Please visit my channel page: kzbin.info Want to talk to me? Join my Discord Server: discord.com/invite/DXnfBUG
@greatestunknown2 жыл бұрын
I am on Luci 21.02 and I just bought a Raspberry Pi4 and installed Pihole. I saw three ways to try this; Network > Interfaces > WAN > Common Configuration > Advanced Settings > Use custom DNS servers Network > Interfaces > LAN > DHCP Server > Advanced Settings > DHCP-options Network > DHCP and DNS > Server Settings > DNS forwardings Confused I searched Google. Then it occurred to me, OneMarcFifty, of course! Wow, this really demystified these settings and then you showed even more advanced ones I never imagined. I'm going to try the Network->DHCP and DNS first, and when I'm pretty comfortable, move on to your third option. Thanks Marc, now I won't have to stay up till 4:00 a.m. trying to figure it out!
@OneMarcFifty2 жыл бұрын
Awesome feedback - many thanks - glad you can get some more sleep now ;-)
@goppinaththurairajah7602 жыл бұрын
Very detailed tutorial. I am using AdGuard since 2021 with Raspberry Pi 4 and I started with OpenWrt in 2022. Now I am using OpenWrt as my main router and installed the AdGuard manually to get the control over the latest versions.
@OneMarcFifty2 жыл бұрын
Many thanks for sharing ;-)
@endthefighting2 жыл бұрын
You have singlehandedly saved my mental health! I've been wrecking my brain trying to figure out what I've been doing wrong, and thanks to your detailed and great explanations, I now have everything working (new openwrt router, adguard running on home assistant pi), and as an added bonus, I've also learned a lot! Thank you a billion times!
@OneMarcFifty2 жыл бұрын
Hi Ragnar, thank you so much for the feedback. I am happy that the video could help.
@unknown_channel_name2 жыл бұрын
The timing couldn't be any better. I recently bought a new router and flashed Openwrt. I was struggling this morning to setup DNS as it was a bit confusing at first glance. I am already running AdGuard Home on a separate machine. Keep up the good work Marc ! Looking forward to the Sunday discord session.
@OneMarcFifty2 жыл бұрын
Awesome - many thanks Vibhu ;-)
@rubab44ih8 ай бұрын
I am using PiHole as a network wide ad blocker. I started using it around 3 years ago. I used it as a DHCP server too. At some point an update messed up something on the rpi and I had to start using the router as DHCP again. I am watching this video to see if I can turn off the router DHCP and use the Pihole's DHCP to filter ads. Thank you for making a very informative and beginner friendly video.
@SantaRosaBmx2 жыл бұрын
I can't believe how do u manage to reply to everyone, that's an outstanding work!! Im super thankful of you doing what u do for all of us who wants to learn about openwrt and solutions. Its way better than reading a page, specially with the quality of ur vids.
@OneMarcFifty2 жыл бұрын
Hey, thank you very much for your friendly feedback. Yes, I firmly believe that in the long run viewers prefer to be able to interact with the creators. As long as I can manage it I'll reply to everyone ;-)
@tomduca2 жыл бұрын
Call to action!!! Hi Mark! I am using pihole + unbound in a raspy zero with GB ethernet adapter as dns attached to my Archer C7 with OpenWrt. I have firewalled 53 & 853 ports in OpenWrt, so there is no other way than the pihole (or VPN) to get DNS service inside my networks. It works like a charm. I use it for ads/track blocking and parental control. There are several useful, well maintained list out there. Thank you as always, excellent video! Regards!
@tomduca2 жыл бұрын
config rule option name 'DNS-Forward-Allow-raspy' option src 'lan' option dest 'wan' option dest_port '53 853' option target 'ACCEPT' list src_mac 'raspy mac addr' config rule option name 'DNS-Forward-Reject-lan' option src 'lan' option dest 'wan' option dest_port '53 853' option target 'REJECT'
@tomduca2 жыл бұрын
Of course I need a reject rule for every zone I have configured. But I did the setup unce and it works great. Without having to install new packages :) An now I am thinking... Those rules I set up before deploying unbound, when I had public DNS set up in the pihole. I think now I could even block ports 53 &853 completely since all DNS are resolved inside the pihole. Right?
@OneMarcFifty2 жыл бұрын
Hi Tomás, you could block the ports but you would need to make sure that you don't block them between the pihole and router.
@bryanrobinson19802 жыл бұрын
i've used PiHole in two different instances. First, at home for ad blocking and was utilized as a docker container in OMV5/6 running on a Raspberry Pi setup as a home NAS. Secondly, I have a similar setup for an RV trailer I live in during the week at my job, that bridges a connection to the work wifi, setting up a small wifi network within the trailer. It has a desktop hardwired via ethernet to a Netgear router running OpenWRT and broadcasting for the wireless devices to also connect. It has PiHole also setup as a container on the RV trailer NAS on a Raspberry Pi running OMV6. Took several nights after work to research on Google and KZbin methods to set it up. I used some information from other videos you have done, and other have done as well, to set it all up. I generally use the RV trailer NAS to host media and use Jellyfin to serve up the movies and TV shows I have saved on it.
@OneMarcFifty2 жыл бұрын
Wow - I can imagine that this took a while to be configured ;-) Many thanks for sharing !!!
@arf88912 жыл бұрын
Hi Marc, thanks for your videos, you're awesome! I used to be a techie but I'm trying to come back slowly. I'd love to see more videos what we can do with a Raspberry Pi (recently bought it) and OpenWRT. I've been using OpenWRT for OpenVPN (Security mainly) on a Archer C7 but thanks to you I implemented a couple of thing on my OpenWRT. I installed AdGuard (after this video) I used implementation n1 (DNS Ad by DCHP) however, I forward my DNS traffic directly from AdGuard to my Public secure DNS Server. I'm really excited about my Raspberry Pi and looking forward to have different use cases.
