AdGuardHome Run AdGuard Home in AP mode? (Bypass check?)

[CB7]

Hi,

Sorry if its been asked before, but the search term "router mode" understandably results in such a lengthy output that it's not quite possible to sift through it and Google... Well... Nvm.

Q: is there a way to run this on a router in AP mode rather than in router mode? I figured I want a 2nd DNS server to a.) reduce load on the modem edge router, b.) failover (including when the instance on modem the edge router is updating lists for example.), c.) improve/decrease response time.
So I figured I'd just put it on the 2nd access point (AX3000v2), but it refuses to install in AP mode. I suppose I can guess why that is (the AdGuard features beyond just DNS), but in this case all it has to do is respond to DNS queries on the AP's static IP; exactly like running it on a Raspberry Pi or a VM or something.

Is there a way to bypass this or am i SOL with the wish of running it on the 2nd AP?
I understand that features like DHCP wouldn't be available/wouldn't work even if activated, but all I'm trying to achieve is run it as a 2nd resolver.

Setup would be:
- AX3000v2 in router mode (modem edge router) runs standard DHCP server, tells all clients to use itself *and* the AP as DNS servers.
- AX3000v2 in router mode (modem edge router) will use DNS Director to force all queries to go to those two.
- AX3000v2 in AP mode only acts as a secondary/fallback DNS server, it doesn't touch routing nor DHCP; just responds with the actual IP or 0.0.0.0 if blocklist entry is encountered.

Any chance this can be done? (And understand that the other features will not function.)

-edit- fixed incorrect nomenclature for clarity

 

[ColinTaylor]

Just to be clear, you're talking about an AX3000 V2 which is a router not a modem.

FYI DNS Director forces queries to go to a single DNS server. It cannot send the queries to two servers.

 

[Tech9]

I figured I want a 2nd DNS server to a.) reduce load on the modem, b.) failover (including when the instance on modem is updating lists for example.), c.) improve/decrease response time.

a) router load is insignificant, built-in Dnsmasq is light weight forwarder
b) already available (and a modem doesn't update any lists, it's a bridge)
c) choose faster upstream DNS server, second local forwarder not needed

You have to figure first what a modem, router and access point are actually doing.

 

[dave14305]

Install Entware on the AP and then install the Entware adguardhome-go package and set it up manually using the AGH Wiki as a guide:

Home

Network-wide ads & trackers blocking DNS server. Contribute to AdguardTeam/AdGuardHome development by creating an account on GitHub.

github.com

 

[SomeWhereOverTheRainBow]

Install Entware on the AP and then install the Entware adguardhome-go package and set it up manually using the AGH Wiki as a guide:

Home

Network-wide ads & trackers blocking DNS server. Contribute to AdguardTeam/AdGuardHome development by creating an account on GitHub.

github.com

I concur with @dave14305 with this for anyone running a router in AP mode.
I will share a few tips. Run "netstat -nlp | grep dnsmasq". If you are lucky your dnsmasq instance will not be active. It is like this on "3006" routers in AP mode; I am not sure how it is on some of the older firmwares. I know on some of the older firmwares ran in AP mode, dnsmasq ran on port 53. If this is the case in your scenario, you will need to find away to keep dnsmasq dead. If you are lucky, your firmware will be old enough to still allow dnsmasq.postconf or dnsmasq.conf replacement inside AP mode. In that case, you can just set dnsmasq dns port to zero - viola AGH-go will be able to run as the DNS for the AP. That means all you have to worry about is configuring Adguardhome-go. Then you just tell your main LAN to distribute the IP address of your AP running AGH-go via DHCP. If you want more fine grained approach, just tell the clients which you want to run AGH-go to use the IP of the AP for DNS. You can also use DNS Director custom slots to define separate client rules to enforce AGH-go as the only DNS.

 

[SomeWhereOverTheRainBow]

You have to figure first what a modem, router and access point are actually doing.

That is fact. I once knew someone who thought they were getting HBO with two broken rabbit ears taped to a large rock sitting on top of their old box TV. They thought it was a wireless cable box reciever.

 

[CB7]

Just to be clear, you're talking about an AX3000 V2 which is a router not a modem.

