Warnaud's Wiki

User Tools

Site Tools

You are here: start » software » service » adguardhome
software:service:adguardhome

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
software:service:adguardhome [2026/01/30 10:56] – [Upstream DNS] warnaudsoftware:service:adguardhome [2026/02/19 08:34] (current) – [debug/troubleshoot] warnaud
Line 106: Line 106:
 Improve cache & speed :FIXME Improve cache & speed :FIXME
 ===== Upstream DNS ===== ===== Upstream DNS =====
 +==== 2 files ====
 +
 <code bash> <code bash>
-vi /opt/AdGuardHome/conf/upstream-dns.txt  +vi /opt/AdGuardHome/conf/upstream-dns.txt</code>
-systemctl restart AdGuardHome</code>+
 <code perl> <code perl>
 #UncensoredDNS #UncensoredDNS
-91.239.100.100 +#quic://unicast.uncensoreddns.org 
-89.233.43.71+#quic://anycast.uncensoreddns.org
 #DNS.WATCH #DNS.WATCH
 #84.200.69.80 #84.200.69.80
Line 122: Line 123:
 #80.80.80.80 #80.80.80.80
 #80.80.81.81 #80.80.81.81
 +#Quad9
 +#9.9.9.9
 +#149.112.112.112
 +# Quad9 Unfiltered (No blocking, just resolution)
 +tls://dns10.quad9.net
 +https://dns10.quad9.net/dns-query
 +9.9.9.10
 +149.112.112.10
 +</code>
 +<code bash>vi /opt/AdGuardHome/AdGuardHome.yaml</code>
 +<code perl>
 +...
 +dns:
 +  # Listen on all interfaces, port 53
 +  bind_hosts:
 +    - 0.0.0.0
 +    - ::0
 +  port: 53
 +...  
 +  # Path to upstream DNS file
 +  upstream_dns_file: /opt/AdGuardHome/conf/upstream-dns.txt
 +...  
 +  # Bootstrap DNS (required for hostname-based upstreams like dns.quad9.net)
 +  bootstrap_dns:
 +    - 1.1.1.1
 +    - 8.8.8.8
 +    - 208.67.222.222
 +...  
 +  # Enable DNSSEC validation (Quad9 supports it)
 +  enable_dnssec: true
 +</code>
 +==== One file (AdGuardHome.yaml) ====
 +Optimized for Rapberry Pi/BeagleBoneBlack
 +<code perl>
 +dns:
 +  bind_hosts:
 +    - 0.0.0.0
 +  port: 53
 +  
 +  # UPSTREAMS : 100% chiffrés + diversifiés
 +  upstream_dns:
 +    - tls://dns11.quad9.net           # DoT Quad9 ECS (Suisse)
 +    - tls://dns.quad9.net             # DoT Quad9 standard (Suisse)
 +    - tls://unicast.uncensoreddns.org # DoT UncensoredDNS (Danemark)
 +    - tls://dns.digitale-gesellschaft.ch  # DoT Suisse privacy[204]
 +  
 +  upstream_dns_file: ""  # Ignore fichier
 +  upstream_mode: parallel_requests  # Ignore 1 down
 +  upstream_timeout: 5s
 +  
 +  # BOOTSTRAP : IPs uniquement (zéro dépendance hostname)
 +  bootstrap_dns:
 +    - 9.9.9.10        # Quad9 unfiltered IPv4
 +    - 149.112.112.10  # Quad9 unfiltered IPv4
 +    - 2620:fe::10     # Quad9 unfiltered IPv6
 +  
 +  # SÉCURITÉ ABSOLUE
 +  enable_dnssec: true              # Anti-poisoning
 +  refuse_any: true                 # Rejette ANY queries (attaques)
 +  cache_enabled: true
 +  cache_size: 4194304              # 4MiB OK Pi2/BBB
 +  
 +  # ANTI-MITM
 +  bogus_nxdomain:
 +    - 'version.bind'
 +    - 'id.server'
 +    - 'hostname.bind'
 +  
 +  # CLIENTS
 +  anonymize_client_ip: true        # Privacy locale
 +  ratelimit: 20
 +  
 +  # AVANTAGES SÉCURITÉ
 +  max_goroutines: 100              # Pi2/BBB friendly
 +</code>
 +<code bash>
 +sudo systemctl daemon-reload
 +sudo systemctl restart AdGuardHome
 +sudo systemctl status AdGuardHome
 +</code>
 +===== debug/troubleshoot =====
 +<code bash>
 +cd /opt/AdGuardHome/
 +./AdGuardHome -c /opt/AdGuardHome/AdGuardHome.yaml --check-config
 </code> </code>
software/service/adguardhome.1769766960.txt.gz · Last modified: by warnaud