AdGuard Home Handle Client Request - Breakdown

j2zero · July 10, 2024, 10:27am

Can some explain why you would / wouldn't want to use AdGuard Home Handle Client Request

Toggled off, adguard is still doing my clients DNS but they just appear as localhost, so I'm guessing in theory they are getting forwarded from the router to adguard home but ultimately adguard is "handling the client request" as it's using the upstream of adguard home?

If the toggle is off then does this mean that the router itself is not using the adguard DNS upstream servers, to check for package updates, firmware updates?

To sum up I would also like to know the pros / cons, any added latency for request depending on the option chosen?

I can have it toggled on and policy routing per client works fine, obviously domain routing doesn't as per the tooltip information.

I also know that if you toggle the settings on them each client will show as making it's own request which is great to see what's going on, also by doing so I can then create client rules for certain services so ideally I would want to keep it toggled on but without understanding fully any implications I have just toggled between to test.

admon · July 10, 2024, 10:32am

You already figured out all pros and cons.

The biggest con: VPN routing based on domain won't work.

j2zero · July 10, 2024, 10:53am

So with the option toggled off what is the router itself using for DNS?

admon · July 10, 2024, 11:47am

Whatever DNS server is provided by either WAN or DNS settings in the interface.
Or AdGuard Home, if enabled.

j2zero · July 10, 2024, 12:24pm

Ok so what about "client devices will be handled directly by Adguard home" as opposed to what, how are they handled in the current state when it's toggled off? But adguard home itself is enabled.

Pro4TLZZ · July 10, 2024, 1:01pm

From my understanding I believe this option makes all DNS queries use adguard. If I'm using client VPN software on a device I don't want adguard to override.

I'm not interested in knowing which device makes a specific DNS query. Some things are better off not knowing.

Maybe if I lived alone.

j2zero · July 10, 2024, 1:10pm

That's not what is happening though. I can set Google DNS on my android phone and it will bypass adguard home regardless.

Pro4TLZZ · July 10, 2024, 1:18pm

Gotcha. My understanding is absolute rubbish then. Tbh I don't think the description is exactly super clear

j2zero · July 10, 2024, 1:21pm

You have more control if you can see each individual clients. For example you can create a client profile inside adguard home and then block services on a per client basis (tiktok, YouTube) which is really good for young children, it was one reason I switched from pi hole when they didn't support per client blocking and a feature that wasn't really available in pfblockerng when I was running pfsense - being able to restrict on a per client basis as opposed to everyone has it's perks. Not sure if you knew that was possible

alzhao · July 11, 2024, 5:03am

I don't think I can answer all the details.

If you use Adguard Home for DNS request so you need to reply Adguard Home for DNS functions. The router's other dns related function does not work.

If you want Adguard Home filter and at the same time want to benefit the dns functions of the router, keep it turned off.

If you set Google DNS on your Andriod it is encrypted dns and the router will not be able to capture these data.

j2zero · July 11, 2024, 7:14am

Thanks for the reply.

That doesn't sound right. On my android phone I simply used 8.8.8.8 and also I used the quad 9 unencrypted DNS with the same results, they bypass adguard home. If by toggling on that option all DNS should route via Adguard even if the clients are using there own DNS then that's not working as expected.

On my old firewall I simply just created a rule to redirect DNS ports to the router which then forces the clients to use adguard home regardless what the clients DNS is set to.

alzhao · July 11, 2024, 7:21am

Here are some images showing on windows it works.

Adguard Home settings.

Windows is using DHCP but manual DNS servers, not encrypted

In windows just do some dns query

These dns query is captured by Adgaurd Home

j2zero · July 11, 2024, 7:28am

So I take it the expected behaviour IS to force and redirect clients that are using their own DNS to adguard home when the 2nd option is toggled?

If so I will check again and see if I can replicate to get the same results you are.

alzhao · July 11, 2024, 8:08am

Yes. Everything else is default. I added text explaination in last post.

mrschwarz · July 30, 2024, 7:35pm

I am having an issue on my MT6000. I have set 'AdGuard Home Handle Client Requests' on, but it still reports DNS entries as '127.0.0.1' for all queries.

I am running version 4.6.2 firmware with Adguard Home version 0.107.52.

I am also running a VPN Wireguard client as a global proxy and am running a Tailscale client.

alzhao · July 31, 2024, 3:43am

It seems broken.

Will fix asap.

bruce · August 5, 2024, 11:06am

Refer to this post:
This issue is known, it affects the ADG Client list and ADG Query log.
And it already in the develop plan to improve the DNS processes processing flow about the ADG/VPN/Dnsmasq. Thanks.