YunoHost-Apps/adguardhome_ynh
1
0
Fork 0
mirror of https://github.com/YunoHost-Apps/adguardhome_ynh.git synced 2024-09-03 18:06:23 +02:00
Code Issues Activity Actions
adguardhome_ynh/doc/ADMIN.md
OniriCorpe 8734f31e98 add docs
2023-12-27 06:01:21 +01:00

44 lines
2.1 KiB
Markdown
Raw Blame History

# Admin notebook of YunoHost's AdGuard Home
You want to be sure to understand the config settings? You're at the right place! ^w^
## Expose port 53 to the Internet?
This setting is **disabled** by default.
You need to know that anyone who knows your server's IP can make a DNS request to it. It may be used to perform [amplification attacks](https://en.wikipedia.org/wiki/Denial-of-service_attack#Amplification)!
To use AdGuard Home in your domestic network, you don't need to activate this.
You simply have to use your local IP adress (like `192.168.0.1` or so) as DNS IP for your IT hardware at home
Warning: you should not have public IPs of the config file if the port 53 is not exposed on Internet (else: AGH crashes)
You can remove them in your config file `/var/www/adguardhome/AdGuardHome.yaml` in the `dns: bind_hosts:` section
Any IP that doesn't start with the folowing are public ones:
- `10.`
- `169.`
- `172.`
- `192.168.`
- `fdxx:` (where the `x` can be any hexadecimal character)
- `fe80:`
So, any other IP should be a public one.
Restart AdGuard Home after applying the needed edits:
`yunohost service restart adguardhome`
## Enable DNS over HTTP and DNS over QUIC?
This setting is **disabled** by default.
You need to know that anyone who knows your AdGuard Home domain-name can make a DNS request to it. It may be used to perform [amplification attacks](https://en.wikipedia.org/wiki/Denial-of-service_attack#Amplification)!
It's really important to use the configuration panel to deactivate this setting, and **NOT** the built-in setting in the AdGuardHome interface.
This is because YunoHost needs to perform actions such as automatically opening or closing the server's ports, which cannot be done without going through the configuration panel.
If you host your machine at home, for using DoH or DoQ, you have to open the following ports on your router:
- `853` in TCP & UDP (for DNS over HTTP)
- `784` in UDP (for DNS over QUIC)
Then you can use `https://adguard.example.com/dns-query` (where `adguard.example.com` is the domain-name associated to your AdGuard Home) as a DoH or DoQ DNS server for your devices. ^w^
Reference in a new issue View git blame Copy permalink