AdGuard Home Handle Client Request - Breakdown

Can some explain why you would / wouldn't want to use AdGuard Home Handle Client Request

Toggled off, adguard is still doing my clients DNS but they just appear as localhost, so I'm guessing in theory they are getting forwarded from the router to adguard home but ultimately adguard is "handling the client request" as it's using the upstream of adguard home?

If the toggle is off then does this mean that the router itself is not using the adguard DNS upstream servers, to check for package updates, firmware updates?

To sum up I would also like to know the pros / cons, any added latency for request depending on the option chosen?

I can have it toggled on and policy routing per client works fine, obviously domain routing doesn't as per the tooltip information.

I also know that if you toggle the settings on them each client will show as making it's own request which is great to see what's going on, also by doing so I can then create client rules for certain services so ideally I would want to keep it toggled on but without understanding fully any implications I have just toggled between to test.

You already figured out all pros and cons.

The biggest con: VPN routing based on domain won't work.

So with the option toggled off what is the router itself using for DNS?

Whatever DNS server is provided by either WAN or DNS settings in the interface.
Or AdGuard Home, if enabled.

Ok so what about "client devices will be handled directly by Adguard home" as opposed to what, how are they handled in the current state when it's toggled off? But adguard home itself is enabled.

From my understanding I believe this option makes all DNS queries use adguard. If I'm using client VPN software on a device I don't want adguard to override.

I'm not interested in knowing which device makes a specific DNS query. Some things are better off not knowing.

Maybe if I lived alone.

That's not what is happening though. I can set Google DNS on my android phone and it will bypass adguard home regardless.

1 Like

Gotcha. My understanding is absolute rubbish then. Tbh I don't think the description is exactly super clear

You have more control if you can see each individual clients. For example you can create a client profile inside adguard home and then block services on a per client basis (tiktok, YouTube) which is really good for young children, it was one reason I switched from pi hole when they didn't support per client blocking and a feature that wasn't really available in pfblockerng when I was running pfsense - being able to restrict on a per client basis as opposed to everyone has it's perks. Not sure if you knew that was possible

I don't think I can answer all the details.

If you use Adguard Home for DNS request so you need to reply Adguard Home for DNS functions. The router's other dns related function does not work.

If you want Adguard Home filter and at the same time want to benefit the dns functions of the router, keep it turned off.

If you set Google DNS on your Andriod it is encrypted dns and the router will not be able to capture these data.

Thanks for the reply.

That doesn't sound right. On my android phone I simply used 8.8.8.8 and also I used the quad 9 unencrypted DNS with the same results, they bypass adguard home. If by toggling on that option all DNS should route via Adguard even if the clients are using there own DNS then that's not working as expected.

On my old firewall I simply just created a rule to redirect DNS ports to the router which then forces the clients to use adguard home regardless what the clients DNS is set to.

Here are some images showing on windows it works.

Adguard Home settings.

Windows is using DHCP but manual DNS servers, not encrypted

In windows just do some dns query
image

These dns query is captured by Adgaurd Home

So I take it the expected behaviour IS to force and redirect clients that are using their own DNS to adguard home when the 2nd option is toggled?

If so I will check again and see if I can replicate to get the same results you are.

Yes. Everything else is default. I added text explaination in last post.