I used to run a pihole on my home network but recently moved to Adguard Home for simplicity. My pihole ran on a seperate Raspberry Pi board but I never liked this solution, keeping the Pi running just to act as a DNS resolver and blocker. Running it this way creates another point of failure, if the Pi goes down so does access to the internet.
I have since moved to Adguard Home and offloaded this task to my Ubiquiti Edgerouter X. In doing this, I reduce the need for extra hardware and remove a point of failure. If the edgerouter goes down, the internet will be down anyway so it's a non-issue.
My setup is probably different than your's so substitute settings where needed.
- IP: 192.168.1.1
- using dnsmasq instead of the default DHCPD daemon (for local hostname resolution on my lan)
- IP range: 192.168.1.0/24
- local domain: lan (.lan)
- using DHCP for IP assignment (including DNS server assignment)
Lets get into the weeds then..
If you want local name resolution on your lan then change over from the default DHCPD setup to dnsmasq. Doing this will also make the Adguard Dashboard easier to read as it will display local client names in addition to IP addresses.
we need to change the dnsmasq port number to listen on something other than the default 53. This is because we will be running the AdGuard Home service on 53 once installed.
Here I'm using port 5353 but you can use whatever you want, just remember it for the later steps. Login to your edgerouter web interface, go to the config tree tab then click service -> dns -> forwarding. Add an option with port=5353 as the value and apply changes.
Login to your routers command line interface, via ssh or the CLI button in the web interface. We are going to install the package in our home folder for simplicity. Grab the binary package for Edgerouter X (linux mipsle Softfloat) with the command below. NOTE: If you're using a different Ubiquiti model you might need a different build architecture than used below.
curl -sL https://static.adguard.com/adguardhome/release/AdGuardHome_linux_mipsle_softfloat.tar.gz | tar xvz
Lets test that the binary runs correctly.
cd AdGuardHome sudo ./AdGuardHome
Open your Edgerouter IP with port 3000 on your browser, http://192.168.1.1:3000 and hopefully be greated with this.
Set your service addresses and ports on the next screen. Change your admin interface to listen to your LAN side only (the one with the internal IP of your edgerouter). We also have to change the admin interface port to something other than 80 because this is what the default EdgeOS web interface uses. I chose to use port 8080. Also change the dns listen interface the the internal interface as well with the default 53 port. You shouldn't have any red interface or port already in use messages!
Finish the steps until you get to the login screen of the dashboard. Now return the the router's command line to stop the service and install it properly. At the command line hit CTRL+C to stop the service, then install it with this command.
sudo ./AdGuardHome -s install
Documentation of the other command switches can be found here if needed.
Everything should be now be installed and running. You can return to the AdGuard web interface by going to your router ip with the port you selected. http://192.168.1.1:8080 in my case.
Edited on May 14 2021: On two occasions I managed to fill the usable space on my Edgerouter device to 100%. Obviously this can cause all kinds of issues, so I've added this section as a remedy. It is highly suggested you do the same and if you have previously installed Adguard without doing this it's best to clear the logs. With just Adguard installed on my ERX with series 1.x firmware I stand at nearly 80% usage with no logs!
Note: you can use the df command on the router CLI to check the space on your / directory.
In the AdGuard web interface on your router, go to settings -> General Settings then under Logs configuration either uncheck enable log or at the very least reduce the query logs retention to a lower value (I recommend 24 hours). You can clear the query logs here as well if needed as mentioned above.
In addition to this I recommend you reduce the statistics retention to a lower value. I have mine set to 24 hours to avoid any future space issues. I'm not sure how much affect this has on space but I rather be safe than sorry.
In the router web interface go to the services tab -> DHCP server then actions button -> view details. Add 192.168.1.1 to the DNS 1 setting and lan under the Domain setting.
And you're done, AdGuard should be installed. But wait there's more...
So we have our dnsmasq service still running on port 53 but why? We are going to point our AdGuard service to call upon it for resolving local hostnames on our private LAN only! All other requests will use the other upstream proiders we specify.
Log into our AdGuard Home interface at http://192.168.1.1:8080 and head to settings -> DNS settings. Under upstream DNS servers add the following lines along with the included address or the upstream provider address of your choice.
The first line is for reverse DNS (rDNS) lookups. It says DNS requests for names in the 192.168.1.x range should ask our dnsmasq service running at port 5353. The second line states that lookups on our own .lan domain should also use the dnsmasq service running at port 5353. Anything outside this scope should use the other upstream IPs you specified here.
NOTE: More options and information can be found here.
Let's test our DNS localhost resolution.
If we set our Edgerouters hostname to "router" in the EdgeOS web interface (under system settings at the bottom). We should be able to access it via hostname as well as IP address.
So going to http://router.lan in our browser should now work, also you can try pinging it at the command line. Earlier we specified the domain "lan" under the DHCP settings passed to clients. This will set .lan to be our default DNS domain and you shouldn't need to specify .lan when accessing a device. So going to http://router or pinging router should just work without the .lan suffix. You're welcome!
You can check if you default DNS domain is set in windows clients at the command line with
should look something like this..
Because we have set up this local hostname resolution, the Adguard dashboard will show client friendly names instead of just ip addresses.
NOTE: This might not be needed in versions of AdGuard Home greater v0.106.0 as this documentation says "... you can enable and disable this feature by "Enable clients' hostname resolution" setting in the "Upstream DNS servers" section or via resolve_clients field in the configuration file."
As of this writting the current stable release is v0.105.2 so the above feature isn't an option, hence the reasoning for specifying it manually.
Under settings -> general settings enabling the Use AdGuard browsing security web server checkbox may cause AdGuard to stop resolving hosts properly on the EdgeRouter. Keep it off (the
default) if you run into issues.