![[M]iku[M]iku[W]in](https://mikumiku.win/wp-content/uploads/2025/07/1752843552-LOGO_No_BG.png){kind=logo}
背景介绍
双设备双Adguard(主路由服务 + 旁路由服务):磊科N60 Pro(刷Immortalwrt)+ 斐讯N1(刷istoreOS)
单设备双Adguard(旁路由容器 + 宿主机服务):红米AX3000T(官方)+ 斐讯N1(刷istoreOS)
下面以单设备为例:
AdgH部署
若曾在本地安装过AdguardHome服务,请先确保以下目录/文件已删除(仅针对本地服务部署):
#文件夹
/usr/share/AdGuardHome/
/usr/bin/AdGuardHome/
#文件
/etc/config/AdguardHome
/tmp/AdguardHome.log
/tmp/AdguardHome_update.logDocker部署
官方给出的命令行如下,端口解释自行查阅官方Wiki
docker run --name adguardhome\
--restart unless-stopped\
-v /my/own/workdir:/opt/adguardhome/work\
-v /my/own/confdir:/opt/adguardhome/conf\
-p 53:53/tcp -p 53:53/udp\
-p 67:67/udp -p 68:68/udp\
-p 80:80/tcp -p 443:443/tcp -p 443:443/udp -p 3000:3000/tcp\
-p 853:853/tcp\
-p 853:853/udp\
-p 5443:5443/tcp -p 5443:5443/udp\
-p 6060:6060/tcp\
-d adguard/adguardhome在本例中,若不需要AdguardHome替代本地Dnsmasq服务,可以仅映射WebUI端口(如3001)和DNS监听端口(如1746),由于另外需要配置本地服务占用端口3000,此处容器将3001映射至宿主机,这样一来Docker AdguardHome的WebUI仅能通过Bridge网络172.17.xx:3000访问。也可以先行配置Docker AdguardHome的WebUI,修改端口为非3000端口,避免后续设置冲突。
本地服务部署
适用于iStoreOS或immortalwrt的编译软件包可以在这里下载:
wukongdaily/RunFilesBuilder
bcseputetto/Are-u-ok
获取.run文件后,iStoreOS可以通过应用商店手动安装,immortalwrt可以通过SSH上传到任意目录后运行sh xxxxx.run安装。
此外,也可以通过软件包管理程序搜索Adguardhome进行安装或在官方Release下载可执行文件,但这样一来luci需要自行安装。
本地服务首次启动默认WebUI端口为3000,通过<你的设备IP>:3000访问。
AdgH配置
本例采用容器负责海外分流、服务负责国内分流的方式。
容器配置(海外分流)
容器启动后进行首次配置的默认WebUI端口为3000,若容器在非host模式或未映射端口状态下运行,通过Bridge网络172.17.xx:3000进入配置页面。
将网页管理界面端口改为3001(举例),DNS服务器监听端口改为1746(举例),下一步,配置好用户名密码后一路进入下图界面。
点击上方设置 - DNS设置,进入如下界面。
自行选择合适的海外DNS服务器填入框内,如
8.8.8.8
1.1.1.1
https://dns.google/dns-query
https://dns.cloudflare.com/dns-query随后点选并行请求,填写后备DNS服务器(也可保持默认)以及Bootstrap DNS服务器,经过查阅建议Bootstrap DNS服务器填写本地ISP服务商提供的DNS,其中121.251.251.251和121.251.251.250为中国石油大学(华东)的默认DNS,不适用于其他区域,务必替换为正确的DNS,可在这里查找。填写完毕后点击测试上游,无误后应用。
随后,修改速度限制为0(个人或小范围使用时),勾选下方三个选项,此外可下滑勾选乐观缓存选项。
上述设备全部应用后进行去广告规则导入,这里使用的是BlueSkyXN/AdGuardHomeRules规则集:
选择上方过滤器 - DNS黑名单,导入https://raw.githubusercontent.com/BlueSkyXN/AdGuardHomeRules/master/all.txt,选择DNS白名单,导入https://raw.githubusercontent.com/BlueSkyXN/AdGuardHomeRules/master/ok.txt。
至此海外分流设置完毕。
本地服务配置(国内分流)
与容器配置类似,不同的是,此处将网页管理端口修改为与上一步不同的端口(如3000,即保持默认),DNS监听端口修改为1745(距离,与上一步不同),此外,DNS设置阶段,按需填写国内常用DNS,如
114.114.114.114
223.5.5.5
https://doh.360.cn/dns-query
https://doh.pub/dns-query(不知道为什么校园网环境下填写阿里DNS和DOH均无法测试通过)
除此之外的其他设置均与上一步相同,规则可另外自行查找,或在WebUI界面 - DNS黑名单 - 添加黑名单 - 从列表中选择,选择合适的规则集。
配置文件
这里贴出两个AguardHome的配置文件,本地服务下可以替换/etc/AdguardHome.yaml使用,Docker中可替换挂载目录下的./conf/AdGuardHome.yaml使用。
国内:
http:
pprof:
port: 6060
enabled: false
address: 0.0.0.0:3000
session_ttl: 720h
users: []
auth_attempts: 5
block_auth_min: 15
http_proxy: ""
language: ""
theme: auto
dns:
bind_hosts:
- 0.0.0.0
port: 1745
anonymize_client_ip: false
ratelimit: 0
ratelimit_subnet_len_ipv4: 24
ratelimit_subnet_len_ipv6: 56
ratelimit_whitelist: []
refuse_any: true
upstream_dns:
- 121.251.251.251#注意替换为其他DNS
- 121.251.251.250#注意替换为其他DNS
- https://doh.360.cn/dns-query
- https://doh.pub/dns-query
upstream_dns_file: ""
bootstrap_dns:
- 121.251.251.251#注意替换为其他DNS
- 121.251.251.250#注意替换为其他DNS
fallback_dns: []
upstream_mode: parallel
fastest_timeout: 1s
allowed_clients: []
disallowed_clients: []
blocked_hosts:
- version.bind
- id.server
- hostname.bind
trusted_proxies:
- 127.0.0.0/8
- ::1/128
cache_size: 4194304
cache_ttl_min: 0
cache_ttl_max: 0
cache_optimistic: true