FYI DNS Director forces queries to go to a single DNS server. I cannot send the queries to two servers.

Thanks! Yeah, fair enough! What I meant to convey was this particular router is the one in the home network that handles the connection to the ISP (PPPoE). But I should've known better than using technically wrong nomenclature here. I suppose I can call this one the edge router instead. But ultimately it matters little in the context of my AGH "problem".

It is good to know that DNS director only forces traffic to one DNS server, thanks! Overlooked that. But that's fine. Most of the devices and traffic on them adhere to what DHCP feeds them. It's just some apps that don't play nicely and try to force their own including DoH (mostly from vendors like Facebook, Netflix; but also utility apps like Speedtest for some reason). As long as those are redirected: that's OK and their traffic is unlikely to be very significant in the overall picture. Ideally it'd round-robin, but just redirecting to one: so be it. A secondary resolver available to 99% of the traffic is already much better than nothing.

a) router load is insignificant, built-in Dnsmasq is light weight forwarder
b) already available (and a modem doesn't update any lists, it's a bridge)
c) choose faster upstream DNS server, second local forwarder not needed

You have to figure first what a modem, router and access point are actually doing.

Thank you for your response! Well, as for a.) It unfortunately isn't insignificant. AdGuard Home occasionally causes high loads and memory usage, it also takes a very very long time to restart after updates (often doesn't restart at all and requires manually killing processes or reboot the router, the update script will just sit there waiting) and updating lists can take a very long time. This is probably not just AGH's fault as more services are running on the device, but it is the service showing most CPU and memory load and when its encountering such an issue: the resolver sometimes doesn't function or is extremely slow, and therefore I want a secondary resolver in the network. This also addresses point c; I respectfully disagree. I want redundant resolvers in the network for various reasons and I find it to be a necessity.

Install Entware on the AP and then install the Entware adguardhome-go package and set it up manually using the AGH Wiki as a guide:

Home

Network-wide ads & trackers blocking DNS server. Contribute to AdguardTeam/AdGuardHome development by creating an account on GitHub.

github.com

Thank you so much! I'll go ahead and look at its featureset and if its a match I'll definitely go play with that Entware is already deployed, so hopefully I'll get it going. Thanks!

I concur with @dave14305 with this for anyone running a router in AP mode.
I will share a few tips. Run "netstat -nlp | grep dnsmasq". If you are lucky your dnsmasq instance will not be active. It is like this on "3006" routers in AP mode; I am not sure how it is on some of the older firmwares. I know on some of the older firmwares ran in AP mode, dnsmasq ran on port 53. If this is the case in your scenario, you will need to find away to keep dnsmasq dead. If you are lucky, your firmware will be old enough to still allow dnsmasq.postconf or dnsmasq.conf replacement inside AP mode. In that case, you can just set dnsmasq dns port to zero - viola AGH-go will be able to run as the DNS for the AP. That means all you have to worry about is configuring Adguardhome-go. Then you just tell your main LAN to distribute the IP address of your AP running AGH-go via DHCP. If you want more fine grained approach, just tell the clients which you want to run AGH-go to use the IP of the AP for DNS. You can also use DNS Director custom slots to define separate client rules to enforce AGH-go as the only DNS.

Thank you for your response and the tips! I will keep this in mind, do that and have a look to see how it goes.

 

[CB7]

Thanks all! It seems to be up and running. Splendid!

Just one more thing:

FYI DNS Director forces queries to go to a single DNS server. I cannot send the queries to two servers.

Just double-checking here as I just realized I may have misunderstood what you meant. If DNS Director is set to "router" and I have configured the AP that I wish to use as secondary DNS server in DHCP: then it redirects to either one of the two, no? It can send queries to two servers, when using "router".

It has this as its description:
"A few special System options are available in the presets. "No Redirection" will bypass a global redirection, and "Router" will force clients to use the DNS provided by the router's DHCP server (or, the router itself if it's not defined)."

I understood this as plural rather than singular. Should I interpret this as it choosing one of the DHCP-defined DNS servers and sticking to that, never using 2 servers if defined as such in DHCP settings?

