AdGuardHome Adguard setup

[SomeWhereOverTheRainBow]

Below a summary of all the settings and still adds comming through .

Follow my directions for disable browser auto doh in a previous post here.

AdGuardHome - Adguard setup

I'm trying to switch from diversion to addguard. I have disabled diversion and installed adguard. I can login local on the adguard settings Page. Adguard has the following adressen: 127.0.0.1 127.0.1.1 192.168.50.1 109.132.175.160 So the configuration is running. In the lan section of the...

www.snbforums.com

 

[Shadowflake]

Summary 2:

 

[Shadowflake]

Also make sure you are not using a VPN on your router or cellphone. Specifically a vpn that does not use the router for DNS services.

There is no VPN on the router or the phone.

 

[SomeWhereOverTheRainBow]

There is no VPN on the router or the phone.

Try making sure your chrome browsers doh secure dns feature is disabled by following the directions from this web source

https://techdocs.akamai.com/etp/docs/disable-doh-browsers

 

[SomeWhereOverTheRainBow]

There is no VPN on the router or the phone.

Also make sure features like this on your mobile device settings are disabled

 

[Shadowflake]

I have installed Firefox -> the same problem.
I was not able to find the settings mentioned on the website.

In chrome i disabled the secure DNS still the same problem.

 

[SomeWhereOverTheRainBow]

I have installed Firefox -> the same problem.
I was not able to find the settings mentioned on the website.

In chrome i disabled the secure DNS still the same problem.

See if you can find the private dns settings in your phone settings, make sure that is also disabled.

 

[Shadowflake]

Thanks for all the support.
The only think i can think of to try is to put a static IP in the phone.

........I think i will give up and delete adguard

 

[SomeWhereOverTheRainBow]

Thanks for all the support.
The only think i can think of to try is to put a static IP in the phone.

........I think i will give up and delete adguard

Your choice. Sorry it didn't work out.

 

[Shadowflake]

Small update diversion reinstalled and still adds. My partner here phone doesn t show any adds. So it is probably phone related. I can t find the setting Private DNS on my phone. Bah.... Anyway thanks for the patiënce and help.

 

[SomeWhereOverTheRainBow]

Small update diversion reinstalled and still adds. My partner here phone doesn t show any adds. So it is probably phone related. I can t find the setting Private DNS on my phone. Bah.... Anyway thanks for the patiënce and help.

Should be under


Settings>connections>more connection settings

 

[grogi]

He really doesnt have to change the loopback address, especially if he is using local resolver on his router.

He does. The entries put into the LAN / DHCP Server screen are values distributed to the clients through DHCP. Clients really should not query 127.0.1.1 - which is each client querying itself.

this would break the routers local DNS since dnsmasq is moved to a different port other than 53.

Essentially adguardhome is configured to listen on

0.0.0.0:53

It wouldn't.

Internally, there are two resolver configurations inside these router.

• one in /etc/resolv.conf and determines where the router itself goes when it wants to query for a name. This is typically set to 127.0.0.1
• second in /tmp/resolv.dnsmasq and determines where the dnsmasq resolver goes to. Values here are determined by the DNS Servers defined in the WAN screen.

I don't see a way a changing the configuration distributed to the clients through DHCP would change the router internal DNS resolution.

The wan interface can be ignored, since this should be blocked by the default firewall. ( and default security options of adguardhome itself).

Limiting the exposure vector is always a good idea. If you don't something, don't expose it.

The same as dnsmasq would have been if it had been left on port 53.

You need to distinguish two things: address a process is listening to and interface it is listening on. You mentioned dnsmasq - by default it only listens on br0. Not sure which addresses, never cared to check.

 

[grogi]

There are simple steps to debug it out and figure out where the issue is.

1. ipconfig /all on the client. Checks what are the settings distributed by DHCP server, which DNS server will be used.
2. nslookup www.google.com 192.168.50.1 - checks if DNS server at 192.168.50.1 responds
3. nslookup doubleadserve.com 192.168.50.1 - checks if DNS server at 192.168.50.1 filters out advertisement domains.
4. Go to adguard UI and see if the above queries were logged in the Query Log.