@OneMarcFifty2 жыл бұрын
Excellent ! Many thanks for the feedback !
@manojcmenon2 жыл бұрын
Wow. Really loved option No.3 where you force all DNS lookups to the Pi-hole. (I didn't know that this was even possible). Perhaps, you should do an advanced iptables/netfiler tutorial with a few scenarios like this.
@OneMarcFifty2 жыл бұрын
Hi, many thanks for the feedback. I've noted your suggestion ;-)
@francocastilloAR2 жыл бұрын
You might even have to update it because in the next version of OpenWrt iptables will be replaced by nftables.
@nonomnismoriar96012 жыл бұрын
Great video and so well explained with lovely visuals!!! I have to tackle this soon for my home network which I use for work and family too and need to sort out ads and parental restrictions. I will be watching this video a lot in the near future! Perfect length and level of detail, please continue with this kind of material! Get the sense you really enjoy making these from the big smile you always seem to have 😊
@OneMarcFifty2 жыл бұрын
awesome - glad you like it - many thanks for the feedback!
@d00dEEE2 жыл бұрын
Note that those DNAT rules can also be rewritten a little bit to provide NTP from a single local source. This can help if you want all your machines to have the same clock settings as close as possible. (Simply set up your router or one of your servers as an NTP server and redirect all UDP port 123 queries to it.)
@OneMarcFifty2 жыл бұрын
Yes - absolutely right! I actually had the use case for a couple of Tasmota devices which are hard coded to use an ntppool server in the netherlands and were flooding my logs with ntp requests. What I did is that I even excluded them from being served on DNS as they really should go to my router for Time ;-) thanks for sharing !!!
@LeoGitarzysta2 жыл бұрын
@@OneMarcFifty I wonder if just setting the right DHCP option would suffice. I did this in local hackerspace, so hosts in its network pick up the same time, so they could properly stream sound over PulseAudio, which is very picky in terms of clock synchronization. I did it by adding "list dhcp_option_force '42,' to the 'config dhcp' section for my LAN interface. Linux hosts did pick it up, however I had to use 'force' variant because they didn't ask for this option explicitly. Not sure about Tasmota, will have to check that as well, as I have quite a couple of devices too.
@JaimeGonzalez-tt4kk2 жыл бұрын
I have been using OpenDNS as a parent control system, however adguard looks like a more private solution. I will try it this weekend. Thanks for the detailed explanation!
@OneMarcFifty2 жыл бұрын
Hi Jaime! Great stuff - let me know how it goes!
@j.c.50112 жыл бұрын
Nice, informative video. I've been and still using pFsense for a few years in combination with a virtualized AdGuard Home. Works absolutely perfect. All outgoing (V)LAN DNS traffic on port 53, 853 etc. is getting blocked and being forced through AGH. This a good way to also catch the rotten apples that use hardcoded DNS.
@OneMarcFifty2 жыл бұрын
Hi, many thanks for the feedback and sharing ;-)
@Maleko48 Жыл бұрын
I have a similar setup to this using pfBlockerNG, but still working through some woes it causes such as KZbin apps on SmartTV not working and Adobe Creative Cloud complaining and throwing errors among other things
@xtremeideaz2 жыл бұрын
I'm running both Adguard & pihole on a LXC as DNS 1 & 2. Nice video. Very explanatory
@OneMarcFifty2 жыл бұрын
Many thanks for your feedback!!
@sumarouno Жыл бұрын
The best and the most comprehensive tutorial for openwrt and adguardhome/pihole. Thanks
@OneMarcFifty Жыл бұрын
Cool - many thanks for the positive feedback !
@sarkybugger50092 жыл бұрын
In answer to your questions: Yes. Network wide adverts and nasties blocking. Five minutes to download and configure. PiHole. Been running it for nearly three years, on a first batch Pi 1 Model B. (256MB RAM version) Had to reinstall after about a year due to cheap crap SD card. No other problems at all. It's great, and visitors appreciate the ad free experience.
@OneMarcFifty2 жыл бұрын
Awesome - many thanks for the feedback !
@RutNij2 жыл бұрын
I use pihole on an old pi3. Asus router. Works perfect. Don't forget to redirect dns request pushed to the default gateway to the pihole. More and more apps / games on phones try this route to skip dns filtering. Also, if you have isolated guest wifi access, you need to go through the default gateway
@OneMarcFifty2 жыл бұрын
Many thanks for your feedback !
@zebop917 Жыл бұрын
This was very useful! It helps you to understand a bit more of the underlying principles rather than just being a sequence of instructions. You gained another subscriber :-)
@alexs55882 жыл бұрын
Thanks Marc, great video!!!! last video you mentioned the Batman protocol, do you still plan to release this video?
@OneMarcFifty2 жыл бұрын
Hi Alex, yes it's still on. But before I do that my pull request needs to go through github.com/openwrt/luci/pull/5698 - I wrote a LuCI interface for that video ;-)
@alexs55882 жыл бұрын
Awesome! Can't wait🎉🎉
@nIgnasn Жыл бұрын
Would be nice if you updated this with instructions on v22 :) It uses nftables. The iptables-mod-extra does not work anymore. And in OpenWRT wiki there are instructions, but weirdly they don’t take effect on my router. These nftables are kinda new, so I guess not widely adopted and the ecosystem is not there yet. Great work btw!
@OneMarcFifty Жыл бұрын
Hi, yes - you are spot on - a lot of solutions still have dependencies on iptables. I'd say e just have to wait a bit in order to have all package maintainers switch to nftables.
