Difficulty enabling secure DNS in Adguard Home

Hello. I'm running the Flint 2 on firmware version 4.6.4.

Addguard home is enabled and working, with load balancing between https://dns.quad9.net/dns-query & tls://dns.quad9.net Set as default, with fallbacks set to https://dns.adguard-dns.com/dns-query & tls://dns.adguard-dns.com. However, I seem to be unable to enable secure DNS in the interface because I'm getting error "Error: control/tls/validate | port 443 is not available, cannot enable HTTPS on it | 400"

The setting AdGuard Home Handle Client Requests Is enabled, because without it, I don't seem to have Internet access with this firmware version.

In LUCL I have banIP For the ability to filter out IP's from countries specifically known for malware attacks.

Any thoughts as to why I can not enable secure DNS?

Running DNS over HTTPS on the router itself is currently not really supported because the port 443 is used by the GL UI.

Please keep Enable Encryption disabled.

(Or adjust the ports, whatever is better for you)

Adguard upstream is secure dns. No way to check real dns secure.
You could test page adguard - AdGuard — The world’s most advanced ad blocker! Get the best ad-free experience and you can see what protocol dns using
About quad9 can't find test page.

It is not recommended. Trying to open own dns resolver and IPS will stop working or warning letter.

Your warning does not make sense.

By using the HTTPS DNS from AdGuard Home DNS no port will be open. It is totally fine to use it. Upstream does not matter either, because we are just talking about the DNS-over-HTTPS part of AdGuard Home.

The only reason why it does not work is, that the nginx for luci and the GL GUI is listening on TCP/443 already.

So I tried adjusting the ports because that seems simple enough. That got rid of the warning, but it won't let me save the changes. Based on some context clues it seems like it wants me to set up a certificate with let's encrypt? Happy to learn if it's the right thing to do, but it seems like it might be overkill. I basicallywanted to use DNS encryption, to put a little bit of a barrier between my ISP and my entire browsing history, so they couldn't sell it to advertisers directly, or something like that. I don't really have anything nonstandard going on threat model wise. Overkill Or worth setting up the certificate for the long haul? Thoughts?

Not worth it, tbh.

1 Like