 

[ColinTaylor]

Thanks all! It seems to be up and running. Splendid!

Just one more thing:

Just double-checking here as I just realized I may have misunderstood what you meant. If DNS Director is set to "router" and I have configured the AP that I wish to use as secondary DNS server in DHCP: then it redirects to either one of the two, no? It can send queries to two servers, when using "router".

It has this as its description:
"A few special System options are available in the presets. "No Redirection" will bypass a global redirection, and "Router" will force clients to use the DNS provided by the router's DHCP server (or, the router itself if it's not defined)."

I understood this as plural rather than singular. Should I interpret this as it choosing one of the DHCP-defined DNS servers and sticking to that, never using 2 servers if defined as such in DHCP settings?

DNS Director can only intercept and redirect queries to a single IPv4 and/or IPv6 address. So if it's set to "Router" the queries will typically be sent to your router's IP address (e.g. 192.168.50.1). If your have set two DNS addresses in the DHCP settings it will use the first address only.

 

[CB7]

DNS Director can only intercept and redirect queries to a single IPv4 and/or IPv6 address. So if it's set to "Router" the queries will typically be sent to your router's IP address (e.g. 192.168.50.1). If your have set two DNS addresses in the DHCP settings it will use the first address only.

-edit- Hmmmm... Scratch what I said. I think I overlooked something important in my test. If DNS Director only intervenes when DNS queries are made to a DNS server other than the ones configured in DHCP, then the tests I showed are wholly inconclusive. But if that is the case, then I misunderstood this particular part of its operation and this means that only the queries made by apps that attempt to use their own DNS servers are redirected to the router; but it allows the traffic to the two servers set in DHCP? That'd be fine, their traffic is negligible. (And this is likely the case, as both AGH's instances are reporting processing DNS queries and I can manually query them - without intervention by DNS Director. But when attempting to query 8.8.8.8 directly: I do see the blockages working, if just the apps not playing nicely will encouter a performance hit or have no available resolvers for a bit once in a while: so be it.)

 

[ColinTaylor]

I don't see how you could have got the results you posted before you deleted them. But then I don't know how AGH inserts itself in the DNS flow and how it interacts with dnsmasq. I also don't know how you have configured your WAN DNS settings.

DNS Director can only intercept traffic that is being routed to the internet, e.g. 8.8.8.8 in your previous test. So that would typically be apps attempting to use their own DNS and ignoring DHCP.

I've just setup DNS Director on my router with Global Redirection = Router. DHCP's DNS server 1 = 1.1.1.1, server 2 = 1.0.0.1. If I look at the DNS Director rules generated I see this:

# iptables-save -t nat | grep DNSFILTER
:DNSFILTER - [0:0]
-A PREROUTING -i br+ -p udp -m udp --dport 53 -j DNSFILTER
-A PREROUTING -i br+ -p tcp -m tcp --dport 53 -j DNSFILTER
-A DNSFILTER -j DNAT --to-destination 1.1.1.1

As you can see intercepted traffic only goes to 1.1.1.1, not 1.0.0.1.

P.S. What do you have set for "Advertise router's IP in addition to user-specified DNS"?

 

[Tech9]

It unfortunately isn't insignificant.

AdGuard Home needs RAM. Your routers are entry-level model with lass than 200MB free RAM after boot.

 

[CB7]

AdGuard Home needs RAM. Your routers are entry-level model with lass than 200MB free RAM after boot.

Yup, AGH + other processes. Which is why its nice to have two instances running on separate devices so that when the router is temporarily not serving requests (in a timely manner) (eg: AGH updating, blocklist updates or degraded performance due to (lack of) available resources): the clients on the network are not affected and can simply continue getting a response from the instance on the AP.

I don't see how you could have got the results you posted before you deleted them. But then I don't know how AGH inserts itself in the DNS flow and how it interacts with dnsmasq. I also don't know how you have configured your WAN DNS settings.

But DNS Director only intercepts traffic that would otherwise be routed to the internet. e.g. 8.8.8.8 in your previous test.

