Warnaud's Wiki

User Tools

Site Tools

You are here: start » software » service » adguardhome
software:service:adguardhome

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
software:service:adguardhome [2026/01/30 09:11] warnaudsoftware:service:adguardhome [2026/02/19 08:34] (current) – [debug/troubleshoot] warnaud
Line 106: Line 106:
 Improve cache & speed :FIXME Improve cache & speed :FIXME
 ===== Upstream DNS ===== ===== Upstream DNS =====
 +==== 2 files ====
 +
 <code bash> <code bash>
-vi /opt/AdGuardHome/conf/upstream-dns.txt  +vi /opt/AdGuardHome/conf/upstream-dns.txt</code>
-systemctl restart AdGuardHome</code>+
 <code perl> <code perl>
 +#UncensoredDNS
 +#quic://unicast.uncensoreddns.org
 +#quic://anycast.uncensoreddns.org
 #DNS.WATCH #DNS.WATCH
-84.200.69.80 +#84.200.69.80 
-84.200.70.40+#84.200.70.40
 #OpenDNS #OpenDNS
 #208.67.222.222 #208.67.222.222
-#208.67.220.220</code>+#208.67.220.220 
 +# Freenom world 
 +#80.80.80.80 
 +#80.80.81.81 
 +#Quad9 
 +#9.9.9.9 
 +#149.112.112.112 
 +# Quad9 Unfiltered (No blocking, just resolution) 
 +tls://dns10.quad9.net 
 +https://dns10.quad9.net/dns-query 
 +9.9.9.10 
 +149.112.112.10 
 +</code> 
 +<code bash>vi /opt/AdGuardHome/AdGuardHome.yaml</code> 
 +<code perl> 
 +... 
 +dns: 
 +  # Listen on all interfaces, port 53 
 +  bind_hosts: 
 +    - 0.0.0.0 
 +    - ::0 
 +  port: 53 
 +...   
 +  # Path to upstream DNS file 
 +  upstream_dns_file: /opt/AdGuardHome/conf/upstream-dns.txt 
 +...   
 +  # Bootstrap DNS (required for hostname-based upstreams like dns.quad9.net) 
 +  bootstrap_dns: 
 +    - 1.1.1.1 
 +    - 8.8.8.8 
 +    - 208.67.222.222 
 +...   
 +  # Enable DNSSEC validation (Quad9 supports it) 
 +  enable_dnssec: true 
 +</code> 
 +==== One file (AdGuardHome.yaml) ==== 
 +Optimized for Rapberry Pi/BeagleBoneBlack 
 +<code perl> 
 +dns: 
 +  bind_hosts: 
 +    - 0.0.0.0 
 +  port: 53 
 +   
 +  # UPSTREAMS : 100% chiffrés + diversifiés 
 +  upstream_dns: 
 +    - tls://dns11.quad9.net           # DoT Quad9 ECS (Suisse) 
 +    - tls://dns.quad9.net             # DoT Quad9 standard (Suisse) 
 +    - tls://unicast.uncensoreddns.org # DoT UncensoredDNS (Danemark) 
 +    - tls://dns.digitale-gesellschaft.ch  # DoT Suisse privacy[204] 
 +   
 +  upstream_dns_file: ""  # Ignore fichier 
 +  upstream_mode: parallel_requests  # Ignore 1 down 
 +  upstream_timeout: 5s 
 +   
 +  # BOOTSTRAP : IPs uniquement (zéro dépendance hostname) 
 +  bootstrap_dns: 
 +    - 9.9.9.10        # Quad9 unfiltered IPv4 
 +    - 149.112.112.10  # Quad9 unfiltered IPv4 
 +    - 2620:fe::10     # Quad9 unfiltered IPv6 
 +   
 +  # SÉCURITÉ ABSOLUE 
 +  enable_dnssec: true              # Anti-poisoning 
 +  refuse_any: true                 # Rejette ANY queries (attaques) 
 +  cache_enabled: true 
 +  cache_size: 4194304              # 4MiB OK Pi2/BBB 
 +   
 +  # ANTI-MITM 
 +  bogus_nxdomain: 
 +    - 'version.bind' 
 +    - 'id.server' 
 +    - 'hostname.bind' 
 +   
 +  # CLIENTS 
 +  anonymize_client_ip: true        # Privacy locale 
 +  ratelimit: 20 
 +   
 +  # AVANTAGES SÉCURITÉ 
 +  max_goroutines: 100              # Pi2/BBB friendly 
 +</code> 
 +<code bash> 
 +sudo systemctl daemon-reload 
 +sudo systemctl restart AdGuardHome 
 +sudo systemctl status AdGuardHome 
 +</code> 
 +===== debug/troubleshoot ===== 
 +<code bash> 
 +cd /opt/AdGuardHome/ 
 +./AdGuardHome -c /opt/AdGuardHome/AdGuardHome.yaml --check-config 
 +</code>
software/service/adguardhome.1769760685.txt.gz · Last modified: by warnaud