ADGuard Home

Soldato
Joined
9 Apr 2007
Posts
14,034
I've finally got round to setting up Adguard Home on my NAS.
I had to use Adguard as my DHCP to work throughout the network.
The issue is on my pc on Chrome and Edge it doesn't seem to be doing much. It appeared to say first bit now everything gets through. On my mobile it blocks around 93% using this site to test.


What could be the reason my pc is only getting around 3%.

I have manually set the DNS on my network adapter to the NAS/Adguard address, could that be why? (I did this before I changed DHCP settings, it's a BT Smart hub so you can't change the DNS)
 
Last edited:
Just reset to my pihole and got with https://raw.githubusercontent.com/hagezi/dns-blocklists/main/adblock/ultimate.txt
Screenshot-2024-02-03-195649-Copy.png

Try again makes sure permissions and ports are allowed etc.
What permissions? And ports?
I'm not only using it on a pc via Windows. I'm wanting it working at the network level via DHCP.
 
Ok, firstly if you have pointed your primary DNS on your computer to AGH and you can browse the internet then DNS is working.

you 100% have switched off DHCP on your router? and other devices are getting DHCP from AGH? with correct DNS yes?

have you just used 1 DNS server on your machine? if so, this is correct, do not use a secondary DNS unless you have a second AGH.

Next, what upstream server are you using in AGH? go here: https://dnsleaktest.com/ run the standard test, does it match the company of the upstream server you added to AGH?

Next, in AGH, go to the logs section and enter your compuer IP address so you can see all queries being done from your computer, are you seeing any?

What block lists are you using in AGH?

i use these, maybe overkill but works well:

Code:
https://raw.githubusercontent.com/StevenBlack/hosts/master/alternates/porn-only/hosts
https://raw.githubusercontent.com/hagezi/dns-blocklists/main/domains/pro.txt
https://adguardteam.github.io/HostlistsRegistry/assets/filter_1.txt
https://adguardteam.github.io/HostlistsRegistry/assets/filter_2.txt
https://adguardteam.github.io/HostlistsRegistry/assets/filter_24.txt
https://adguardteam.github.io/HostlistsRegistry/assets/filter_33.txt
https://adguardteam.github.io/HostlistsRegistry/assets/filter_27.txt

Give these a try.

report back :)
I have these three on my DNS server list.

Code:
https://dns.quad9.net/dns-query
https://dns.google/dns-query
https://dns.cloudflare.com/dns-query

When i do the standard test on your link it lists two Cloudflare ISPs.

Block lists im using.
Code:
AdGuard DNS filter
AdAway Default Blocklist
Dan Pollock's List
OISD Blocklist Big
Steven Black's List

For my PCs IP on the log file nothing is being blocked.
Right now lots for instance is getting blocked for the Amazon FireStick so its clearly all working, just not on my PC.
 
Last edited:
First of all, that site is a bit of a useless test - and even then it's intended for browser based ad blockers, not DNS. Have you checked that Chrome and Edge aren't hijacking (or 'helping') your DNS under Settings > Security > Encrypted DNS (paraphrased, but you'll find it using that as a guide)? They can set themselves to automatically upgrade your existing DNS, or to use external third party DNS (non-ad-blocking). Is your Windows system definitely assigned the AGH IP as its sole DNS, and on the correct adapter? A DNS leak test tool as stated above is a good first shout, to confirm you're using the expected DNS. Remember it will show the upstream you set in AGH, not the AGH device itself as your DNS! Again, also confirm queries from your browser (random ones like freebsd.org whitehouse.gov etc) are showing in your AGH log.

It's odd it 'worked' at first and then didn't. Go back to AGH, remove all current filter lists and add just Hagezi Normal (for now). After ensuring your device and browser are using the local AGH IP as DNS run the tests as above and let us know. It definitely sounds like some hijacking, secondary DNS (or just no AGH IP at all) is going on.
When i do this link on my Phone DNS resolvers are 2 different Cloudflare.

Code:
Your DNS resolvers are:

Cloudflare
172.70.84.25
ns: cruz.ns.cloudflare.com
London, England, GB
172.70.84.28
ns: cruz.ns.cloudflare.com
London, England, GB

CLOUDFLARE_2400_CB00_0000_36
2400:cb00:376:1024::ac46:5419
ns: chloe.ns.cloudflare.com
London, England, GB
2400:cb00:376:1024::ac46:541c
ns: chloe.ns.cloudflare.com
London, England, GB

Great! Your DNS responses are authenticated with DNSSEC:

ECDSA P-256    ECDSA P-384    Ed25519
Good signature    ✓    ✓    ✓
Bad signature    ✓    ✓    ✓
Expired signature    ✓    ✓    ✓
Missing signature    ✓    ✓    ✓

When i do it on my pc it says

Code:
Your DNS resolvers are:

BTNET-MNT
81.134.122.24
ns: ns0.bt.net
London, England, GB
81.134.122.38
ns: ns0.bt.net
London, England, GB
81.134.123.12
ns: ns0.bt.net
London, England, GB
81.134.123.14
London, England, GB
81.134.123.16
London, England, GB
81.134.123.18
ns: ns0.bt.net
London, England, GB
81.134.123.20
ns: ns0.bt.net
London, England, GB
81.134.123.22
London, England, GB
81.134.123.26
ns: ns0.bt.net
London, England, GB
81.134.123.28
ns: ns0.bt.net
London, England, GB
81.134.123.30
ns: ns0.bt.net
London, England, GB
81.134.123.32
London, England, GB
81.134.123.34
London, England, GB
81.134.123.36
ns: ns0.bt.net
London, England, GB
Cloudflare
172.70.84.28
ns: cruz.ns.cloudflare.com
London, England, GB

CLOUDFLARE_2400_CB00_0000_36
2400:cb00:376:1024::ac46:5419
ns: chloe.ns.cloudflare.com
London, England, GB
2400:cb00:376:1024::ac46:541c
ns: chloe.ns.cloudflare.com
London, England, GB

Oh no! Your DNS responses are not authenticated with DNSSEC:

ECDSA P-256    ECDSA P-384    Ed25519
Good signature    ✓    ✓    ✓
Bad signature    ✕    ✕    ✕
Expired signature    ✕    ✕    ✕
Missing signature    ✕    ✕    ✕

What i dont understand is that in Adguard logs is showing loads of requests for the PC its just not blocking any of them.
 
Last edited:
The BTNET bit is the issue, you machine is trying to use BT DNS as well as AGH so you will get mixed results

have you definitely swcthed off DHCP on your BT Hub? nothing should be poiting to your BT Hub apart from gateway address.

you dont have any VPN/DNS plugins install in Chrome/Edge?

Try Firefox to check if that works ok.
I tried Edge as well.
Checked my network settings and it's definitely got the correct IP from the adguard DHCP and DNS is correct.
From my understanding two DHCPs rubbing would be obvious but yes it's definitely off on the BT router.
 
Restarted my pc and it seems to be working now, get the same results as my phone. Strange as i did all the things like flushing dns cache and renew dhcp.
Anyway thanks all, will make sure i dont change anything now its working. Well until i get a new router (i want to give Opnsense ago)
 
sky is the limit now!
if you use proxmox for the opnsense, you can setup a secondary AGH cointainer on it (proxmox) so you can have have redundancy incase your NAS reboots etc.
I was just going to install it direct onto something, not decided yet, but want 2.5Gbe, and enough power for at least a 1Gb WAN connection. Proxmox sounds like just more complexity for me.
 
Back
Top Bottom