I've just setup DNS Director on my router with Global Redirection = Router. DHCP's DNS server 1 = 1.1.1.1, server 2 = 1.0.0.1. If I look at the DNS Director rules generated I see this:

# iptables-save -t nat | grep DNSFILTER
:DNSFILTER - [0:0]
-A PREROUTING -i br+ -p udp -m udp --dport 53 -j DNSFILTER
-A PREROUTING -i br+ -p tcp -m tcp --dport 53 -j DNSFILTER
-A DNSFILTER -j DNAT --to-destination 1.1.1.1

As you can see intercepted traffic only goes to 1.1.1.1, not 1.0.0.1.

P.S. What do you have set for "Advertise router's IP in addition to user-specified DNS"?

I do know the probable cause for those results. There's two things:
1.) Local DNS traffic, or at least to the router and AP, wasn't being redirected (as you also point out). That explains why both AGH instances are receiving DNS traffic despite DNS Director being enabled (and only being capable of redirecting to 1 IP).
2.) The AGH process likely hadn't actually quit (yet) on the router the first time around when I ran the manual look-up for ads.google.com; so it was probably still responding. When both were killed, it went to the time-out. (As expected at that point.) Next time with such a test, I'll do -9 for good measure.

Ergo: it looks like, indeed, DNS Director's explanation is meant to be understood singular rather than plural; as your results also indicates. But as both local resolvers can work simultaneously on LAN despite DNS Director's limitations: this is perfectly fine, I'm happy. Maybe the VPN's will always hit the router but that was supposed to happen anyway as its the one on the more juicy UPS.

For your other questions, if still relevant:
- WAN DNS is set to Quad9. (Before, it was set to be using itself essentially; but this caused severe issues due to the router sending tens of thousands of DNSKEY lookups per second to AGH. Never figured out why it did that.)
- Advertise router's IP in addition to user-specified DNS is disabled, although it had crossed my mind to test if that would change the situation for DNS Director. But judging by your posts and analysis, I suppose its very likely that it won't.


Either way, everything is working exactly how I wanted it now. Two resolvers, both operational; and both on the ASUS devices. Very happy to see its possible and works.

Thank you very much everyone!

 

[CB7]

I encountered one more problem with this setup by the way, it looks like AGH is overriding the router's DHCP dns settings. No matter what I did, I could not get the router to advertise my AP. Even if I made sure the AP was the only entry in the DHCP settings (so primary resolver, no secondary, no ipv6, no including router IP as well): it was still telling DHCP clients to use the router's IPv4 and IPv6 addresses. When I manually modified dnsmasq.conf, killed dnsmasq and restarted it and reconnected clients: it did start working.

I suspect the problem lies somewhere in this snippet in AdGuardHome.sh (and other parts, but key is here) which is called by jffs:

                                for iVARS in $(route | grep "br" | grep -v "br0" | grep -E '\b^(((10|127)(\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)){3})|(((>
                                        [ "${iCOUNT}" = "1" ] && COUNT="${iCOUNT}" && IVARS="${iVARS}"
                                        [ "${iCOUNT}" != "1" ] && COUNT="${COUNT} ${iCOUNT}" && IVARS="${IVARS} ${iVARS}"
                                        iCOUNT="$((iCOUNT + 1))"
                                done
                                dCOUNT="1"
                                for dVARS in $(route | grep "br" | grep -v "br0" | grep -oE '\b^(((10|127)(\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)){3})|((>
                                        [ "${dCOUNT}" = "1" ] && DVARS="${dVARS}"
                                        [ "${dCOUNT}" != "1" ] && DVARS="${DVARS} ${dVARS}"
                                        dCOUNT="$((dCOUNT + 1))"
                                done
                                for i in ${COUNT}; do
                                        NIVARS="$(printf "%s\n" "${IVARS}" | cut -d' ' -f"${i}")"
                                        NDVARS="$(printf "%s\n" "${DVARS}" | cut -d' ' -f"${i}")"
                                        printf "%s\n" "dhcp-option=${NIVARS},6,${NDVARS}" >>"${CONFIG}"
                                done
                        fi
                        if { ! readlink -f /etc/resolv.conf | grep -qE ^'/rom/etc/resolv.conf' && awk -F'=' '/ADGUARD_LOCAL/ {print $2}' "${CONF_FILE}" | s>
                elif [ -n "$1" ] && nvram get webs_state_info | grep -q "3006" && [ "$(ls /etc/dnsmasq-*.conf 2>/dev/null | wc -l)" != "0" ]; then
                        SDN="$1"
                        CONFIG="/etc/dnsmasq-${SDN}.conf"
                        for PARAM in "port=" "add-subnet=" "add-mac"; do
                                sed -i "/^${PARAM}.*$/d" "${CONFIG}"
                        done
                        printf "%s\n" "port=553" "add-mac" "add-subnet=32,128" >>"${CONFIG}"
                fi