@bendrabble61862 жыл бұрын
Firstly, thank you so much for all your videos. They're great and have taught me loads! Secondly a hopeful request, is there any chance of getting and update on how to perform the enforcement with nf-tables? I tried using the iptables-nft but the --to command is not recognised.
@OneMarcFifty2 жыл бұрын
Hi Ben, you might not even need a custom rule. Try using DNAT ( on the port forward tab of firewall)
@jrnhl Жыл бұрын
Another great video of yours, Marc! How would you announce your pihole/adguard home service for IPv6? For IPv4 we'd set option 6 but where would we announce the DNS filter for IPv6? Would you simply add the bitmask to your LAN interface's IPv6 Settings as a DNS server inside the DHCP settings tab? Let's say ::5:0:0:0:245 according to your example from the IPv6 with OpenWRT video?
@OneMarcFifty Жыл бұрын
On the Interface - DHCP Server tab - IPv6 Settings - Announced IPv6 DNS servers. Here you can put addresses of DNS Servers that would be announced via DHCPv6
@janoskovacs323711 ай бұрын
Hi! Thanks for the video, it's explains plenty of basic stuff, and I like your style. In my case my isp deals with pppoe, my owrt just acting as a router as dhcp client/server. About forwarding to a raspbey pi in my network on version 23.05 I found the following step somehow working: Network -> Interfaces -> Edit WAN -> Advanced Settings -> Use DNS servers advertised (untick, that reveal a new option) -> Use custom DNS servers -> set raspbery pi IP where adguard run. somehow without this It worked just for few query, even if I set under Interfaces » lan -> DHCP Server -> Advanced Settings -> DHCP-Options 6,IP-of-Rpi I don't know why, but strange. Marry x-mass
@ha55kr2 жыл бұрын
Hi Marc, always a pleasure to look at your videos. To the point and very helpful. Please keep up the good work! I use Adguard home on a Raspberry 4 with 4 Gb. This is a bit of an overkill hardware wise. You could use a smaller Pi. I have various VMs and PC's which who are all directed via my Fritz to the Pi. It was a breeze to install and I am keeping track of all the relevant blocking lists and updates. So far so good.
@OneMarcFifty2 жыл бұрын
Awesome - many thanks for sharing Hans !
@user-zr7kz4vs7c2 жыл бұрын
Great explanation!! Thanks a lot! How about SNI-based web filtering on OpenWRT? Because DNS over HTTPS cloud be used to bypass Pi-hole, many smart devices now implement DOH which is impossible for us to block them from phone home. Personally I use AdGuard home and redirect all dns (Port 53)
@OneMarcFifty2 жыл бұрын
For SNI - wouldn't you still need a blacklist behind that ?
@user-zr7kz4vs7c2 жыл бұрын
@@OneMarcFifty yup, but SNI based web filtering can prevent DOH or DOT
@followthetrawler2 жыл бұрын
Great video. Currently I use PiHole as DHCP/DNS server on a Pi4. It is additionally configured using UNBOUND so it queries root servers directly rather than providing the usual suspects with browsing information. I also have a firewall rule blocking all DNS requests except from the PiHole, so if someone does try to manually assign a DNS server they wont get resolution. I am going to start using OpenWRT and so am interested in how ad blocking can be achieved. Thanks for putting time into these videos!
@OneMarcFifty2 жыл бұрын
Hi Stuart, many thanks for your feedback - querying the root servers is a great idea! Is that something that unbound does by design or does it need to be configured for that ?
@ramakrishnanagaraj7071 Жыл бұрын
Hi, Your video's are educational for me. I started to watch lot of your video's and learning about lot of tools I did not know before. Appreciate your help and support. In my setup I use pfsense with Pfblockerng .
@OneMarcFifty Жыл бұрын
Awesome - many thanks for your feedback.
@quicolillo193710 ай бұрын
Deine Videos sind so unglaublich gut erklärt und hilfreich! Tausend mal Danke!
@jdancouga2 жыл бұрын
PiHole with unbound running on a Pi Zero. Used it for ad blocking which works like a charm. Only regret was I should've done it sooner.
@OneMarcFifty2 жыл бұрын
Same here ;-)
@JesseBluePunk2 жыл бұрын
For my home network I use an old Windows 10 laptop running 24/7. Since I have no idea about Linux, I built my own DNS blocker on Windows 10. All my internet traffic now goes through Adguard Home, Unbound and dnscrypt-proxy (ODoH). It took me a while to build it because there are few instructions for Windows.
@OneMarcFifty2 жыл бұрын
Hi Sven, many thanks for the feedback.
@rachidyekini18982 жыл бұрын
Thanks Marc, great video as usual with easy way to understand. I have question: if we have a device connected to vpn, can we still direct its traffic to pihole or adguard?
@OneMarcFifty2 жыл бұрын
Yes, that is possible but it requires very thorough routing rules in order to prevent DNS leaking.
@PiotrK20222 жыл бұрын
@ OneMarcFifty Adguard/Pihole has DHCP function as well - you forgot to mention it. :)
@OneMarcFifty2 жыл бұрын
Yes, you are right. The initial script for this episode was much longer, initially I wanted to go through some settings of Adguard Home in the end but I found that 30 minutes would be more than enough ;-)
@somegeek71262 жыл бұрын
Very interesting video and very well explained, as always ! I will try to use another router as DHCP because my ISP router has no option for customizing the DNS. Looking forward to test this with my raspberry Pi 3.
@OneMarcFifty2 жыл бұрын
Perfect - let us know how it goes!
@idaanx2 жыл бұрын
I've set my DNS settings under Interfaces > WAN > Advanced > Use custom DNS servers. Also disabled the DNS by peers, to not use my ISP's DNS and setup a DNSCrypt container to resolve the queries encrypted.
