What's new
  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

AdGuardHome Asuswrt-Merlin-AdGuardHome-Installer (AMAGHI) cont.

Status
Not open for further replies.
You're right, but my FQDN is "ad.localdomain" (I wasn't very inspired, I put the first thing I thought of that would make people think "local")
I think it's respecting the rules ;)
What have you got it Private reverse DNS servers?
 
I am seeing something strange with Adguard. I uninstalled it and re-installed again but its been running for around 3 hours but when I go to query log, the latest logs on show from around 2.5 hours ago.

Its setup as the only DNS provider in my LAN but not as a caching server.

Tried restarting but still no updated logs. Its bizarre.

I get 100% on https://d3ward.github.io/toolz/adblock.html so I know its working.
 
Last edited:
What have you got it Private reverse DNS servers?
Thanks for your help and sorry for replying late, things are a little bit complicated here.

Here is what I have in "Private reverse DNS servers" in "DNS settings" configuration page:
  • [::]:553
  • [/10.in-addr.arpa/][::]:553
  • [/16.172.in-addr.arpa/][::]:553
  • [/1.16.172.in-addr.arpa/][::]:553 => This was a test, without success
 
I am seeing something strange with Adguard. I uninstalled it and re-installed again but its been running for around 3 hours but when I go to query log, the latest logs on show from around 2.5 hours ago.

Its setup as the only DNS provider in my LAN but not as a caching server.

Tried restarting but still no updated logs. Its bizarre.

I get 100% on https://d3ward.github.io/toolz/adblock.html so I know its working.
How are you able to get 100%?
I only get 93%, which is still very good.
I failed on:
  • Cosmetic Filter
  • Ad Scripts Loading
  • Error Trackers - Sentry - browser.sentry-cdn.com
I would love to know how you achieve this perfect score.
 
he probably has an additional web browser filter.
I agree and maybe the test wasn't done in a Private/Incognito tab, without any extensions (those related to Ads blocking in particular).

But I am still curious because even with a "normal" browser tab, with extensions, I only get 97%.
Was never been able to reach 100%.

i would like to learn something new (if this is the case)
 
Giving Up with ADGaurd thats 5 times is has not been updating the query page.

Initially it works great but then it does this. So switching back to Diversion
 
Please lay out a list of filters with which you get 99-100%
 
Please lay out a list of filters with which you get 99-100%
I checked on three browsers on my PC - Edge, Chrome and Firefox with extensions disabled. https://d3ward.github.io/toolz/adblock.html showed 99% for everyone. In the AGH only the built-in AdGuard DNS filter and AdAway Default Blocklist is on. And i have https://dns.quad9.net/dns-query written as an upstream DNS server in my AGH. Also, I don't know if this matters, but I have AiProtection enabled on my router.
 
Last edited:
Thanks for your help and sorry for replying late, things are a little bit complicated here.

Here is what I have in "Private reverse DNS servers" in "DNS settings" configuration page:
  • [::]:553
  • [/10.in-addr.arpa/][::]:553
  • [/16.172.in-addr.arpa/][::]:553
  • [/1.16.172.in-addr.arpa/][::]:553 => This was a test, without success
Can you share screenshot of your DNS Settings page, preferably full page? Also try running nslookup -debug IP, replace IP with one of the device IP's.
 
Can you share screenshot of your DNS Settings page, preferably full page? Also try running nslookup -debug IP, replace IP with one of the device IP's.
Thanks again to help me, please see attached files (screenshot, and result of "NSLOOKUP -debug" on IP and FQDN)

Note: Screenshot can be saved locally and zoomed. I copied/pasted config and separated it using "Spoilers" to shrink message lenght.

