X750 does not support adguard home. If it was so easy I wouldn’t post a post.
Why not try use mini server for example rasbeprry pi. It is cheap mini pc.
1 Like
Why should I? I have raspberry 5 but for another reason. I want to filter directly on router. I don’t need to achieve “DPI level” quality, but simply make it harder to use crap.
Because the task of a router is to route networks. This can do it very good.
Because it is nice to have all in one and most home networks there is no administrator, most routers implement a basic function of DNS and Firewall. And this works for most people.
But your request is a lot more than an usual home network user 'needs'.
And therefore the suggested solution is to set up a full featured firewall/DNS with exactly the functions you want.
And I say this as someone who has a own VM for Firewall (OPNSense) and two for DNS (Bind/PiHole) ... Only because my needs are more than the usual home environment.
Will R-Pi 5 handle this setup? Is it free for use?
If you know what you do, you can set up this at a Raspberry ... Bit this is a little much to describe here.
Will this work with Gl router? I don’t want to buy another one
I am out... A router is a embedded device with a specialized purpose.
A GL-iNet works as router. It works great. What you want could be possible. But this is far away from usual/normal/supported.
What is wrong with the idea you posted at the very beginning? Sounds good, but it is so far away from normal home use. Just try and if there are issues, ask questions... But this meta discussion will not help anymore.
I meant to set up on raspberry and connect to router. Without new router
Another short question without any content.
I don't know what to answer. Why should it not work?
The internet or an internet is build of different services. The services can run at one server or on different servers.
But you need to understand IP, port, DHCP, ... and maybe more.
Do you know what? You could do turn off dhcp in router and turn on adguard home with dhcp from raspberry pi. After that in router add manual IP address DNS from raspberry pi. Job done.
I had old router Huawei AX3 mesh and rasbeprry pi for Homeassistant with Adguard Home. Work perfect.
Now I upgraded new router Flint 2 and upgraded mini pc for proxmox with use home assistant, cctv connected to nas and docker. Better solutions that.
Anyway, I agree what @LupusE said.
They are paid crap. I don’t wish to pay. If I will not pay I will be product. So the only way to do it locally.
In fact it is free and open source ... They are using parts of the codebase for their paid services as well, but it is free to use if you don't need a public DNS or whatever else the advantages of the subscription are.
You are free to download it, make a full audit and change everything you like.
And if you are really good, you could contribute to the project, so others can participate from your idea of a good, solid and secure system. If you make custom 'encrypted DNS' possible, a lot of people would praise you.
I don't see where the 'you are the product' comes from in this context. But I am open-minded, explain to me why this service should not be used. I'd like to know where my data flow, before I am using it in production.
There is an tested and working advise provided, as you asked in the first post.
And for me it seems a lot easier than building the whole framework myself.
2 Likes
Something like this. The best way to use VPN or Tor DNS to avoid this. Also DNS leaks etc. So local filtering better
Open source is only that, that you can physically download.
I am not paranoid about local proprietary software (but I will limit it’s internet access), but you can’t control what hosted on server if it is not your server.
So who can guarantee that remote DNS server uses really open source software without hidden backdoors?
I do not follow.
You will never own the DNS resolve path. You will need to trust anyone. The internet is based on 12 root DNS servers, hosted very secure anywhere by IBM. And because this is not enough to handle every request the DNS has a hierarchical cascading.
Simplified: Root DNS servers - Regularity DNS services - ISP DNS Server - Local DNS Server - Client.
And no matter what you will only have access to secure your local server. This could be a bind, a DNSMasq, a full blown Windows AD or a AdGuard Home -> But in every case, if the local server does not know the Hostname and the FQDN is not local, the DNS should ask the next one (Forward DNS Server) and cache the result for the next request.
Open source here means 'you can download it, install it and use it'. No payment at all.
You should not Internet access to DNS Servers of your DNS server, because they are outside.
Even with Tor DNS, the request will at some point be resolved by an outside server. And this is good. How should every server in the wold hold every domain-ip mapping?
That is not the point.
The point is that you can use 'AdGuard Home' for free in your home network. And if you are willing to participate the development, you know they will use it also in their paid services. Open, transparent, fair.
As you want to use it for free, you are not allowed to use their provided DNS servers. So it should not be your problem if you can trust them or not. Your part is to download, audit the source, compile and use.
It is the same as using ipset or geoip from your first post.
I meant that it is better not to use someone’s DNS server especially if it cannot be downloaded to run locally (I mean self host)
If you can self host - you trust your server. If we talk about Adguard DNS case I trust them but I have much more requests per month like they give for free. Plus DNS will NOT block direct connection to russian ip. That functionality can be done locally:
address=/*.ru/0.0.0.0
address=/*.ru::/0
Another problem that GL gui doesn’t support custom encrypted DNS. Only plain.
And about something like Control D etc, I would like totally anonymised DNS (like Tor) or something Swiss like Proton or mullvad VPN not to share my data through something like “five eyes”.
And most “hilarious” thing: remote server can be DDOSed, blocked or even shut down.
By using “root” or VPN or Tor DNS you are mitigating such issues.
Also DNS provider without VPN will know too much about you: IP, website you are visiting, timing, possible client device.
And… If you turn on such DNS and VPN simultaneously you will face DNS leak
So what's the point here?
Block by using dnsmasq like you already do and accept that you can't block russian IPs so far.
I done it. But if app talk by IP with server?
I don't see paid or free account. Are you sure? Use own private adguard DNS server.
I paid Adguard VPN and free Personal tier which has 1000 custom rules. So free should lees number custom rules and you need one rule which can block all russian domains😏