From what I can tell: this appears to be telling dnsmasq that it must modify the DNS servers and set it to the values on br0; which AGH in its GUI detects as the IPv4 and IPv6 IP of the router and tells dnsmasq to use those.

I'm not exactly sure why it's doing that, there will probably be a reason - but I'm not using AGH as DHCP server and want the router to use the IP's that you set in the routers DHCP settings rather than what AGH thinks it ought to broadcast. I'll try modifying this and see what happens

I'll post back when I find the resolution, its quite an extensive script and I don't want to mess things up.

 

[CB7]

Ok, so the problem didn't necessarily or only seem to stem from that section. (But I did leave line 112-116 commented out for good measure.) I checked the dnsmasq.conf and what actually got inserted was "dhcp-options=lan,6,0.0.0.0". AdGuardHome.sh removes the routers configuration and then sets that instead. Which appears to be caused by another section in AdGuardHome.sh:

                   sed -i "/^dhcp-option=lan,6.*$/d" "${CONFIG}"
                printf "%s\n" "port=553" "local=/$(printf "%s\n" "${NET_ADDR}" | awk 'BEGIN{FS="."}{print $2"."$1".in-addr.arpa"}')/" "local=/10.in-addr.arpa/" "local=//" "dhcp-option=lan,6,0.0.0.0" "add-mac" >>"${CONFIG}"

So I changed that to:

                   sed -i "/^dhcp-option=lan,6.*$/d" "${CONFIG}"
                DNS1="$(nvram get dhcp_dns1_x)"
                DNS2="$(nvram get dhcp_dns2_x)"
                ROUTER_IP="$(nvram get lan_ipaddr)"

                if [ -n "$DNS1" ] && [ -n "$DNS2" ]; then
                    printf "%s\n" "port=553" "local=/$(printf "%s\n" "${NET_ADDR}" | awk 'BEGIN{FS=\".\"}{print \$2\".\"$1\".in-addr.arpa\"}')/" "local=/10.in-addr.arpa/" "local=//" "dhcp-option=lan,6,${DNS1},${DNS2}" "add-mac" >>"${CONFIG}"
                elif [ -n "$DNS1" ]; then
                    printf "%s\n" "port=553" "local=/$(printf "%s\n" "${NET_ADDR}" | awk 'BEGIN{FS=\".\"}{print \$2\".\"$1\".in-addr.arpa\"}')/" "local=/10.in-addr.arpa/" "local=//" "dhcp-option=lan,6,${DNS1}" "add-mac" >>"${CONFIG}"
                else
                    printf "%s\n" "port=553" "local=/$(printf "%s\n" "${NET_ADDR}" | awk 'BEGIN{FS=\".\"}{print \$2\".\"$1\".in-addr.arpa\"}')/" "local=/10.in-addr.arpa/" "local=//" "dhcp-option=lan,6,${ROUTER_IP}" "add-mac" >>"${CONFIG}"
                fi

Now whenever dnsmasq restarts, which triggers running AdGuardHome.sh, the script grabs my configured DHCP-values and injects those instead. Now all my clients are going to the proper DNS servers and it also keeps broadcasting the IPv6 address. This is a temporary solution (as I don't know what else I have affected by modifying those lines, though I tried to keep it as close to the original as possible with the other variables), which will also on every update of AGH have to be manually fixed. But for now, it works. I'll look deeper in to it later for a more sustainable solution; and maybe someone can chime in who knows more about this behavior/why the script is doing this (when AGH is not running as DHCP server).