@OneMarcFifty2 жыл бұрын
Many thanks for the feedback and sharing !
@yasaralzakout7691 Жыл бұрын
I just want to say thank you for the great work, your videos very helpful and easy to understand.
@subhobroto2 жыл бұрын
Going to start watching now, but Im thinking: It would be awesome if the DNS server/filter on the router could be configured via a rest API
@OneMarcFifty2 жыл бұрын
Oh - thats a very interesting aproach - what would you like to configure - I mean which type of interface or application would you like to hook into this ?
@subhobroto2 жыл бұрын
@@OneMarcFifty The most popular DNS service/server that can be configured via a rest API is PowerDNS - but Im unsure if it will run on a router. The next best option would be CoreDNS. So you use something like Ansible to manage the state/configuration of your DNS server using more "traditional devops" process than custom/adhoc process
@guido76962 жыл бұрын
Nice!, I do this differently, I can do this through a port forward and I can use the ! Sign aswell at src ip to whitelist the router and pihole ips in luci.
@OneMarcFifty2 жыл бұрын
Hi guido - yes that works as well. You would just need to make sure that your IP address doesn’t change. I personally prefer rules based on MAC addresses
@SultanAlharbii2 жыл бұрын
In the OpenWRT router is there any way to change where the DNS queries are stored from AdGuard Home (usb , another partion,....etc) , Great explanation as usual keep it up
@OneMarcFifty2 жыл бұрын
Unfortunately there is no way to set this in /etc/adguardhome.yaml as the feature does not exist yet: github.com/AdguardTeam/AdGuardHome/discussions/4467 - what you could do is create a symbolic link in /tmp/adguardhome/data to another location prior to starting the service in /etc/init.d/adguardhome...
@IMBlakeley2 жыл бұрын
I added a Pi-hole running on a Pi 4b a year+ ago, this has a Stubby instance running which the Pi uses and hence all my DNS is also via TLS, the Pi also is a PVR getting me programs from Iplayer via a script otherwise it would be overkill as a Pi-hole only. I have another Pi 4b running OpenWrt as my router. I block port 853 for everything but the Pi-hole, hijack all requests to port 53 to stop bypasses from mostly mobiles. I do the same for time so my router is also the NTP for the whole network.
@OneMarcFifty2 жыл бұрын
Hi, many thanks for the feedback and sharing!
@ernstoud2 жыл бұрын
I run Pi-hole in a docker Ubuntu WSL2 container on a separate Windows PC. Runs great.
@OneMarcFifty2 жыл бұрын
Oh wow - that's probably the first WSL2 comment here on this channel ;-) The Windows PC that you are running docker on - is it a workstation or server ? Is it always on - I mean, woul dit be used by others or is it just your own workstation ?
@familytamelo81409 ай бұрын
Thank you for this amazing episode! But I do not have "Custom Rules" tab on my installation of openWRT. Is this installed via an additional LuCi package?
@garypaulson52022 жыл бұрын
I am using pi-hole on a Raspberry Pi, in a docker container. The Ubiquity router is set up to pass the local address of RPi first, with Cloudflare 1.1.1.1 second. Found a thouruogh tutorial online si it didn't take very long to set up. It works quite well, the only problem is that the blacklists i use don't seem to stay real current. pi-hoie will reload them automatically once a week, but if they aren't being maintained stuff gets thru.
@OneMarcFifty2 жыл бұрын
Hi Gary, many thanks for the feedback. Yes - maintaining blacklists is a never-ending race ;-)
@garyprice4642 жыл бұрын
Hi great video as usual, can I use adguard home as well as adblock on my openwrt router? Also when are you going to start uploading your videos to odyssey?
@OneMarcFifty2 жыл бұрын
Hi Gary - I have not tested adblock and adguard home in parallel - but why would you want to do that ? I'd rather strive to have the lists integrated into one solution. W/r to odyssey - I probably won't use it - due the fact that it is blockchain based I could see issues if I wanted to edit or remove content. I am currently examining the possibility to provide Vimeo ad-free content to my Patrons.
@garyprice4642 жыл бұрын
@@OneMarcFifty Hi thanks for the reply adblock is working very well for me tbh but always nice to have other options Regards odysee I always think its better for creators to have back up options if youtube decides you have broken one of their 'rules'
@albertoleo95292 жыл бұрын
Great video as usual! Always a lot to learn from your interesting videos Thank you
@OneMarcFifty2 жыл бұрын
Thank you very much !
@lgrullon8542 жыл бұрын
awesome video, waiting on the Batman-Adv OpenWRT integration.
@OneMarcFifty2 жыл бұрын
Hi - yes -it's in the making - peae also see github.com/openwrt/luci/pull/5698 ;-)
@rus-fastnetph34283 ай бұрын
Thank you so much for an easy to follow tutorial. Just a question. If I want to use DOH for example, then I wouldn't put the localhost:5353 address on upstream DNS right? Thanks!
@jairunet2 жыл бұрын
Excellent one Marc, I am wondering if the Netgear WNDR4300 v2 with 120 MiB memory will be enough to run AdGuard on it, I have 68 MiB of memory free. I hope to catch up on your discord server soon. Thank you very much for all the great content!
@OneMarcFifty2 жыл бұрын
That should work - just watch out for the log file growth!
@jairunet2 жыл бұрын
@@OneMarcFifty Thank you!
@IpunkP2 жыл бұрын
great explanation as always, been a year using adguardhome running on raspbery pi openwrt, it filtering almost everything, except all requests from client using DoH. how to handle it?
