AdGuardHome [RELEASE] Asuswrt-Merlin-AdGuardHome-Installer (AMAGHI)

[SomeWhereOverTheRainBow]

I gave second try and reinstall Adguard Home and got new upstream servers entries. All my devices now working properly.

[/use-application-dns.net/]192.168.1.1:553
[/dns.resolver.arpa/]192.168.1.1:553
9.9.9.9
8.8.8.8

Awesome! I have been ahella patching it as I find new things that make it work better! for me, this started out as a simple tutorial so the tinkers could tinker, but It seems to have turned into mostly me doing the tinkering. I hope it works well for you. Feel free to drop any feedback; though I am not turning this into a feature packed installer because all the features belong with adguardhome at the users finger tips, I will however take initial setup suggestions that make adguardhome work better with asuswrt-merlin. (and merlin-addons if and when applicable.)

 

[minhgi]

Awesome! I have been ahella patching it as I find new things that make it work better! for me, this started out as a simple tutorial so the tinkers could tinker, but It seems to have turned into mostly me doing the tinkering. I hope it works well for you. Feel free to drop any feedback; though I am not turning this into a feature packed installer because all the features belong with adguardhome at the users finger tips, I will however take initial setup suggestions that make adguardhome work better with asuswrt-merlin. (and merlin-addons if and when applicable.)

No problem. I'm also tickering and learning as I go. My understanding from noob point of view is AdguardHome is acting as the locah DNS provider and adding Unbound as an upstream DNS provider. If I want to enble DOT/DOH/DOQ, it need to by done by unbound level since it would be the forwarding / upstream dns provider.

I enable DoT, in unbound advance manager, and seem to working nicely. Apppreciate the inital installer for AdguardHome.

 

[Jacob]

Rainbow got a couple of questions for you.

1- wouldnt this ( [/use-application-dns.net/]192.168.1.1:553) allow apps to select their own dns servers hence bypassing adguard (whats the point then ? ).

2- I dont know if you play online games but none of my games can connect (battle.net, steam works but games cant connect to their servers) dont know if if just me or if it happens to others as well. ( i think ips are being blocked)

3- there seems to be an issue with AGH clock as it desyncs itself from the router a few minutes after being setup. Also when that happens all of the blocking lists stop working for a while or until a router reboot. (router has 7:30 pm; adguard has 12:30 am)

 

[SomeWhereOverTheRainBow]

Rainbow got a couple of questions for you.

1- wouldnt this ( [/use-application-dns.net/]192.168.1.1:553) allow apps to select their own dns servers hence bypassing adguard (whats the point then ? ).

2- I dont know if you play online games but none of my games can connect (battle.net, steam works but games cant connect to their servers) dont know if if just me or if it happens to others as well. ( i think ips are being blocked)

3- there seems to be an issue with AGH clock as it desyncs itself from the router a few minutes after being setup. Also when that happens all of the blocking lists stop working for a while or until a router reboot. (router has 7:30 pm; adguard has 12:30 am)

answer to number 1) since merlin already has a segment in dnsmasq for /use-application-dns.net/, I forward to dnsmasq to allow dnsmasq to handle the request (DNSmasq then appropriately blocks the request, if i did not forward it to dnsmasq, then devices browsers that rely on that can circumvent adguardhome) .
answer to number 2) Battle net works fine if you whitelist any servers being blocked. ( this is on the users end to figure out.)
answer to number 3) I am not noticing any time disparity in mine, Maybe your router clock is falling off sync have you investigated your routers time? (think, does your router have the correct timezone set on the administration page?).

 

[Jacob]

answer to number 1) since merlin already has a segment in dnsmasq for /use-application-dns.net/, I forward to dnsmasq to allow dnsmasq to handle the request (DNSmasq then appropriately blocks the request, if i did not forward it to dnsmasq, then devices browsers that rely on that can circumvent adguardhome) .
answer to number 2) Battle net works fine if you whitelist any servers being blocked. ( this is on the users end to figure out.)
answer to number 3) I am not noticing any time disparity in mine, Maybe your router clock is falling off sync have you investigated your routers time?

Strange , now the clock is back in sync. Yes the router's clock is always on point, but adguard desyncs. I tried allowing cidr(s) in the allowed clients but no dice (maybe wrong place to allow ips? )

 

[SomeWhereOverTheRainBow]

Strange , now the clock is back in sync. Yes the router's clock is always on point, but adguard desyncs. I tried allowing cidr(s) in the allowed clients but no dice (maybe wrong place to allow ips? )

Yea I am not sure either. I am able to play my diablo 3 just fine.