One of the problems is I first wanted to add it to the jffs script, but that would have caused a restart loop for dnsmasq. Every restart triggers the AGH script, but if I modify the dnsmasq.conf after AGH's script runs: I need to restart dnsmasq for the changes to take effect. ... Which triggers AdGuardHome.sh to run again. Infinite loop. So I now chose to modify AdGuardHome.sh instead, but ideally: this script never interferes with the routers DNS settings. I'm curious to learn why it injects the br0 values or "0.0.0.0". When AGH is the DHCP server, it shouldn't really have to worry about dnsmasq.conf. When AGH isn't the DHCP server: why interfere with the settings of the routers DHCP values in the UI? I'm sure there's a reason I don't understand (yet, I've only looked extensively at how to fix rather than why its doing this), but looking at the script and what AGH does I couldn't quite lay my finger on it.

Again, thank you all for your help and insights.

 

[SomeWhereOverTheRainBow]

Ok, so the problem didn't necessarily or only seem to stem from that section. (But I did leave line 112-116 commented out for good measure.) I checked the dnsmasq.conf and what actually got inserted was "dhcp-options=lan,6,0.0.0.0". AdGuardHome.sh removes the routers configuration and then sets that instead. Which appears to be caused by another section in AdGuardHome.sh:

                   sed -i "/^dhcp-option=lan,6.*$/d" "${CONFIG}"
                printf "%s\n" "port=553" "local=/$(printf "%s\n" "${NET_ADDR}" | awk 'BEGIN{FS="."}{print $2"."$1".in-addr.arpa"}')/" "local=/10.in-addr.arpa/" "local=//" "dhcp-option=lan,6,0.0.0.0" "add-mac" >>"${CONFIG}"

So I changed that to:

                   sed -i "/^dhcp-option=lan,6.*$/d" "${CONFIG}"
                DNS1="$(nvram get dhcp_dns1_x)"
                DNS2="$(nvram get dhcp_dns2_x)"
                ROUTER_IP="$(nvram get lan_ipaddr)"

                if [ -n "$DNS1" ] && [ -n "$DNS2" ]; then
                    printf "%s\n" "port=553" "local=/$(printf "%s\n" "${NET_ADDR}" | awk 'BEGIN{FS=\".\"}{print \$2\".\"$1\".in-addr.arpa\"}')/" "local=/10.in-addr.arpa/" "local=//" "dhcp-option=lan,6,${DNS1},${DNS2}" "add-mac" >>"${CONFIG}"
                elif [ -n "$DNS1" ]; then
                    printf "%s\n" "port=553" "local=/$(printf "%s\n" "${NET_ADDR}" | awk 'BEGIN{FS=\".\"}{print \$2\".\"$1\".in-addr.arpa\"}')/" "local=/10.in-addr.arpa/" "local=//" "dhcp-option=lan,6,${DNS1}" "add-mac" >>"${CONFIG}"
                else
                    printf "%s\n" "port=553" "local=/$(printf "%s\n" "${NET_ADDR}" | awk 'BEGIN{FS=\".\"}{print \$2\".\"$1\".in-addr.arpa\"}')/" "local=/10.in-addr.arpa/" "local=//" "dhcp-option=lan,6,${ROUTER_IP}" "add-mac" >>"${CONFIG}"
                fi

Now whenever dnsmasq restarts, which triggers running AdGuardHome.sh, the script grabs my configured DHCP-values and injects those instead. Now all my clients are going to the proper DNS servers and it also keeps broadcasting the IPv6 address. This is a temporary solution (as I don't know what else I have affected by modifying those lines, though I tried to keep it as close to the original as possible with the other variables), which will also on every update of AGH have to be manually fixed. But for now, it works. I'll look deeper in to it later for a more sustainable solution; and maybe someone can chime in who knows more about this behavior/why the script is doing this (when AGH is not running as DHCP server).