@OneMarcFifty2 жыл бұрын
Many thanks for the feedback ! DoH is a nasty thing - I'll make a community post about this - might be worth an episode... kzbin.infocommunity
@slavakorenblit1180 Жыл бұрын
Appreciate the excellent tutorial! I attempted to install AdGuard on my device (and forwarded it to port 5383). However, the guest network is no longer functioning. Should I apply a firewall rule, and if so, which one would be appropriate?
@Anonymouzee Жыл бұрын
Marc... I have a question... when do I seek for quality content on this topics I always end up in one of your videos??? ?did you installed some tracking cookies in my browsers?? ?or redirected my port 53 TCP/UDP to your DNS servers?? ;-)
@OneMarcFifty Жыл бұрын
Yeah ;-) Actually you're not far from the truth - If you have watched one of my videos, then youtube is quite likely suggesting another one to you ;-) Thanks for the feedback ;-)
@davidbellamy43342 жыл бұрын
Currently I use Adblock under openwrt on a raspberry pi cm4 on a specialist router board.
@OneMarcFifty2 жыл бұрын
Many thanks for sharing David!
@ChubbaStun Жыл бұрын
I played with PiHole as well as AdGuard Home. AdGuard Home is better (supports DoH out-of-the-box) but the best is OpenWrt built-in Adblock package ;-).
@OneMarcFifty Жыл бұрын
I've heard that a couple of times now - need to check it out - thanks for sharing ;-)
@marcinalagor97822 жыл бұрын
Two years ago I've installed Pi-Hole on T620 quad core thin client with Ubuntu Server. It's running perfectly. Power consumption about 5-6W. The difference between Pi-Hole and AdGuard is a consumption of RAM. Pi-Hole with ubuntu server use about 14-15% from 4GB ( Domains on Adlist more 2.339.000), when I run AdGuard it use more 50% with less Domains on Adlist then Pi-Hole). I think the better solution in AdGUard is the blocking all stuff like KZbin, Instagram... with one click on menu. The Pi-Hole requaire to add a specify adress to block list.
@OneMarcFifty2 жыл бұрын
That's great feedback Marcin - many thanks for sharing!
@francocastilloAR2 жыл бұрын
You have to use lists designed for AdGuardHome.
@sukhdeepzz2 жыл бұрын
Using pfsense on HP-T620 with pfsense blocker . Though the thin client have only 1NIC i have converted an openwrt router into vlan managed switch . Now the router being used as both access point and managed switch.
@OneMarcFifty2 жыл бұрын
Nice solution - thanks for sharing ;-)
@skug9782 жыл бұрын
For me at home, I'm running an Archer C7 with OpenWRT with AdBlock package (not Adguard Home). Also I use uBlock Origin on my browsers (Firefox, Chromium, LibreWolf) and AOSP (no google services on my mobile). My aim is to block anyone, especially Big Tech (Google, others) from invading my privacy and profiling me. When I'm away from home, I have a 4G router which has limited configuration options and doesn't permit me to choose DNS provider, so similar to your solution - I turned off DHCP on the 4G router, and have a Raspberry Pi running Pi-Hole and providing the DHCP service instead. I like your tutorial, however one thing that it doesn't seem to cover (and I'd like to do something about it myself - but it seems very tricky): DNS over HTTPS (DoH) - Proprietary applications, the Chrome browser, devices like Amazon Echo - All these things can potentially use DoH to punch DNS requests out of your home network to their DNS servers because they hide the queries in the HTTPS traffic. I believe the solution involves proxying HTTPS and/or blacklisting DoH server addresses. On the other side of the coin, I quite like DNS over TLS (DoT) because it gives you the privacy benefits of your DNS requests being encrypted (i.e. from your Pi-Hole to your preferred DoT server) but it runs on specific 853 port, which means that you can easily control access to it with your firewall rules. (For instance, block all 853 port traffic, except to this one trusted DoT server.)
@OneMarcFifty2 жыл бұрын
You are totally spot on with your comment - many thanks ! A lot of comments here seem to point into the DoH direction - please also see my post here: kzbin.infocommunity
@oskar35142 жыл бұрын
I'm using a Pihole with your solution 1, using the OpenDNS, Quad9 and Cloudflare servers... Its a fine setup, and I get rid of the adds
@OneMarcFifty2 жыл бұрын
I've had a look at the Quad9 offering - it looks quite solid - many thanks for the feedback !
@igormoeller Жыл бұрын
I run PiHole in container on one of my NAS'. 2x WRT19000 routers with fast roam and af couce OpenWRT. Netgear managed switch to beef it up (link aggregation)
@OneMarcFifty Жыл бұрын
Awesome, thanks for sharing !
@yungclowns2 жыл бұрын
It's pretty easy to set up a blacklist with openwrt 22.03-rcx or newer. Ships with dnsmasq 2.86 which improves blacklist performance. Put a blacklist in /tmp/dnsmasq.d and you're good to go. I setup a cron job to update the blacklist from oisd daily and restart dnsmasq. You need 10MB of space and a decent amount of memory, but it's working well on my modest router with the full list.
@OneMarcFifty2 жыл бұрын
Hi, many thanks for that info - I didn't know that !
@danielpinto9307 Жыл бұрын
Hi Marc, Amazing video, thank you, I'm currently using solution 3, is there any way to know which device made the request in AdGuard? It identifies as my router made the request. Also, it's possible to still access hostname of the main router? Thank you
@OneMarcFifty Жыл бұрын
Hi Daniel, unfortunately no - as we are rewriting the packets (or rather masquerading / DNATting) - there is no way to know that.
@claudiopgjr Жыл бұрын
Hi Marc, thank you for sharing your knowledge. I still need to understand a simple solution for DNS. How can I configure OpenWrt (via Luci or CLI) to use a specific DNS? In my case, I'm looking to use the OpenDNS. I hope you can help me.
