AdGuardHome [RELEASE] Asuswrt-Merlin-AdGuardHome-Installer (AMAGHI)

[SomeWhereOverTheRainBow]

When using this should we turn on "Wan: Use local caching DNS server as system resolver (default: No)" in tools?

No because adguardhome manager does the same but allows the router time to set before it kicks in. Where the other method seems to draw out the boot process. However if you turn the router implementation on, it instructs adguardhome manager not to try to control the process. It will allow the router to manage it instead.

 

[birdie]

Is the memory leakage issue fixed? Can someone please confirm before I reinstall AGH on my router?

 

[SomeWhereOverTheRainBow]

Is the memory leakage issue fixed? Can someone please confirm before I reinstall AGH on my router?

I haven't noticed an actual memory leak. The only thing I can confirm happens is that the memory usage rises when the list updates daily, but it doesn't seem to rise passed the first initial increase. Make sure you are using atleast a 2gb swap so other process's that run stale are properly swapped out of the active memory. I am still waiting for more information gathered from @ERamseth2 . Last I heard he was checking out the memory usage over the span of a few days. I currently don't yet know the status of his findings.

 

[SomeWhereOverTheRainBow]

Thanks for your quick answer!

If I understand correctly:
- Unbound replaces the Google or Cloudflared Dns provider in order to avoid DNS leak and maybe improve overall DNS response and stability
- Adguard is a DNS filter and can be linked to the Ubound install instead of Google or Cloudflare so that it uses local resolving stuff

If you send all traffic to Adguard, how can it leak to the ISP since you add upstream DNS resolvers? Unless some traffic is still router to ISP ?

Even though unbound is strictly used by clients, when you introduce adguardhome in the middle, it will read from the entries of whatever is in /etc/resolv.conf. in most cases this is your ISP dns servers listed as nameservers, unless you have chosen like 1.1.1.1 on wan dns 1 and wan dns 2. It creates the potential for adguardhome to leak your private lookups back to your ISP since it considers the entries of /etc/resolv.conf to be private reverse servers, which would skip your unbound and dnsmasq dhcp implementations all together.)

Here is a map of your request with just DNSMASQ and UNBOUND

/etc/resolv.conf (for non local lookups a.k.a router)
^
|
|
|
DNSMASQ----------->UNBOUND


here is is with adguardhome + unbound


DNSMASQ (moved to port 553) (reverse lookups are kept local when sent here by use of local= lines)
^
|
|
|
AdGuardHome (reads /etc/resolv.conf for private reverse servers) ------------------> Unbound for upstream
|
|
|
V
/etc/resolv.conf (usually ISP or WAN DNS is placed here as name servers and this typically deals with the routers own traffic like with dnsmasq.)


The real problem comes in when your Adguardhome server cannot determine a clients hostname, it will revert to using whois in an attempt to identify the device from your ISP servers listed in /etc/resolv.conf


Some users may consider this all arbitrary, which in an ideal situation it could be considered arbitrary. But if you are truely concerned about what you keep private, then where do you draw the line at?

That is why I atleast want to give users a choice on the matter.

 

[birdie]

I haven't noticed an actual memory leak. The only thing I can confirm happens is that the memory usage rises when the list updates dayly, but it doesn't seem to rise passed the first initial increase. Make sure you are using atleast a 2gb swap so other process's that run stale are properly swapped out of the active memory.

I saw a message earlier about --no-mem-optimization to counter memory leak:

AdGuardHome - AdGuardHome Memory Usage Analysis

Analyzing memory usage of AGH to determine if there is a memory leak. AGH parameters: using oisd dbl blocklist mmotti filters imported into custom filters area (I see no need to have these pulled in regularly from github) a few extra filter entries to allow a few apps to work Upstream DoT and...

www.snbforums.com

I had 2GB swap enabled but entware and AGH corrupted for some reason. I couldn't uninstall them so had to reset router and start everything from scratch. It happened after AGH update.