One of the problems is I first wanted to add it to the jffs script, but that would have caused a restart loop for dnsmasq. Every restart triggers the AGH script, but if I modify the dnsmasq.conf after AGH's script runs: I need to restart dnsmasq for the changes to take effect. ... Which triggers AdGuardHome.sh to run again. Infinite loop. So I now chose to modify AdGuardHome.sh instead, but ideally: this script never interferes with the routers DNS settings. I'm curious to learn why it injects the br0 values or "0.0.0.0". When AGH is the DHCP server, it shouldn't really have to worry about dnsmasq.conf. When AGH isn't the DHCP server: why interfere with the settings of the routers DHCP values in the UI? I'm sure there's a reason I don't understand (yet, I've only looked extensively at how to fix rather than why its doing this), but looking at the script and what AGH does I couldn't quite lay my finger on it.

Again, thank you all for your help and insights.

Yea the best insight is to use adguardhome-go and configure it yourself like previously mentioned by people in this thread. This script is not designed for someone intending to use adguardhome in AP mode. I recommend uinstalling it and running
opkg install adguardhome-go
That is the only way you will not run into these issues.

 

[CB7]

Yea the best insight is to use adguardhome-go and configure it yourself like previously mentioned by people in this thread. This script is not designed for someone intending to use adguardhome in AP mode. I recommend uinstalling it and running
opkg install adguardhome-go

Hi,

Thanks! But this problem with the DNS servers being set in dnsmasq.conf is on the router rather than the AP. So on the router I have the AGH Merlin thingy running (installed with amtm). On the AP I installed it using adguardhome-go as indeed suggested in this thread - and that runs fine. On the router, it turns out that I cannot set any DNS servers in the DHCP settings of the router, because AdGuardHome.sh keeps overruling those settings. (Well it doesn't do it anymore after the changes I made to the script, but on the next update of AGH Merlin it'll come back) But I must be able to set DNS servers, otherwise DHCP will never tell any of the clients to use the AP as well alongside the AGH instance on the router.

-edit- Or did you mean to say I shouldn't be using AGH Merlin ever (even in router mode) when there's a wish to set a secondary resolver? (Eg: AGH running on a VM/Docker on a NAS? Then also go to adguardhome-go and don't use AGH Merlin on the router then either?)

 

[SomeWhereOverTheRainBow]

Hi,

Thanks! But this problem with the DNS servers being set in dnsmasq.conf is on the router rather than the AP. So on the router I have the AGH Merlin thingy running (installed with amtm). On the AP I installed it using adguardhome-go as indeed suggested in this thread - and that runs fine. On the router, it turns out that I cannot set any DNS servers in the DHCP settings of the router, because AdGuardHome.sh keeps overruling those settings. (Well it doesn't do it anymore after the changes I made to the script, but on the next update of AGH Merlin it'll come back) But I must be able to set DNS servers, otherwise DHCP will never tell any of the clients to use the AP as well alongside the AGH instance on the router.

If you are intending to try to control that much, then you probably should run adguardhome-go on the main router as well. The adguardhome installer script is designed and taylored for what a typical adguardhome user would use it for without the nuances that running it the way you want to has. You should consider that in your approach because it probably best suits your needs to use adguardhome-go in all instances. Given then amount of control you desire.

 

[CB7]

If you are intending to try to control that much, then you probably should run adguardhome-go on the main router as well. The adguardhome installer script is designed and taylored for what a typical adguardhome user would use it for without the nuances that running it the way you want to has. You should consider that in your approach because it probably best suits your needs to use adguardhome-go in all instances. Given then amount of control you desire.

Ahhh okay, that makes sense. Alright, then I'll make a backup of the .yaml, uninstall AGH Merlin and install adguardhome-go instead. I suppose that'll get rid of statistics but that's OK, they'll repopulate.

Thank you so much!

 

[SomeWhereOverTheRainBow]

Ahhh okay, that makes sense. Alright, then I'll make a backup of the .yaml, uninstall AGH Merlin and install adguardhome-go instead. I suppose that'll get rid of statistics but that's OK, they'll repopulate.

Thank you so much!

You can make a backup of the entire /opt/etc/Adguardhome directory. Then it will be as simple as making sure everything in that directory gets placed in the right directory once agh-go is installed.