@Mike28081991 Жыл бұрын
He described the different methods explicitly for openwrt in solution 1 (8:42 over DHCP) and solution 2 (15:46 DNS Forward).
@jyvben15202 жыл бұрын
just installed pi-hole via dietpi (which runs on many different sbc ,not only raspberry pi) , can run a webserver so you manage/view the pi-hole remotely (after setup) to manage you need password ...
@OneMarcFifty2 жыл бұрын
Hi, many thanks for the comment! Believe it or not - I didn't know dietpi ;-( I'll have a look at that !!!
@u2ramess6662 жыл бұрын
I have and OpenWrt router setup as the main internet router. On it I have DHCP setup for 4 vlans. I use a PiHole configured to be accessible in all vlans through adding the vlans to the configuration of the PiHole, servicing those vlans with blocking from 1 device. My setup works as I have it currently configured. My main OpenWrt router is an old Cisco EA3500 which I am only using as a wired router and which connects another OpenWrt router (configured as AP) and a Mesh pair of Asus routers (Stock Firmware and configured as AP) The vlans are mostly over the 2 OpenWrt routers, with the Asus routers being in their own vlan. I'm wanting to upgrade the whole mess at some point to be a Mikrotik hEX POE gigabit router and 2 cAP XL ac (Access Points) configured with vlans. Can't get either currently due to the chip shortages
@OneMarcFifty2 жыл бұрын
Many thanks for sharing - and yes - the chip shortage is a curse....
@jonathanpayne99562 жыл бұрын
Mark! I say mark! been waiting, holding my breath, for the video you announced on vlan over lan as opposed to wifi! is it coming? ehh? i have turned blue and will shortly have to start breathing again! well at least i can now add add guard to my setup while i wait!
@OneMarcFifty2 жыл бұрын
Please keep breathing 😂 - the batman-adv video just takes a bit of time because I had to write the user interface which is currently in the testing phase - please see my community postings on that ;-)
@rperanen2 жыл бұрын
@@OneMarcFifty thank you for making extra effort with the luci interface. I am tweaking the batman configuration myself with the config files. Luci with your changes included is definitely more user friendly
@OneMarcFifty2 жыл бұрын
Hey Jonathan - hope you had started breathing in between - - your video is life kzbin.info/www/bejne/qmWkYZ6cnJeiotE
@cort3 ай бұрын
@OneMarcFifty Thanks for a great video however I think something is missing. I did VLANs like in your other video and it is working great for a few months now but today I installed and configured AdGuardHome and suddenly I have no internet. At first I could access internet only from my main VLAN but connecting via WiFi had no access to internet (it connects and had IP but no internet). Now I have no internet whatsoever even on my Main VLAN though I changed very little on ADH so it could be some other things. I can however ping IPs on internet so clearly it has something to do with DNS Question: having VLAN and installing ADH (and changing dnsmasq to 5353) should I also add some firewall rules or change anything else?
@cam0ke2 жыл бұрын
i have no idea how i got here, but thank you algorithm
@OneMarcFifty2 жыл бұрын
Glad you like it ;-)
@jeronimo30542 жыл бұрын
Hi OneMarcFifty. First of all, crangratulations for yout content! I watched all of your videos and now i have more knowledges about tecnology! I would like to ask you about one important thing about my net: Here I have basicly 2 wi-fi networks, the main one and the guest one, with diferent IP addresses. Well, I would like to use the pihole to filter DNS ads on both of them, but I am not shure how to do that because I have 2 differents networks trying to use it. Could you help me? I'm looking forward to the next videos, especially for B.A.T.M.A.N. ! Thank you
@OneMarcFifty2 жыл бұрын
Either you allow DNS traffic from both networks to the DNS filter on the firewall or tou use solution 3
@jeronimo30542 жыл бұрын
@@OneMarcFifty I tryed to use the last solution with the iptables comands, but after that problem, i just created some "virtual ethernet devices" on raspberry and i put each one in a different vlan and then now my dhcp send to the clients the ip of the dns server for each vlan. It works, but i would like to redirect through the main router...
@jeronimo30542 жыл бұрын
@@OneMarcFifty I forgot to say that I use VLANs running in the same infrastructure without physical separation
@papelaminemane25752 жыл бұрын
Thanks for your video. I plan to use openwrt x86 on a powerful firewall with 8 ports. I would add adguardhome. My concern is how to configure the remaining 7 ports as a switch. eth0 will be wan and eth1 to eth7 will have the same ip.
@OneMarcFifty2 жыл бұрын
Have you checked my OpenWrt playlist ? kzbin.info/aero/PLZXNpqQDHIJrgzaR7h1V1AT4bdaNjS0zZ
@kspau132 жыл бұрын
I have used your method and many other configuration with adguard/pihole. The strange issues with openwrt is when you move dnsmasq off 53 to another port then openwrt itself cannot resolve anything DNS. This in itself solves openwrt flooding adguard or pihile with PTR requests. When you add a dns server of the lan interface into dnsmasq under init.d, this then populates your lan ip int /tmp/resolve.conf restoring openwrt to being able to resolve DNS, but as mentioned starts flooding adguard/pihole with PTR requests. I am convinced this is a bug in openwrt.
@OneMarcFifty2 жыл бұрын
This is by design and discussed here forum.openwrt.org/t/solved-luci-floods-dnsmasq-log-with-ptr-queries/89073 Please close any open LuCI pages and see if the problem persists
@kspau132 жыл бұрын
@@OneMarcFifty I have resolved through manually editing conf/yaml files and bindings, my suggestion of being a bug is not accurate, it's more a shortfall in the implementation of LuCI. In my instance I also had to change manually an Adguard script as I settled on adguard over pi-hole in the end. I found it more favorable if you aren't attached to a more robust logging history. Thanks for your reply, your videos have been handy in shortening my investigation into implementing my new router/network with openwrt.