[/router.asus.com/][::]:553
[/www.asusnetwork.net/][::]:553
[/www.asusrouter.com/][::]:553
[/use-application-dns.net/][::]:553
[/dns.resolver.arpa/][::]:553
[/lan/][::]:553
[/ad.localdomain/]172.16.1.1
[//][::]:553
#DNS-over-TLS
tls://dns.adguard-dns.com
tls://dot.libredns.gr
tls://dns.google.com
#DNS-over-HTTPS
#DNS-over-QUIC
quic://dns.adguard-dns.com
quic://ibksturm.synology.me
#IP
94.140.14.14
94.140.15.15
tcp://94.140.14.14
tcp://94.140.15.15
88.198.92.222
tcp://88.198.92.222
8.8.8.8
8.8.4.4
tcp://8.8.8.8
tcp://8.8.4.4

Parallel Requests - ON

Fallback DNS servers - None/Empty

Bootstrap DNS servers
1.1.1.1
8.8.8.8

Private reverse DNS servers
[::]:553
[/10.in-addr.arpa/][::]:553
[/16.172.in-addr.arpa/][::]:553
[/1.16.172.in-addr.arpa/][::]:553 => This was a test, without success

Use private reverse DNS resolvers - On

Enable reverse resolving of clients'ip addresses - On

Rate limit - 20

Enable EDNS client subnet - No

Enable DNSSEC - Yes

Blocking mode - Default

Blocked response TTL - 10

Cache size - 2097152

Override minimum TTL - 1200

Override maximum TTL - 14400

Optimistic caching - Yes

Allowed clients - None/Empty

Disallowed clients - None/Empty

Disallowed domains - version.bind, id.server, hostname.bind
 

Attachments

  • DebugFQDN.txt
    DebugFQDN.txt
    2.9 KB · Views: 40
  • DebugIP.txt
    DebugIP.txt
    2.5 KB · Views: 37
  • Web capture_11-10-2023.jpeg
    Web capture_11-10-2023.jpeg
    22.2 KB · Views: 60
Last edited:
That screenshot is not legible.

Try a copy/paste into a 'code' box like the example below.

Code:
This is a 'code' example.
 
That screenshot is not legible.

Try a copy/paste into a 'code' box like the example below.

Code:
This is a 'code' example.
Thanks for letting me know.
I am going to update my previous post.
 
Thanks again to help me, please see attached files (screenshot, and result of "NSLOOKUP -debug" on IP and FQDN)

Note: Screenshot can be saved locally and zoomed. I copied/pasted config and separated it using "Spoilers" to shrink message lenght.

[/router.asus.com/][::]:553
[/www.asusnetwork.net/][::]:553
[/www.asusrouter.com/][::]:553
[/use-application-dns.net/][::]:553
[/dns.resolver.arpa/][::]:553
[/lan/][::]:553
[/ad.localdomain/]172.16.1.1
[//][::]:553
#DNS-over-TLS
tls://dns.adguard-dns.com
tls://dot.libredns.gr
tls://dns.google.com
#DNS-over-HTTPS
#DNS-over-QUIC
quic://dns.adguard-dns.com
quic://ibksturm.synology.me
#IP
94.140.14.14
94.140.15.15
tcp://94.140.14.14
tcp://94.140.15.15
88.198.92.222
tcp://88.198.92.222
8.8.8.8
8.8.4.4
tcp://8.8.8.8
tcp://8.8.4.4

Parallel Requests - ON

Fallback DNS servers - None/Empty

Bootstrap DNS servers
1.1.1.1
8.8.8.8

Private reverse DNS servers
[::]:553
[/10.in-addr.arpa/][::]:553
[/16.172.in-addr.arpa/][::]:553
[/1.16.172.in-addr.arpa/][::]:553 => This was a test, without success

Use private reverse DNS resolvers - On

Enable reverse resolving of clients'ip addresses - On

Rate limit - 20

Enable EDNS client subnet - No

Enable DNSSEC - Yes

Blocking mode - Default

Blocked response TTL - 10

Cache size - 2097152

Override minimum TTL - 1200

Override maximum TTL - 14400

Optimistic caching - Yes

Allowed clients - None/Empty

Disallowed clients - None/Empty

Disallowed domains - version.bind, id.server, hostname.bind
Can you compare your/etc/dnsmasq.conf with & without AgH disabled? Maybe paste both here if possible.
 
