Home. I tried to follow this guide : https://openwrt.org/docs/guide-user/services/dns/adguard-home#installation
But after doing so I have 2 problems :
-
The guest network no longer have DNS access (so no internet)
-
OpenWRT doesn't have internet access (so it can't download opkg packages for example)
Adguard works only for my main network. Could someone help me to set it up properly ? I can't find how.
I made a post about this with my whole config : https://forum.openwrt.org/t/adguard-home-as-my-primary-dns-doesnt-work-for-guests/155083
By the way, I am new to OpenWRT so if you see errors or bad things in my config, or have tips to improve it, I'm very interested.
Thanks in advance for any answer, have a great day
FordVerified
Found it, thanks a lot for this command.
Here is my AGH config :
bind_host: 192.168.1.1
bind_port: 3001
beta_bind_port: 0
users:
- name: [removed]
password: [removed]
auth_attempts: 5
block_auth_min: 15
http_proxy: ""
language: ""
debug_pprof: false
web_session_ttl: 720
dns:
bind_hosts:
- 192.168.1.1
port: 53
statistics_interval: 1
querylog_enabled: true
querylog_file_enabled: true
querylog_interval: 2160h
querylog_size_memory: 1000
anonymize_client_ip: false
protection_enabled: true
blocking_mode: default
blocking_ipv4: ""
blocking_ipv6: ""
blocked_response_ttl: 10
parental_block_host: family-block.dns.adguard.com
safebrowsing_block_host: standard-block.dns.adguard.com
ratelimit: 20
ratelimit_whitelist: []
refuse_any: true
upstream_dns:
- 9.9.9.10
- 149.112.112.10
- 2620:fe::10
- 2620:fe::fe:10
- '[/lan/]127.0.0.1:54'
- '[//]127.0.0.1:54'
- '[/pool.ntp.org/]9.9.9.10'
- '[/pool.ntp.org/]149.112.112.10'
- '[/pool.ntp.org/]2620:fe::10'
- '[/pool.ntp.org/]2620:fe::fe:10'
upstream_dns_file: ""
bootstrap_dns:
- 9.9.9.10
- 149.112.112.10
- 2620:fe::10
- 2620:fe::fe:10
all_servers: false
fastest_addr: false
fastest_timeout: 1s
allowed_clients: []
disallowed_clients: []
blocked_hosts:
- version.bind
- id.server
- hostname.bind
trusted_proxies:
- 127.0.0.0/8
- ::1/128
cache_size: 4194304
cache_ttl_min: 0
cache_ttl_max: 0
cache_optimistic: false
bogus_nxdomain: []
aaaa_disabled: false
enable_dnssec: false
edns_client_subnet: false
max_goroutines: 300
handle_ddr: true
ipset: []
ipset_file: ""
filtering_enabled: true
filters_update_interval: 24
parental_enabled: false
safesearch_enabled: false
safebrowsing_enabled: false
safebrowsing_cache_size: 1048576
safesearch_cache_size: 1048576
parental_cache_size: 1048576
cache_time: 30
rewrites: []
blocked_services: []
upstream_timeout: 10s
private_networks: []
use_private_ptr_resolvers: true
local_ptr_upstreams:
- 192.168.1.1:54
serve_http3: false
use_http3_upstreams: false
tls:
enabled: false
server_name: ""
force_https: false
port_https: 443
port_dns_over_tls: 853
port_dns_over_quic: 853
port_dnscrypt: 0
dnscrypt_config_file: ""
allow_unencrypted_doh: false
certificate_chain: ""
private_key: ""
certificate_path: ""
private_key_path: ""
strict_sni_check: false
filters:
- enabled: true
url: https://adguardteam.github.io/HostlistsRegistry/assets/filter_1.txt
name: AdGuard DNS filter
id: 1
- enabled: false
url: https://adguardteam.github.io/HostlistsRegistry/assets/filter_2.txt
name: AdAway Default Blocklist
id: 2
whitelist_filters: []
user_rules: []
dhcp:
enabled: false
interface_name: ""
local_domain_name: lan
dhcpv4:
gateway_ip: ""
subnet_mask: ""
range_start: ""
range_end: ""
lease_duration: 86400
icmp_timeout_msec: 1000
options: []
dhcpv6:
range_start: ""
lease_duration: 86400
ra_slaac_only: false
ra_allow_slaac: false
clients:
runtime_sources:
whois: true
arp: true
rdns: true
dhcp: true
hosts: true
persistent: []
log_file: ""
log_max_backups: 0
log_max_size: 100
log_max_age: 3
log_compress: false
log_localtime: false
verbose: false
os:
group: ""
user: ""
rlimit_nofile: 0
schema_version: 14So now I know how to change it without re-doing the initial configuration. But can it listen on multiple interfaces ? In the documentation interface is singular so I guess the answer is no. But then how to adapt my configuration so that I have a common interface for adguard but still 2 interfaces for both my personal and guest network ?
Thanks in advance for any answer, have a great day
If you want your server to accept requests on all interfaces and using both IP versions, for example if you run a public server, put one item with the unspecified IP of any version:
'dns':
'bind_hosts':
- '0.0.0.0'
If I do this, it means that the DNS will also be accessible from the outside of my network. Could this be a security problem?
I am hosting some services like home assistant on a Raspberry pi on Port 443 with caddy. Could this cause problem with its access?
By default inbound connection on WAN should be blocked. You also don’t have TLS enabled (which would need a cert anyway) so it won’t conflict with 443 for uhttpd/ha.
The ports that can be used by AGH is:
-
53 (unencrypted DNS)
-
443 (DoH)
-
853 (DoT/DoQ)
The alternative is to define multiple bind_hosts (apparently):
https://forum.openwrt.org/t/solved-adguard-home-and-vlans-that-cant-access-the-internet/151507
— Starfox