 

[SomeWhereOverTheRainBow]

There are simple steps to debug it out and figure out where the issue is.

1. ipconfig /all on the client. Checks what are the settings distributed by DHCP server, which DNS server will be used.
2. nslookup www.google.com 192.168.50.1 - checks if DNS server at 192.168.50.1 responds
3. nslookup doubleadserve.com 192.168.50.1 - checks if DNS server at 192.168.50.1 filters out advertisement domains.
4. Go to adguard UI and see if the above queries were logged in the Query Log.

Okay so, the Op complaint starts at the client level. Ads are being displayed. The OP has eliminated the router vector as you describe. Issue still remains that ads are visible on the client. ( Basically the Op had to undo any mistakes made from following the directions given by the adguardhome installation page which is a default page used to help users setup adguardhome, however the adguardhome installer addon already does all of this behind the scenes. There is nothing that can be done to hide this misleading page. So the OP went down the rabbit hole of plugging the misleading information given to them from the adguardhome troubleshooting page into their router gui settings which potentially boogered things up. We undid that which should have eliminated the router vector aspect. Then the issue leads to only being a client..........)

ON-TOP OF ALL THIS, the OP clients would have never used AdGuardHome anyways, because the OP had the "Global Filter Mode" set to "AdGuard AdBlock" which clearly is not the AdGuardHome installed on the router. This means all of the clients would have BY-Passed AdGuardHome and went straight to "AdGuard AdBlock DNS servers" which is not AdGuardHome.

Here is where we discovered the OP issue resided on the Client, and not the router. ( Essentially DNSFilter and "AdGuard Adblock" should have blocked "some" tiny amounts of advertisements by default since it would have directed the OP clients via the firewall to use "the wrong" adblocking dns server). This is the context clue that led me to determine the OP Client was to blame for causing such misfortune.

I have established from the OP's picture that the client in question is a mobile device. And that ads are visible on this device, while friends device that is also connected does not experience ads. Sometimes context is more efficient then diging out all these tools you mention that may or may not just create more confusion for the OP in question. So I went with context as my indicators.

 

[SomeWhereOverTheRainBow]

He does. The entries put into the LAN / DHCP Server screen are values distributed to the clients through DHCP. Clients really should not query 127.0.1.1 - which is each client querying itself.





It wouldn't.

Internally, there are two resolver configurations inside these router.

• one in /etc/resolv.conf and determines where the router itself goes when it wants to query for a name. This is typically set to 127.0.0.1
• second in /tmp/resolv.dnsmasq and determines where the dnsmasq resolver goes to. Values here are determined by the DNS Servers defined in the WAN screen.

I don't see a way a changing the configuration distributed to the clients through DHCP would change the router internal DNS resolution.



Limiting the exposure vector is always a good idea. If you don't something, don't expose it.



You need to distinguish two things: address a process is listening to and interface it is listening on. You mentioned dnsmasq - by default it only listens on br0. Not sure which addresses, never cared to check.

Those are addresses listed on an adguardhome installation help page. The OP corrected images showed the op removed them from the routers settings pages. The OP just misread that page thinking that information was needed to configure the router settings which may be useful if adguardhome was not installed on the router himself. However in this instance the adguardhome installation page created more confusion for the OP than it helped. We weeded that issue out. And adguardhome also has those same safety parameters where it only listens for local networks unless the user specifies they want to allow other networks. Those addresses on that page were just the known list of addresses of all the routers interfaces. Similar to how dnsmasq only listens on br0. But technically dnsmasq does listen on 0.0.0.0 while it's settings may restrict it to the br0 interface. Other wise how do guest networks and vpn clients use it too? I digress. We don't need a technical bought here. You can have the steering wheel, I am out.

 

[SomeWhereOverTheRainBow]

Below a summary of all the settings and still adds comming through .

 

[Mojolacerator]

Just wanted to thank the developer for the Adguard addon. Was using diversion. I flashed the new release of rmerlin on my AX88U - then set to factory reset. Installed Adguard using all the defaults - it is working seamlessly, it is faster then Diversion, and much easier to look at stats, add own list, custom lists etc. Just fantastic !