

喵二の小博客 xLog 分站

OpenWrt AdGuard Home Quick Experience Setup


AdGuard Home is a free and open-source, powerful DNS server for blocking ads and tracking across the entire network. In domestic environments, it can be used with plugins to achieve anti-pollution and DNS-level ad blocking. It is recommended to use it with oc, and do not use redirect mode in CatWrt; other firmware has not been tested, and this redirect may only last a few days before it becomes ineffective.

This article will be relatively simple and easy to understand, allowing you to quickly get started with the powerful AdGuard Home plugin.

Recommended blogs:


If your CatWrt does not have the AdGuard Home plugin installed, you can obtain the current CatWrt software source list through Cattools - Application Software Source (apply_repo), and then install it directly after obtaining it.


opkg install luci-app-adguardhome


In the early system CatWrt v23.8, the executable file path in the plugin is /usr/bin/AdGuardHome/AdGuardHome, while previous versions were /usr/bin/AdGuardHome, which may lead to an unpleasant experience. Please modify it accordingly.

It is not recommended to set a log size that is too large; 1-2 days is sufficient. If the system resets in OpenWrt, it is likely due to the log being too large.


After v23.8, it is normal. Update the kernel version, enable Restart after the network is ready on boot, then Enable and wait for the application to succeed in the background. Click to enter ADG initialization.

  • Step 1/5 Start Configuration

Listening Interface All Interfaces Port 3000
DNS Server All Interfaces Port 5335

  • Step 2/5 Next

Username Custom /
Password Custom /
Confirm Password Custom

  • Step 3/5 Next
  • Step 4/5 Next
  • Step 5/5 Open Dashboard

DNS Settings#

Upstream DNS Servers#


Here, it is recommended to register and log in to for decent speed, and the free quota is sufficient for normal use. After registration and login, you will receive your own dedicated DNS connection, just replace .

The blogger here uses DoH to achieve good speed; it is not necessary to use DoT. The best option is what suits your network environment.

The reason for not using domestic DNS is that it may pollute the entire DNS pool. As mentioned, it is either nationwide or outside the country; if it's within the country, there is no need to mess with AdGuard Home.

  • Parallel Requests

Bootstrap DNS Servers#
  • Apply

DNS Service Configuration#

Speed Limit 0

  • Enable EDNS Client Subnet

  • Enable DNSSEC

Intercept Mode Custom IP

Intercept IPv4 Intercept IPv6 ::1

  • Apply

DNS Cache Configuration#

Cache Size Depends on the machine's memory size; I chose 64M, which is 64000000 bytes Calculator

Override Minimum TTL Value 3600

Override Maximum TTL Value 86400

  • Apply

General Settings#

Log Configuration#

Query Log Retention Time Depends on the machine's memory size; I chose 7 days. If your storage space is too small and there are too many devices, please reduce the log storage time.

Ignored Domains Generally, this is mainly for domains with excessive requests, ignored to reduce storage pressure.
  • Apply

Statistics Configuration#

Statistics Retention Depends on the machine's memory size; I chose 7 days. This seems not to occupy too much storage space.

DNS Blacklist#

You can choose from several lists available online or provided by the official sources. Here, I mainly focus on cache acceleration, blocking trackers, and anti-pollution. I have written a custom rule that is suitable for most users and offers the best stability.

You can add a custom list by simply selecting a usable link. To avoid connectivity issues for some users, please select multiple links.

You can also choose from the recommended rules in the official list, but it is not recommended as there may be false positives. If you need to use them, consider having someone monitor and handle network issues.

Encryption Settings#

You need to have a public IP (IPv4/v6) and ensure that the port is accessible. The encryption settings here allow you to use your AdGuard Home DNS on the external internet.

If there is no requirement to use AdGuard Home externally, you can skip this step!

  • Enable Encryption (HTTPS, DNS-over-HTTPS, DNS-over-TLS)

Server Name is your domain; set up dynamic domain name resolution DDNS here.

  • HTTPS Automatic Redirection

HTTPS Port Custom is the port for external access; this is related to the DoH port and H3 port, so please avoid 443!

DNS-over-TLS Port and DNS-over-QUIC Port should remain 853.

The certificate does not need much explanation; you can upload your certificate files via sftp or scp and fill in the absolute directory, or directly copy the certificate content.

The pem file is the public key certificate, which is needed to ensure the certificate chain is valid; the key file is the private key certificate, which is needed to ensure the RSA private key is valid.

  • Apply

Then go to OpenWrt Network - Firewall - Communication Rules - Open Router Ports to allow the ports you set, such as the WeiUI listening interface, DNS server port, HTTPS port, DoQ & DoT ports.

The WebUI listening interface is TCP; the others can use TCP+UDP.

  • Save and Apply


The interaction plugin oc-Meta overwrites settings to add the NameServer server address, which should be filled with your internal network address, and the server port is 5335, server type UDP.

Of course, you can use a domain name here, but you need to modify the hosts file of the system and plugins; otherwise, if the IP address changes, the network will have issues. This will not be demonstrated here.

You can also set Default-NameServer to TLS.

It is not recommended to enable redirection for other plugins, as it may crash. Using it alone without interaction with other plugins may still work.

Want to interact with your phone? You can try using software that can modify DNS, such as Surfboard on Android and the oc-Meta kernel.

Resolving IPv6 Lag and Proxy#

Add the following domains to DNS Rewrite: A A
* A
* A

This article is synchronized and updated by Mix Space to xLog. The original link is



Ownership of this post data is guaranteed by blockchain and smart contracts to the creator alone.