Here is my allowlist

https://raw.githubusercontent.com/jumpsmm7/GeneratedAdblock/master/Allowed.list

 

[minhgi]

Had anyone noticed that youtube ads being blocked. My shield TV youtube videos froze and I reboot it. After that, I tested with 2 dozen video and not a single ads show up. I confirmed that on all my tablets and smart tvs. Wonder if that done by adguard or diversion?

 

[SomeWhereOverTheRainBow]

Had anyone noticed that youtube ads being blocked. My shield TV youtube videos froze and I reboot it. After that, I tested with 2 dozen video and not a single ads show up. I confirmed that on all my tablets and smart tvs. Wonder if that done by adguard or diversion?

if you have any Adguard browser extensions then that is probably why

 

[minhgi]

Nope. This was tested on my iPad and android tablet and Samsung smart TV and nvidia shield.

 

[Jacob]

Yea I am not sure either. I am able to play my diablo 3 just fine.

Here is my allowlist

https://raw.githubusercontent.com/jumpsmm7/GeneratedAdblock/master/Allowed.list

thanks for the list, but no thanks. lol

 

[Jacob]

Had anyone noticed that youtube ads being blocked. My shield TV youtube videos froze and I reboot it. After that, I tested with 2 dozen video and not a single ads show up. I confirmed that on all my tablets and smart tvs. Wonder if that done by adguard or diversion?

Hoooraaayyyy

 

[Jacob]

Yea I am not sure either. I am able to play my diablo 3 just fine.

Here is my allowlist

https://raw.githubusercontent.com/jumpsmm7/GeneratedAdblock/master/Allowed.list

i think that adguard is blocking all ips on the network since i also run peerblock and when agh is on all ip traffic stops. i just whitelisted battle.net and still getting blocked.

 

[Jacob]

i think that adguard is blocking all ips on the network since i also run peerblock and when agh is on all ip traffic stops. i just whitelisted battle.net and still getting blocked.

confirmed. cant ping 1.1.1.1/8.8.8.8/9.9.9.9 or any other ip while adguard is on. if i disable agh then im able to ping.

 

[SomeWhereOverTheRainBow]

confirmed. cant ping 1.1.1.1/8.8.8.8/9.9.9.9 or any other ip while adguard is on. if i disable agh then im able to ping.

strange behavior you are having. must be something specific to your router or the way you have it setup. I am not exhibiting any of these issues you are experiencing. Maybe adguardhome as dhcp doesn't agree with the dns settings used by the installer. the installer places AdGuardHome there as if you are using it for DNS only.

 

[minhgi]

I'm cần ping from my android tablet and adguard is up.

 

[Jacob]

strange behavior you are having. must be something specific to your router or the way you have it setup. I am not exhibiting any of these issues you are experiencing.

i'm completely lost here. i got the dhcp server thing fixed. dont know what else...........

 

[RMerlin]

@RMerlin did you change anything in the code for how DHCP is handled. on 386.3 I don't see a line for DNS advertisement for ipv4 inside dnsmasq when router is set to advertise itself as DNS and dhcp dns 1 and 2 are left blank. On 386.4 , it throws in the

dhcp-option=lan,6,0.0.0.0

for dns.

This seems to oddly change the behavior of DNSMASQ, epecially if the port is changed to allow another DNS server to occupy port 53.

I haven't changed that code since September 2017. So if there is any change, it would be in dnsmasq itself.

 

[SomeWhereOverTheRainBow]

I haven't changed that code since September 2017. So if there is any change, it would be in dnsmasq itself.

One caveat for dnsmasq not listening on 53 is that

dhcp-option=lan,6,0.0.0.0

(Or 192.168.1.1) Has to be added to tell clients to listen to the dnsmasq host address. If dnsmasq is listening on port 53, this line isn't needed.

 

[RMerlin]

One caveat for dnsmasq not listening on 53 is that

dhcp-option=lan,6,0.0.0.0

(Or 192.168.1.1) Has to be added to tell clients to listen to the dnsmasq host address. If dnsmasq is listening on port 53, this line isn't needed.

It generally makes little sense for DHCP to advertise the router's IP address as DNS server if it's not running on a standard port, meaning every single DHCP clients would need special configuration anyway. It's possible dnsmasq changed that between 2.84 and 2.86. You'd have to look at their changes between these versions, or ask them on the mailing list.

 

[SomeWhereOverTheRainBow]

It generally makes little sense for DHCP to advertise the router's IP address as DNS server if it's not running on a standard port, meaning every single DHCP clients would need special configuration anyway. It's possible dnsmasq changed that between 2.84 and 2.86. You'd have to look at their changes between these versions, or ask them on the mailing list.

I am fine with dnsmasq advertising the router as dns, because the adguardhome server is set to pick up the request on port 53. All I know is by adding the line everything works fine. So I am leaving well enough alone.