@n0sl1w2 жыл бұрын
Not really using any blocking but i use dns over tls in pfsense and if i were to filter i would just change to 1.1.1.2 for malware protection from cloudflare which surely would do a better job than me.
@OneMarcFifty2 жыл бұрын
Many thanks for the feedback, Bruce !
@mouhssinemhe41942 жыл бұрын
Hi, would you please make a video for the enforcement after the custom rules tab vanished. Thank you
@OneMarcFifty2 жыл бұрын
Good point. Need to think that over.
@user-sg5ri4st5m2 жыл бұрын
@@OneMarcFiftythank you for you informative videos. with nftables, I would like to filter the djs traffic too. But it is new to me. Any insight ?
@mouhssinemhe4194 Жыл бұрын
@@OneMarcFifty hello, any update or workaround to achieve the enforcement solution 3
@OneMarcFifty Жыл бұрын
You can actually use the port forwarding (DNAT) tab for that. Do a port forwarding for port 53 on the network that you want to filter to your adguard/pihole
@kingnull269724 күн бұрын
Thank you, that was an awesome, very comprehensive
@yakumark2 жыл бұрын
been waiting for this video. thank you!
@OneMarcFifty2 жыл бұрын
Perfect - glad you like it ;-)
@ramosel2 жыл бұрын
Or, if you ARE using pfSense, you run pfBlockerNG. A VERY powerful DNS filter and DNSBL utility that runs ON the router integrated with Unbound. (in response to your Call For Action)
@OneMarcFifty2 жыл бұрын
Hi - many thanks for the feedback - yes, pfBlockerNG has come up a couple of times in the comments. Need to have a look at it :-)
@FigmentalMonkey2 жыл бұрын
I'm currently running Pi-Hole on a RPi3 which is acting as both DHCP and a recursive DNS server via Unbound. Ads be damned, and with Wireguard on my phone the blocking even extends outside of my home network.
@OneMarcFifty2 жыл бұрын
Awesome- thanks for the feedback !
@kekesed972 жыл бұрын
I previously ran adguardhome on docker on a nas before I replaced my router. So after I replaced to openwrt based router I would go to a proven solution, adguardhome. But I can't get it running correctly, and the tutorial on openwrt forum is kinda confusing. Luckily someone who compiled openwrt for my device also included adblock and DoH. Setting it isn't much hassle. And have the same user experience as adguardhome.
@OneMarcFifty2 жыл бұрын
Many thanks for the feedback Arief!
@nehajain2974 Жыл бұрын
Thanks alot for the video. Can we do MAC address filtering with adguardhome. I am using adguardhome for dhcp and want to block all devices which are not added in dhcp static lease
@OneMarcFifty Жыл бұрын
This should be done on the router’s dhcp settings, not in Adguard
@nehajain2974 Жыл бұрын
@@OneMarcFifty ok... thank you so much for the reply...
@CezarySiw2 жыл бұрын
There are also public AdGuard DNS servers that can be used. Of course, it will be slower than the private ones. BTW, do you know an easy way of switching IP/DNS used by clients? Sometimes you just want to see the ads ...
@OneMarcFifty2 жыл бұрын
Hi Cezary, many thanks for the feedback! Well, you could either change the network settings on the client, you could use privacy badger on the client and switch it off or - you could have two different Wi-fi networks. One being filtered and the other one being unfiltered
@francocastilloAR2 жыл бұрын
With OpenWrt you can assign each device a different DNS IP in case you want ads on a certain device.
@pcislocked2 жыл бұрын
i use adaway on my phone(rooted ofc). that's all. ublock serves me pretty well on pc.
@OneMarcFifty2 жыл бұрын
Great feedback, many thanks !
@A7med0912 жыл бұрын
Thanks for this amazing video,, I'm playing fifa 22 in Ps5 ,, can u help me how to have a better condition when I'm playing!?
@OneMarcFifty2 жыл бұрын
Sorry - I don't think that I can do that ;-)
@keksmilch22452 жыл бұрын
hello Marc, how can I run AdguardHome unbound on a openwrt pls help.
@OneMarcFifty2 жыл бұрын
For Adguard follow the video. For unbound please see this article openwrt.org/docs/guide-user/services/dns/unbound
@jerome-9732 Жыл бұрын
@@OneMarcFifty Thank you for the video and the link. But for me it’s not easy to understand and they don’t use Ad Guard. A new video explaining the configuration of Unbound would be great 😉
@VK5ZSH Жыл бұрын
@OneMarcFifty Hi I have been following along with some your howto's, but for this one when I install the iptables-mod-extra, I don't get any custom tab in 23.05.2, have you come across this issue and how did you fix it?
@Millilitree Жыл бұрын
Its possible to use !IP_TO_ADGUARDHOME for source IP address in firewall setting to prevent adguard-home to loop back
@OneMarcFifty Жыл бұрын
Hi, I didn't know that - thanks for sharing
@acehoodman7 ай бұрын
OpenWrt 23.05.3 doesn't have the custom rules tab anymore! I think you need an updated video for current OpenWRT (23.05.x).
@gppproton2 жыл бұрын
Just all the information i need, thank
@OneMarcFifty2 жыл бұрын
Thank you very much!
