AdGuard Home and DNS over TLS

Hi,

I am running GL-MV1000W as my main router. I have activated AdGuard Home to avoid ads and reduce outbound traffic. In addition, I wanted to activate DNS over TLS to minimize the amount of data my ISP is able to collect. However, these two setting (AdGuard and DNS over TLS) appear to not go well together; I am unable to activate DNS over TLS (“Before turning on this feature, please turn off other DNS settings.”)

Is there a way to activate DNS over TLS without deactivating AdGuard Home?

More generally, what settings do you recommend to keep my internet traffic as private as possible without using a VPN (and while keeping AdGuard Home activated).

Thank you very much.

You can set up a DNS over TLS server as an upstream DNS server within AdGuardHome Settings → DNS settings.

I do not work for and I do not have formal association with GL.iNet

Add DoT servers inside AGH doesn’t work ?

Just add “tls://your DoT servers hostname here” will do the job.

The solution should be one of the answers before. But why?

AdGuard is analysing the DNS requests and block them if matching a ruleset.
DNS over TLS is encrypting the DNS request end-to-end.

And here is the problem. When DNS over TLS is enabled, the DNS request should be encrypted from your client to the DNS Server. Your provider can’t see your DNS requests, but also AdGuard is not able to anaylse it.
So, you’ll need to break the encryption between the client, AdGuard and the resolver. As mentioned before, The communication Client-to-adGuard needs to be plain and AdGuard needs to support DNS over TLS, do the encryption and set the upstream Server … But any attacker within your network could be able to sniff your requests.

This is very helpful. Thank you.

Good to know; I didn’t know that. I will not use DoT then. Thank you.