bogus_nxdomain: []
aaaa_disabled: true
enable_dnssec: true
edns_client_subnet:
custom_ip: ""
enabled: true
use_custom: false
max_goroutines: 300
handle_ddr: true
ipset: []
ipset_file: ""
bootstrap_prefer_ipv6: false
upstream_timeout: 10s
private_networks: []
use_private_ptr_resolvers: true
local_ptr_upstreams: []
use_dns64: false
dns64_prefixes: []
serve_http3: false
use_http3_upstreams: false
serve_plain_dns: true
hostsfile_enabled: true
pending_requests:
enabled: true
tls:
enabled: false
server_name: ""
force_https: false
port_https: 443
port_dns_over_tls: 853
port_dns_over_quic: 853
port_dnscrypt: 0
dnscrypt_config_file: ""
allow_unencrypted_doh: false
certificate_chain: ""
private_key: ""
certificate_path: ""
private_key_path: ""
strict_sni_check: false
querylog:
dir_path: ""
ignored: []
interval: 2160h
size_memory: 1000
enabled: true
file_enabled: true
statistics:
dir_path: ""
ignored: []
interval: 24h
enabled: true
filters:
- enabled: true
url: https://adguardteam.github.io/HostlistsRegistry/assets/filter_1.txt
name: AdGuard DNS filter
id: 1
- enabled: false
url: https://adguardteam.github.io/HostlistsRegistry/assets/filter_2.txt
name: AdAway Default Blocklist
id: 2
- enabled: true
url: https://adguardteam.github.io/HostlistsRegistry/assets/filter_29.txt
name: 'CHN: AdRules DNS List'
id: 1754295139
- enabled: true
url: https://adguardteam.github.io/HostlistsRegistry/assets/filter_21.txt
name: 'CHN: anti-AD'
id: 1754295140
whitelist_filters: []
user_rules: []
dhcp:
enabled: false
interface_name: ""
local_domain_name: lan
dhcpv4:
gateway_ip: ""
subnet_mask: ""
range_start: ""
range_end: ""
lease_duration: 86400
icmp_timeout_msec: 1000
options: []
dhcpv6:
range_start: ""
lease_duration: 86400
ra_slaac_only: false
ra_allow_slaac: false
filtering:
blocking_ipv4: ""
blocking_ipv6: ""
blocked_services:
schedule:
time_zone: UTC
ids: []
protection_disabled_until: null
safe_search:
enabled: false
bing: true
duckduckgo: true
ecosia: true
google: true
pixabay: true
yandex: true
youtube: true
blocking_mode: default
parental_block_host: family-block.dns.adguard.com
safebrowsing_block_host: standard-block.dns.adguard.com
rewrites: []
safe_fs_patterns: []
safebrowsing_cache_size: 1048576
safesearch_cache_size: 1048576
parental_cache_size: 1048576
cache_time: 30
filters_update_interval: 24
blocked_response_ttl: 10
filtering_enabled: true
parental_enabled: true
safebrowsing_enabled: false
protection_enabled: true
clients:
runtime_sources:
whois: true
arp: true
rdns: true
dhcp: true
hosts: true
persistent: []
log:
enabled: true
file: ""
max_backups: 0
max_size: 100
max_age: 3
compress: false
local_time: false
verbose: false
os:
group: ""
user: ""
rlimit_nofile: 0
schema_version: 29海外:
http:
pprof:
port: 6060
enabled: false
address: 0.0.0.0:3001
session_ttl: 720h
users:[]
auth_attempts: 5
block_auth_min: 15
http_proxy: ""
language: ""
theme: auto
dns:
bind_hosts:
- 0.0.0.0
port: 1746
anonymize_client_ip: false
ratelimit: 0
ratelimit_subnet_len_ipv4: 24
ratelimit_subnet_len_ipv6: 56
ratelimit_whitelist: []
refuse_any: true
upstream_dns:
- 8.8.8.8
- 1.1.1.1
- https://dns.google/dns-query
- https://dns.cloudflare.com/dns-query
upstream_dns_file: ""
bootstrap_dns:
- 9.9.9.9
- 121.251.251.251#注意替换为其他DNS
- 121.251.251.250#注意替换为其他DNS
fallback_dns:
- 9.9.9.9
- https://dns.quad9.net/dns-query
upstream_mode: parallel
fastest_timeout: 1s
allowed_clients: []