@elec1 Жыл бұрын
Hey marc, thank you for that video, but i think i do something wrong, because all my clients now are using adguard home but the router itself is not able to resolve any adress. The resolv.conf has 127.0.0.1 in it. When i rewrite that to the lan ip adress of the openwrt(with adguard) [192.168.1.1] it will work. But the resolv.conf gets rewritten every now and then. I try to fix this for 2 days now. 😮💨
@don_dolarson Жыл бұрын
I'm too facing the very same problem. Router itself isn't able to connect to internet. My resolv.conf has ::1 in addition to it and a "search lan" term at the very top. Adding "nameserver 9.9.9.9" or any other DNS server solve it for a moment or the next restart of network service but then it got flushed back to search lan, 127.0.0.1 and ::1.
@OneMarcFifty Жыл бұрын
You really need to move dnsmasq to a different port (other than 53) and have ADGUARD listen on port 53, therefore the router and other clients should listen on adguard.
@22CabbageDotCom Жыл бұрын
@@OneMarcFifty Marc, I'm a bit confused about this reply. Is this a typo? Should this be "dnsmasq to a different port (other than 53) and have AdGuard listen on port 53" instead of "dnsmasq to a different port (other than 53) and have DNSMASQ listen on port 53"?
@OneMarcFifty Жыл бұрын
Doh! Thanks for the reply! Yes - ADGUARD on port 53, DNSMASQ on other port ;-)
@ksitigarbhayaeo31412 жыл бұрын
marc based on your solution of units is to complicated, here already used one unit to service those combination esxi/pve + pfsense/opnsense + ros + openwrt and running very well
@OneMarcFifty2 жыл бұрын
Thanks for the feedback
@anonymousview11277 ай бұрын
In option 4 why not keeping adguard home as downstream dns and dnsmasq as upstream dns? I also see there's a dns filter module for openwrt, could that conflict with adguard home?
@EdmundoBarrientos Жыл бұрын
I can't see "Custom Rules" tab on Firewall settings. What am I missing here ?
@vancedyap2 жыл бұрын
Hi, I'm trying to follow the enforcement step but after upgrading to openwrt 22.03, custom rules tab no longer available even after installing the iptables extra. Will you be releasing an updated guide? Ty.
@OneMarcFifty2 жыл бұрын
Hi Vance, there are a coupe of videos that need updating really ;-) W/r to the custom rules you can also use DNAT (in the port forwarding section) for that
@vancedyap2 жыл бұрын
@@OneMarcFifty ty. Looking forward to an updated guide/s. Your videos help me a lot as it is easy to follow and understand for a beginner in networking like me
@robertspencer35532 жыл бұрын
Good job Marc. Thank You !!!
@OneMarcFifty2 жыл бұрын
Many thanks Robert!
@pcislocked2 жыл бұрын
can pihole or adguard use dns over https? if so, then you can block pihole servers' udp53 as well, to prevent dns leakage from that server as well.
@OneMarcFifty2 жыл бұрын
They both can. You could even use dns over https with dnsmasq on your router if you wanted to completely close the chain. There is a software package called http-dns-proxy here: openwrt.org/docs/guide-user/services/dns/doh_dnsmasq_https-dns-proxy
@pikkons Жыл бұрын
updated guide on installing adguard on openwrt would be nice!
@OneMarcFifty Жыл бұрын
Hi, this is currently not on my road map - but I'll think it over.
@k.u.b.o67972 жыл бұрын
Great video! Can you show me config use arp spoofing redirect DNS? Thank you!
@OneMarcFifty2 жыл бұрын
Hi, you may want to watch the latest video about arp spoofing on my channel : kzbin.info/www/bejne/moDYoZVtrcubZsU
@greencrunchy2 жыл бұрын
I'm using the adblock package from openwrt. Is the adguard home any better?
@OneMarcFifty2 жыл бұрын
I did not have a detailed look at adblock. I think adguard home is a bit feature-richer but adblock has an integrated LuCI interface (which AdGuard does not)
@qcsupport25942 жыл бұрын
@@OneMarcFifty Indeed, adblock's luci interface has a simple checkbox for "Force local DNS" which automatically takes care of the firewall settings needed to redirect (aka: hijack) all DNS requests on the LAN. (There are sub-fields for zones and ports, but defaults work for me.) This alone would make it my first recommendation for most people, with the proviso to check the memory usage (via status->overview->memory->used) and trim the block list selection accordingly.
@whitelightning5661 Жыл бұрын
I have a Belkin 3200, with openwrt, and Wireshark with vpn. Will adding Adguard home package on it slow down my internet speed?
@OneMarcFifty Жыл бұрын
It will slow things down for some things as it needs to do an additional hop. It will however speed up a lot of pages as you won't get ads any more. My personal experience is that the "felt" speed is the same, but without the ads.
@huanly92342 жыл бұрын
i used pihole for a while, but it can't block youtube ads, so i am trying adblock on openwrt in hope it could help. Do i need to delete the route on dnmasq like you did with adguard home? Would Iptable command on your description help with youtube ads? I followed your tutorial on Belkin RT3200, I can't find The Firewall > Custom Rules after flashing Belkin RT3200 to openwrt snapshot. Am I missing something?
@OneMarcFifty2 жыл бұрын
Hey, you shouldn't block KZbin ads - YT creators need the income ;-) Just kidding - it would help with the overlay ads (i.e. the ones that pop up) but not the embedded video ads.
@tonydo29 Жыл бұрын
How can I block access from certain domain with certain MAC address client by openwrt version 21?
@wojciech.z.opinia9 ай бұрын
Hi Marc, I've Xiaomi AX3600 with recent snapshot build + luci. I've installed Adguard Home following your tutorial exactly. It was working fine until device reboot. After that I'm able to login to luci and adguard interface, but there is no outside internet connection. I found few similar threads, so I tried to: 1. change ntp servers to their ip addresses (and reboot) 2. disable dnsmasq (and reboot) None of that helps. Do you have any idea what might be wrong? I don't know if this is relevant, but I have additional network interface for guest network, also configured using your video help ;)