AdguardTeam
unable to save encryption settings
Prerequisites
-
[X] I have checked the Wiki and Discussions and found no answer
-
[X] I have searched other issues and found no duplicates
-
[X] I want to report a bug and not ask a question or ask for help
-
[X] I have set up AdGuard Home correctly and configured clients to use it. (Use the Discussions for help with installing and configuring clients.)
Platform (OS and CPU architecture)
Linux, ARM64
Installation
Custom package (OpenWrt, HomeAssistant, etc; please mention in the description)
Setup
On one machine
AdGuard Home version
v0.107.44
Action
Running AGH on openwrt snapshot (13.02.23) on MT6000 router I have 4 DoH in the Upstream DNS servers I choose enable encryption and disable enable plain dns and save ( the save button doesnt seem to chnage after choosing save). But after logging in and out the tick is back on plain dns and untick in encryption option.
Expected result
Expected result is that Encryption and DNS parallel request would be saved and not lost after logging in and out.
Actual result
After logging out and logging back in :
Additional information and/or screenshots
https://imgur.com/a/b0o8Yyo
After logging out and back in the tick goes away from enable encryption and is back to enable plain DNS
please see attached video:
https://imgur.com/a/x9g4eYp
It is also not possible to save the DNS parallel request . It keeps reverting itself to load balancing option
We cannot reproduce this, and it is likely that there are issues with the way your package is handling configuration updates. You should probably consult the maintainers of the package, and in any case looking at the verbose log of what happens when you change the configuration should shed some light.
I have the same problem.
In my case I have set allow_unencrypted_doh: true, because I use the SSL certificate of the reverse proxy.
However, I can't save any encryption changes in the GUI. I need to shut down Adguard, modify the AdGuardHome.yaml manually and restart it afterwards. If I set serve_plain_dns: false, Adguard restarts infinitely. So no chance to deactivate plain dns. For me it's fine as I don't have exposed port 53.
I believe this is a simple matter of misunderstanding the existing documentation as it is not exact (at least last time I checked). It does not really differentiate between servers on a public or home network. I used to have the same issue.
Any DNS requests to an upstream server made over DoH/DoT/DoQ already are encrypted as these protocols were made for that. So as long as you use these protocols for upstream servers you are all set. This is the typical home network scenario where either a client device or an own Adugard Home server connects to a public upstream server.
The encryption setting merely is for upstream servers (e.g. unfiltered-adguard.com or one you might host yourself externally / VPS / in the cloud). These servers need a certificate, a domain name and the encryption option turned on if they want to answer queries on an encrypted level (else they could only send unencrypted DNS answers). This setting is not really intended for servers hosted at home due to the certificate as well as usually there is no need to encrypt this kind of traffic on a home network.
I wrote a bit more here when I discovered my mistake incl. a link to github where encryption was confirmed (and an info on how you can check if the traffic is encrypted if you wish to do so): https://www.reddit.com/r/Adguard/comments/l0gmrx/plain_dns_when_using_encrypted_upstream_dns_server/idtwyi5/