 

[SomeWhereOverTheRainBow]

I saw a message earlier about --no-mem-optimization to counter memory leak:

AdGuardHome - AdGuardHome Memory Usage Analysis

Analyzing memory usage of AGH to determine if there is a memory leak. AGH parameters: using oisd dbl blocklist mmotti filters imported into custom filters area (I see no need to have these pulled in regularly from github) a few extra filter entries to allow a few apps to work Upstream DoT and...

www.snbforums.com

I had 2GB swap enabled but entware and AGH corrupted for some reason. I couldn't uninstall them so had to reset router and start everything from scratch. It happened after AGH update.

What size flash and type of storage were you using? Flash memory simply goes corrupt after a certain number of writes. Storage corruption doesn't always correlate to ram usage as the memory usage analysis is about.

 

[Ellenswamy]

I saw a message earlier about --no-mem-optimization to counter memory leak:

AdGuardHome - AdGuardHome Memory Usage Analysis

Analyzing memory usage of AGH to determine if there is a memory leak. AGH parameters: using oisd dbl blocklist mmotti filters imported into custom filters area (I see no need to have these pulled in regularly from github) a few extra filter entries to allow a few apps to work Upstream DoT and...

www.snbforums.com

I had 2GB swap enabled but entware and AGH corrupted for some reason. I couldn't uninstall them so had to reset router and start everything from scratch. It happened after AGH update.

I had an issue with it not being corrupted, but I had to unplug my flash drive to fix some issues. I formatted Jff partition and redid my usb and everything works well again

 

[SomeWhereOverTheRainBow]

I saw a message earlier about --no-mem-optimization to counter memory leak:

AdGuardHome - AdGuardHome Memory Usage Analysis

Analyzing memory usage of AGH to determine if there is a memory leak. AGH parameters: using oisd dbl blocklist mmotti filters imported into custom filters area (I see no need to have these pulled in regularly from github) a few extra filter entries to allow a few apps to work Upstream DoT and...

www.snbforums.com

I had 2GB swap enabled but entware and AGH corrupted for some reason. I couldn't uninstall them so had to reset router and start everything from scratch. It happened after AGH update.

I had an issue with it not being corrupted, but I had to unplug my flash drive to fix some issues. I formatted Jff partition and redid my usb and everything works well again

Yea as far as I am concerned, at the moment I have had no issues on my test routers with running adguardhome using the default settings. No memory usage issues per-say. However, when I run adguardhome on the same router I run both my transmissionbt and nginx web proxy, I do get a huge jump in memory usage on list updates , but I can't blame that totally on AdGuardHome because it wouldn't be a fair assessment of its capabilities. That particular router idles at 80 to 85 % memory usage without adguardhome running, and after running several days it varies from 75 to 80. I am able to run adguardhome on it using OISD block list at about 93% memory usage with my modified cache size entries, after running a few days it drops down to about 88~89 percent usage.

 

[wizin]

So I used my adgaurd lifetime license user/pass, this is like free version? or the user/pass matters

 

[gspannu]

So I used my adgaurd lifetime license user/pass, this is like free version? or the user/pass matters

AdGuard Home is a different product to the AdGuard DNS or AdGuard VPN available online.

The username / password you specify while installing AGH has no co-relation to any other AdGuard online product.
AGH is an open source program that is free and available to install on your own machines.
Read up on the AGH website and also on GitHub.

 

[chongnt]

It has a lock symbol next to the query.

See the green lock after use port 53535 in upstream DNS which goes to unbound directly. It does not work when I set the upstream DNS to port 553 which goes to dnsmasq first before unbound.

A side question. My network is 192.168.1.x, whatever that goes through AGH and send to dnsmasq has its source ip logged as 192.168.1.1. I lost visibility of exact host sending the request in dnsmasq logging. I reverse the order and keep port 53 to dnsmasq and send to AGH listening on another port. Now AGH see everything coming from 127.0.0.1. I guess this is how it works. Is there any way to preserve the source ip in both AGH and dnsmasq log?
The other day I had a bit of tough time going through AGH query log, having to keep press the refresh button to find out which domain to whitelist. Perhaps I am so used to diversion way of follow the dnsmasq log.

 

[wizin]

AdGuard Home is a different product to the AdGuard DNS or AdGuard VPN available online.

The username / password you specify while installing AGH has no co-relation to any other AdGuard online product.
AGH is an open source program that is free and available to install on your own machines.
Read up on the AGH website and also on GitHub.

