What's new
By:

How to add AdGuard DNS via TLS

Terepin

Terepin

Regular Contributor
1773751986883.png

This GUI is very confusing, because I can add it via DNS server setting, but the TLS setting is optional and can coexist with the regular DNS. So, how to do it properly?
 
DNS Server field is the DNS server router's system will use, it's should be set to a reliable one.
It is used for time sync, DDNS and few other things.
So setting AdGuard's DoT server details in the DoT list is the way.

As far as I can tell it works like this:

WAN->DoT is disabled, no custom servers set in LAN->DHCP:
Router will advertise itself as DNS server and forward all DNS queries to servers set in WAN->DNS Server

WAN->DoT is disabled, custom servers are set in LAN->DHCP:
Router will advertise DNS servers specified in LAN->DHCP

WAN->DoT is enabled, no custom servers set in LAN->DHCP:
Router will advertise itself as DNS server and forward all DNS queries to servers set in WAN->DNS-over-TLS servers through Stubby
If servers set on that list are not IP addresses then they will first be resolved to IPs using a DNS server set in WAN->DNS Server

WAN->DoT is enabled, custom servers are set in LAN->DHCP:
Router will advertise DNS servers specified in LAN->DHCP
While Stubby is configured and launched in this case - the clients will never know about it
 
Last edited:
Terepin said:
So, how to do it properly?
Click to expand...

1773757160620.png


AdGuard Public DNS (DoT)
AdGuard Public DNS Setup
AdGuard Status
DNS Check

As I understand it, the DNS Server setting applies initially during boot until DoT takes over.

Last I knew, DoT interferes with initial Wyze cam setup, so I disable DoT (DNS Privacy Protocol none), complete the cam setup, and then re-enable DoT.

It's all very easy and a relief from ads and potential malvertising.

The AdGuard knowledgebase implies malicious website/URL blocking as is done by Cloudflare or Quad9, but I found the kb to be inconclusive on this point. AiProtection hits dropped to zero here after implementing AdGuard Public DNS, suggesting all past AiP activity was ad-related (looked like it).

Other DNSPs
1.1.1.2, 1.0.0.2, security.cloudflare-dns.com
9.9.9.9, 149.112.112.112, dns.quad9.net

The above information is adapted from my signature below. :)

OE
 
Last edited:
I'd say so although I'm no expert with that DNS Check tool. Are the ads on this site being blocked?

OE
 
You must log in or register to reply here.

Similar threads

A
ASUS ax58u lan routing to wan or vpn
Replies
0
Views
376
Aidancov1
A
T
RT-AX82U DNS OVER TLS
2
Replies
24
Views
2K
Treadler
Treadler
randomName
DNS server assignment local & router
Replies
4
Views
582
bbunge
B
S
DNS Director only partially redirecting hardcoded DNS (Pi-hole setup) – mixed Google/Cloudflare results
Replies
14
Views
975
kd4e
K
B
Tutorial Pi-Hole for both LAN clients and Guest Network (VLAN) clients
Replies
0
Views
2K
bbunge
B
Similar threads
Thread starter Title Forum Replies Date
OzarkEdge What am I doing if I block Google public DNS? ASUS Wi-Fi 24
A ZenWiFi Pro ET12 dns change problem ASUS Wi-Fi 6
sl4fko DNS servers in WAN ASUS Wi-Fi 2
U Custom IPv6 DNS in Router Advertisements ASUS Wi-Fi 7
O Instant guard DNS ASUS Wi-Fi 2
B Control D DNS and possible DNS-rebind attacks ASUS Wi-Fi 23

Similar threads

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Staff online

Members online

Total: 4,641 (members: 15, guests: 4,626)
Back
Top