It has been suggested on another recent thread of mine that if I wanted to use AdGuard on my router, the best way would be to install the script on amtm. If I decide to give it a go, I need to make sure I don't mess things up, so my question from the other thread is, "Is there a simple beginners' guide about how to set it up and also, how to return things to how they were before installation (in the event of a change of mind about using it)? Also, if I understand correctly, the 128GB Samsung flash drive that I currently have connected to my router would not be suitable for running AdGuard - is that correct?" Currently, I am using Cloudflare as my DNS resolver. I have all my network devices on static IPs to enable me to backup them and any custom icons using YazDHCP. I also have one guest network set up on the 2.4 GHz band for my Honeywell Evohome radiator themostats controller and I have WireGuard VPN server with one client active and another to be added soon. DNS Director is switched on and the global setting is set to "router". I'm not sure how much of this is relevant, but I thought I ought to mention it, just in case.
 
It has been suggested on another recent thread of mine that if I wanted to use AdGuard on my router, the best way would be to install the script on amtm. If I decide to give it a go, I need to make sure I don't mess things up, so my question from the other thread is, "Is there a simple beginners' guide about how to set it up and also, how to return things to how they were before installation (in the event of a change of mind about using it)? Also, if I understand correctly, the 128GB Samsung flash drive that I currently have connected to my router would not be suitable for running AdGuard - is that correct?" Currently, I am using Cloudflare as my DNS resolver. I have all my network devices on static IPs to enable me to backup them and any custom icons using YazDHCP. I also have one guest network set up on the 2.4 GHz band for my Honeywell Evohome radiator themostats controller and I have WireGuard VPN server with one client active and another to be added soon. DNS Director is switched on and the global setting is set to "router". I'm not sure how much of this is relevant, but I thought I ought to mention it, just in case.
If you are happy with the way things are, and are not ready to get your feet wet, then I would tell you to leave things the way you have it. There are no special consideration scenarios that have been accounted for when it comes to using WireGuard. You would be adventuring in untested waters in this regard. You have to know how to configure it for adjacency to your setup. Some people have "played" with adapting it to their wireguard setups, but I am not one of those people unfortunately. As for "setting it up", all considerations have been made for the "typical" router dns service scenario. Once you install AdGuardHome, you would only need to configure your DNS settings from the AdGuardHome WebUI (no longer configure settings from the routers DNS Gui). Your YazDHCP will remain the same with all its ICONS and static leases. The only thing you should need to do after First install is selecting which block lists you desire and choosing what DNS upstream providers you would like to use in AdGuardHome webui. You may see some default entries inside the AdGuardHome Upstream section that look like this.

Code:
[/router.asus.com/][::]:553
[/www.asusnetwork.net/][::]:553
[/www.asusrouter.com/][::]:553
[/use-application-dns.net/][::]:553
[/dns.resolver.arpa/][::]:553
[/lan/][::]:553
[//][::]:553

You would want to leave those alone because they are configured to your Routers local network request for identifying your network clients.

You would add what dns servers you want to use below this.

example,

Code:
[/router.asus.com/][::]:553
[/www.asusnetwork.net/][::]:553
[/www.asusrouter.com/][::]:553
[/use-application-dns.net/][::]:553
[/dns.resolver.arpa/][::]:553
[/lan/][::]:553
[//][::]:553
#DNS-over-TLS
tls://dns.adguard-dns.com
tls://dot.libredns.gr
tls://dns.google.com
#DNS-over-HTTPS
https://dns.adguard-dns.com/dns-query
https://doh.libredns.gr/ads
https://dns.google/dns-query
#DNS-over-QUIC
quic://dns.adguard-dns.com

Obviously since you have been using cloudflare, you may want to change those encrypted addresses to cloudflare ones.
 
Last edited:
Before you do anything, follow the steps in the link below. If things go south, then simply do a full reset, then restore the backup you made (today). This will get you back to where you are now, in the shortest possible time frame.