Tx, so I set this up on my router and also have the paid version installed on PC - is that an issue?

 

[johndoe85]

Tx, so I set this up on my router and also have the paid version installed on PC - is that an issue?

No, the version on the router cannot block youtube ads though. And the version on the router block ads for the whole network while your PC does not.

EDIT: While you unblock something on your PC and expect it to work, it might still be blocked on the router. So keep this in mind. Other than that it will not conflict.

 

[SomeWhereOverTheRainBow]

See the green lock after use port 53535 in upstream DNS which goes to unbound directly. It does not work when I set the upstream DNS to port 553 which goes to dnsmasq first before unbound.

A side question. My network is 192.168.1.x, whatever that goes through AGH and send to dnsmasq has its source ip logged as 192.168.1.1. I lost visibility of exact host sending the request in dnsmasq logging. I reverse the order and keep port 53 to dnsmasq and send to AGH listening on another port. Now AGH see everything coming from 127.0.0.1. I guess this is how it works. Is there any way to preserve the source ip in both AGH and dnsmasq log?
The other day I had a bit of tough time going through AGH query log, having to keep press the refresh button to find out which domain to whitelist. Perhaps I am so used to diversion way of follow the dnsmasq log.

Yea I recommend using adguard to unbound, don't try using adguard to dnsmasq to get to unbound, that is too much go between. The only thing we want to use dnsmasq for is handling private client reverse lookups such as ptr request for lan devices and such.

You should be able to look at specific request done by individual clients in the query log, if you filter by client.

 

[wizin]

No, the version on the router cannot block youtube ads though. And the version on the router block ads for the whole network while your PC does not.

EDIT: While you unblock something on your PC and expect it to work, it might still be blocked on the router. So keep this in mind. Other than that it will not conflict.

Thanks, I use Youtube Premum anyway

 

[ERamseth2]

I haven't noticed an actual memory leak. The only thing I can confirm happens is that the memory usage rises when the list updates daily, but it doesn't seem to rise passed the first initial increase. Make sure you are using atleast a 2gb swap so other process's that run stale are properly swapped out of the active memory. I am still waiting for more information gathered from @ERamseth2 . Last I heard he was checking out the memory usage over the span of a few days. I currently don't yet know the status of his findings.

I will do a write up sometime this week on a the 48-hr test.

The summary is that AdGuardHome mem usage goes up after a few filter list updates, but doesn't continue to grow. the --no-mem-optimization only seems to change the timing of the increases, not the total usage.

You definitely do want swap on (good practice in any scenario to prevent out of memory situations).

 

[ERamseth2]

I had an issue with it not being corrupted, but I had to unplug my flash drive to fix some issues. I formatted Jff partition and redid my usb and everything works well again

This actually could be the drive starting to fail.

I mentioned this elsewhere, but I have always had good luck with the Samsung brand USB flash drives. Other than that I would only trust one of the high endurance microsdhc cards inside of a good reader or a usb connected external SSD.

 

[chongnt]

Yea I recommend using adguard to unbound, don't try using adguard to dnsmasq to get to unbound, that is too much go between. The only thing we want to use dnsmasq for is handling private client reverse lookups such as ptr request for lan devices and such.

You should be able to look at specific request done by individual clients in the query log, if you filter by client.

Now I remember why I put dnsmasq in between. It is for ipset so that my streaming bypass VPN and go to WAN.

 

[Ellenswamy]

This actually could be the drive starting to fail.

I mentioned this elsewhere, but I have always had good luck with the Samsung brand USB flash drives. Other than that I would only trust one of the high endurance microsdhc cards inside of a good reader or a usb connected external SSD.

It was odd. The flash drive is brand new, once I reformat it and the jff parition and rebuilt everything has been working fine with no issues.

 

[SomeWhereOverTheRainBow]

Now I remember why I put dnsmasq in between. It is for ipset so that my streaming bypass VPN and go to WAN.

Hey if it works for you. Adguardhome supports ipset as well inside the .yaml file. Maybe you should explore that if you get the time. It is right under max go routines.

  max_goroutines: 300
  ipset: []