disallowed_clients: []
blocked_hosts:
- version.bind
- id.server
- hostname.bind
trusted_proxies:
- 127.0.0.0/8
- ::1/128
cache_size: 4194304
cache_ttl_min: 0
cache_ttl_max: 0
cache_optimistic: true
bogus_nxdomain: []
aaaa_disabled: true
enable_dnssec: true
edns_client_subnet:
custom_ip: ""
enabled: true
use_custom: false
max_goroutines: 300
handle_ddr: true
ipset: []
ipset_file: ""
bootstrap_prefer_ipv6: false
upstream_timeout: 10s
private_networks: []
use_private_ptr_resolvers: true
local_ptr_upstreams: []
use_dns64: false
dns64_prefixes: []
serve_http3: false
use_http3_upstreams: false
serve_plain_dns: true
hostsfile_enabled: true
pending_requests:
enabled: true
tls:
enabled: false
server_name: ""
force_https: false
port_https: 443
port_dns_over_tls: 853
port_dns_over_quic: 853
port_dnscrypt: 0
dnscrypt_config_file: ""
allow_unencrypted_doh: false
certificate_chain: ""
private_key: ""
certificate_path: ""
private_key_path: ""
strict_sni_check: false
querylog:
dir_path: ""
ignored: []
interval: 2160h
size_memory: 1000
enabled: true
file_enabled: true
statistics:
dir_path: ""
ignored: []
interval: 24h
enabled: true
filters:
- enabled: true
url: https://adguardteam.github.io/HostlistsRegistry/assets/filter_1.txt
name: AdGuard DNS filter
id: 1
- enabled: false
url: https://adguardteam.github.io/HostlistsRegistry/assets/filter_2.txt
name: AdAway Default Blocklist
id: 2
- enabled: true
url: https://raw.githubusercontent.com/BlueSkyXN/AdGuardHomeRules/master/all.txt
name: BlueSkyXN_Black
id: 1754358746
whitelist_filters:
- enabled: true
url: https://raw.githubusercontent.com/BlueSkyXN/AdGuardHomeRules/master/ok.txt
name: BlueSkyXN_White
id: 1754358745
user_rules: []
dhcp:
enabled: false
interface_name: ""
local_domain_name: lan
dhcpv4:
gateway_ip: ""
subnet_mask: ""
range_start: ""
range_end: ""
lease_duration: 86400
icmp_timeout_msec: 1000
options: []
dhcpv6:
range_start: ""
lease_duration: 86400
ra_slaac_only: false
ra_allow_slaac: false
filtering:
blocking_ipv4: ""
blocking_ipv6: ""
blocked_services:
schedule:
time_zone: UTC
ids: []
protection_disabled_until: null
safe_search:
enabled: false
bing: true
duckduckgo: true
ecosia: true
google: true
pixabay: true
yandex: true
youtube: true
blocking_mode: default
parental_block_host: family-block.dns.adguard.com
safebrowsing_block_host: standard-block.dns.adguard.com
rewrites: []
safe_fs_patterns:
- /opt/adguardhome/work/userfilters/*
safebrowsing_cache_size: 1048576
safesearch_cache_size: 1048576
parental_cache_size: 1048576
cache_time: 30
filters_update_interval: 24
blocked_response_ttl: 10
filtering_enabled: true
parental_enabled: false
safebrowsing_enabled: false
protection_enabled: true
clients:
runtime_sources:
whois: true
arp: true
rdns: true
dhcp: true
hosts: true
persistent: []
log:
enabled: true
file: ""
max_backups: 0
max_size: 100
max_age: 3
compress: false
local_time: false
verbose: false
os:
group: ""
user: ""
rlimit_nofile: 0
schema_version: 29Passwall配置
此处仅记录Passwall的DNS设置步骤,不涉及其他代理设置。
经过上文AdguardHome配置,得到了海外去广告DNS为<你的路由器IP>:1746,国内去广告DNS为<你的路由器IP>:1745,分别填入远程DNS以及直连DNS,通过Passwall自带的ChinaDNS-NG分流,实测AdguardHome提供的多DNS并行查询比裸ChinaDNS-NG快了一些(大概吧)。
故障排除
- 其他各类海外服务能正常访问,但 Google、Youtube 无法访问(表现为证书错误 [ SSL显示为*.facebook.com ]),或手机浏览器能够正常访问而APP无法访问等情况,请先确认IPv6配置是否正确或确认IPV6是否完全关闭(以OPENWRT为例:网络 - 接口 - LAN - 编辑 - DHCP服务器 - IPv6设置,确保通告服务等全部设置为已禁用)。
Comments NOTHING