 
Can you compare your/etc/dnsmasq.conf with & without AgH disabled? Maybe paste both here if possible.
I really hope "AgH disabled" means protection disabled and not to remove AgH.
Here is the content of /etc/dnsmasq.conf

pid-file=/var/run/dnsmasq.pid
user=nobody
bind-dynamic
interface=br0
interface=pptp*
no-dhcp-interface=pptp*
no-resolv
servers-file=/tmp/resolv.dnsmasq
no-poll
no-negcache
cache-size=1500
min-port=4096
domain=ad.localdomain
expand-hosts
bogus-priv
domain-needed
local=/ad.localdomain/
dhcp-range=lan,172.16.1.100,172.16.1.250,255.255.255.0,86400s
dhcp-option=lan,3,172.16.1.1
dhcp-option=lan,15,ad.localdomain
dhcp-option=lan,252,"\n"
dhcp-authoritative
interface=br1
dhcp-range=br1,192.168.101.2,192.168.101.254,255.255.255.0,86400s
dhcp-option=br1,3,192.168.101.1
interface=br2
dhcp-range=br2,192.168.102.2,192.168.102.254,255.255.255.0,86400s
dhcp-option=br2,3,192.168.102.1
dhcp-host=00:1B:21:46:0C:1E,set:00:1B:21:46:0C:1E,N4200ECO,172.16.1.4
quiet-dhcp
quiet-dhcp6
trust-anchor=.,20326,8,2,E06D44B80B8F1D39A95C0B0D7C65D08458E880409BBC683457104237C7F8EC8D
dnssec
stop-dns-rebind
rebind-domain-ok=dns.msftncsi.com
address=/use-application-dns.net/
address=/_dns.resolver.arpa/
dhcp-name-match=set:wpad-ignore,wpad
dhcp-ignore-names=tag:wpad-ignore
dhcp-script=/sbin/dhcpc_lease
script-arp
edns-packet-max=1232
ipset=/iplists.firehol.org/ipdeny.com/ipapi.co/api.db-ip.com/api.bgpview.io/asn.ipinfo.app/speedguide.net/otx.alienvault.com/github.com/raw.githubusercontent.com/astrill.com/strongpath.net/snbforums.com/bin.entware.net/nwsrv-ns1.asus.com/time.chu.nrc.ca/ca.pool.ntp.org/Skynet-WhitelistDomains # Skynet
port=553
local=/16.172.in-addr.arpa/
local=/10.in-addr.arpa/
local=//
dhcp-option=lan,6,0.0.0.0
dhcp-option=br1,6,192.168.101.1
dhcp-option=br2,6,192.168.102.1

pid-file=/var/run/dnsmasq.pid
user=nobody
bind-dynamic
interface=br0
interface=pptp*
no-dhcp-interface=pptp*
no-resolv
servers-file=/tmp/resolv.dnsmasq
no-poll
no-negcache
cache-size=1500
min-port=4096
domain=ad.localdomain
expand-hosts
bogus-priv
domain-needed
local=/ad.localdomain/
dhcp-range=lan,172.16.1.100,172.16.1.250,255.255.255.0,86400s
dhcp-option=lan,3,172.16.1.1
dhcp-option=lan,15,ad.localdomain
dhcp-option=lan,252,"\n"
dhcp-authoritative
interface=br1
dhcp-range=br1,192.168.101.2,192.168.101.254,255.255.255.0,86400s
dhcp-option=br1,3,192.168.101.1
interface=br2
dhcp-range=br2,192.168.102.2,192.168.102.254,255.255.255.0,86400s
dhcp-option=br2,3,192.168.102.1
dhcp-host=00:1B:21:46:0C:1E,set:00:1B:21:46:0C:1E,N4200ECO,172.16.1.4
quiet-dhcp
quiet-dhcp6
trust-anchor=.,20326,8,2,E06D44B80B8F1D39A95C0B0D7C65D08458E880409BBC683457104237C7F8EC8D
dnssec
stop-dns-rebind
rebind-domain-ok=dns.msftncsi.com
address=/use-application-dns.net/
address=/_dns.resolver.arpa/
dhcp-name-match=set:wpad-ignore,wpad
dhcp-ignore-names=tag:wpad-ignore
dhcp-script=/sbin/dhcpc_lease
script-arp
edns-packet-max=1232
ipset=/iplists.firehol.org/ipdeny.com/ipapi.co/api.db-ip.com/api.bgpview.io/asn.ipinfo.app/speedguide.net/otx.alienvault.com/github.com/raw.githubusercontent.com/astrill.com/strongpath.net/snbforums.com/bin.entware.net/nwsrv-ns1.asus.com/time.chu.nrc.ca/ca.pool.ntp.org/Skynet-WhitelistDomains # Skynet
port=553
local=/16.172.in-addr.arpa/
local=/10.in-addr.arpa/
local=//
dhcp-option=lan,6,0.0.0.0
dhcp-option=br1,6,192.168.101.1
dhcp-option=br2,6,192.168.102.1

I can't see any difference, but maybe you have better eyes (and a better brain) than mine ;)
 
Thanks again to help me, please see attached files (screenshot, and result of "NSLOOKUP -debug" on IP and FQDN)

Note: Screenshot can be saved locally and zoomed. I copied/pasted config and separated it using "Spoilers" to shrink message lenght.

[/router.asus.com/][::]:553
[/www.asusnetwork.net/][::]:553
[/www.asusrouter.com/][::]:553
[/use-application-dns.net/][::]:553
[/dns.resolver.arpa/][::]:553
[/lan/][::]:553
[/ad.localdomain/]172.16.1.1
[//][::]:553
#DNS-over-TLS
tls://dns.adguard-dns.com
tls://dot.libredns.gr
tls://dns.google.com
#DNS-over-HTTPS
#DNS-over-QUIC
quic://dns.adguard-dns.com
quic://ibksturm.synology.me
#IP
94.140.14.14
94.140.15.15
tcp://94.140.14.14
tcp://94.140.15.15
88.198.92.222
tcp://88.198.92.222
8.8.8.8
8.8.4.4
tcp://8.8.8.8
tcp://8.8.4.4

Parallel Requests - ON

Fallback DNS servers - None/Empty

Bootstrap DNS servers
1.1.1.1
8.8.8.8

Private reverse DNS servers
[::]:553
[/10.in-addr.arpa/][::]:553
[/16.172.in-addr.arpa/][::]:553
[/1.16.172.in-addr.arpa/][::]:553 => This was a test, without success

Use private reverse DNS resolvers - On

Enable reverse resolving of clients'ip addresses - On

Rate limit - 20

Enable EDNS client subnet - No

Enable DNSSEC - Yes

Blocking mode - Default

Blocked response TTL - 10

Cache size - 2097152

Override minimum TTL - 1200

Override maximum TTL - 14400

Optimistic caching - Yes

Allowed clients - None/Empty

Disallowed clients - None/Empty

Disallowed domains - version.bind, id.server, hostname.bind
You should try changing

Code:
[/router.asus.com/][::]:553
[/www.asusnetwork.net/][::]:553
[/www.asusrouter.com/][::]:553
[/use-application-dns.net/][::]:553
[/dns.resolver.arpa/][::]:553
[/lan/][::]:553
[/ad.localdomain/]172.16.1.1
[//][::]:553

of your upstream to.

Code:
[/router.asus.com/][::]:553
[/www.asusnetwork.net/][::]:553
[/www.asusrouter.com/][::]:553
[/use-application-dns.net/][::]:553
[/dns.resolver.arpa/][::]:553
[/lan/][::]:553
[/ad.localdomain/][::]:553
[//][::]:553
should solve your issue.

And your Private reverse DNS servers section should be :
Code:
[::]:553
[/10.in-addr.arpa/][::]:553
[/16.172.in-addr.arpa/][::]:553

not

Code:
Private reverse DNS servers
[::]:553
[/10.in-addr.arpa/][::]:553
[/16.172.in-addr.arpa/][::]:553
[/1.16.172.in-addr.arpa/][::]:553 => This was a test, without success

[/16.172.in-addr.arpa/][::]:553 already covers [/1.16.172.in-addr.arpa/][::]:553 that is why your test for it failed. It is like having a duplicate entry.
 
Status
Not open for further replies.

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Staff online

Back
Top