starred/AdGuardHome

Fork 0

mirror of https://github.com/AdguardTeam/AdGuardHome.git synced 2026-03-04 00:01:12 -05:00

unable to save encryption settings #5065

New issue

Open

opened 2026-03-04 05:46:10 -05:00 by deekerman · 7 comments

deekerman commented

2026-03-04 05:46:10 -05:00

Owner

Originally created by @udtcp on GitHub (Feb 13, 2024).

Prerequisites

I have checked the Wiki and Discussions and found no answer
I have searched other issues and found no duplicates
I want to report a bug and not ask a question or ask for help
I have set up AdGuard Home correctly and configured clients to use it. (Use the Discussions for help with installing and configuring clients.)

Platform (OS and CPU architecture)

Linux, ARM64

Installation

Custom package (OpenWrt, HomeAssistant, etc; please mention in the description)

Setup

On one machine

AdGuard Home version

v0.107.44

Action

Running AGH on openwrt snapshot (13.02.23) on MT6000 router
I have 4 DoH in the Upstream DNS servers
I choose enable encryption and disable enable plain dns and save ( the save button doesnt seem to chnage after choosing save). But after logging in and out the tick is back on plain dns and untick in encryption option.

Expected result

Expected result is that Encryption and DNS parallel request would be saved and not lost after logging in and out.

Actual result

After logging out and logging back in :

Additional information and/or screenshots

https://imgur.com/a/b0o8Yyo

Originally created by @udtcp on GitHub (Feb 13, 2024). ### Prerequisites - [X] I have checked the [Wiki](https://github.com/AdguardTeam/AdGuardHome/wiki) and [Discussions](https://github.com/AdguardTeam/AdGuardHome/discussions/categories/q-a) and found no answer - [X] I have searched other issues and found no duplicates - [X] I want to report a bug and not [ask a question or ask for help](https://github.com/AdguardTeam/AdGuardHome/discussions/categories/q-a) - [X] I have set up AdGuard Home correctly and [configured clients to use it](https://github.com/AdguardTeam/AdGuardHome/wiki/Clients). (Use the [Discussions](https://github.com/AdguardTeam/AdGuardHome/discussions/categories/q-a) for help with installing and configuring clients.) ### Platform (OS and CPU architecture) Linux, ARM64 ### Installation Custom package (OpenWrt, HomeAssistant, etc; please mention in the description) ### Setup On one machine ### AdGuard Home version v0.107.44 ### Action Running AGH on openwrt snapshot (13.02.23) on MT6000 router I have 4 DoH in the Upstream DNS servers I choose enable encryption and disable enable plain dns and save ( the save button doesnt seem to chnage after choosing save). But after logging in and out the tick is back on plain dns and untick in encryption option. ### Expected result Expected result is that Encryption and DNS parallel request would be saved and not lost after logging in and out. ### Actual result After logging out and logging back in : ![image](https://github.com/AdguardTeam/AdGuardHome/assets/154565507/283d86fa-5f72-478d-b5e3-c8cc3d8a078b) ### Additional information and/or screenshots https://imgur.com/a/b0o8Yyo

deekerman added the

cannot reproduce

waiting for data

labels

2026-03-04 05:46:10 -05:00

deekerman commented

2026-03-04 05:46:16 -05:00

Author

Owner

@udtcp commented on GitHub (Feb 13, 2024):

After logging out and back in the tick goes away from enable encryption and is back to enable plain DNS

@udtcp commented on GitHub (Feb 13, 2024): After logging out and back in the tick goes away from enable encryption and is back to enable plain DNS

deekerman commented

2026-03-04 05:46:16 -05:00

Author

Owner

@udtcp commented on GitHub (Feb 14, 2024):

Does the encryption box only is enabled if certificates are installed?

@udtcp commented on GitHub (Feb 14, 2024): Does the encryption box only is enabled if certificates are installed?

deekerman commented

2026-03-04 05:46:16 -05:00

Author

Owner

@udtcp commented on GitHub (Feb 14, 2024):

please see attached video:

https://imgur.com/a/x9g4eYp

It is also not possible to save the DNS parallel request . It keeps reverting itself to load balancing option

@udtcp commented on GitHub (Feb 14, 2024): please see attached video: https://imgur.com/a/x9g4eYp It is also not possible to save the DNS parallel request . It keeps reverting itself to load balancing option

deekerman commented

2026-03-04 05:46:16 -05:00

Author

Owner

@ainar-g commented on GitHub (Feb 15, 2024):

We cannot reproduce this, and it is likely that there are issues with the way your package is handling configuration updates. You should probably consult the maintainers of the package, and in any case looking at the verbose log of what happens when you change the configuration should shed some light.

@ainar-g commented on GitHub (Feb 15, 2024): We cannot reproduce this, and it is likely that there are issues with the way your package is handling configuration updates. You should probably consult the maintainers of the package, and in any case looking at the [verbose log](https://github.com/AdguardTeam/AdGuardHome/wiki/FAQ#verboselog) of what happens when you change the configuration should shed some light.

deekerman commented

2026-03-04 05:46:16 -05:00

Author

Owner

@bundyland commented on GitHub (Feb 15, 2024):

I have the same problem.

In my case I have set allow_unencrypted_doh: true, because I use the SSL certificate of the reverse proxy.
However, I can't save any encryption changes in the GUI. I need to shut down Adguard, modify the AdGuardHome.yaml manually and restart it afterwards. If I set serve_plain_dns: false, Adguard restarts infinitely. So no chance to deactivate plain dns. For me it's fine as I don't have exposed port 53.

@bundyland commented on GitHub (Feb 15, 2024): I have the same problem. In my case I have set `allow_unencrypted_doh: true`, because I use the SSL certificate of the reverse proxy. However, I can't save any encryption changes in the GUI. I need to shut down Adguard, modify the AdGuardHome.yaml manually and restart it afterwards. If I set `serve_plain_dns: false`, Adguard restarts infinitely. So no chance to deactivate plain dns. For me it's fine as I don't have exposed port 53.

deekerman commented

2026-03-04 05:46:16 -05:00

Author

Owner

@amrmzr commented on GitHub (Feb 26, 2024):

Does the encryption box only is enabled if certificates are installed?

Yes

@amrmzr commented on GitHub (Feb 26, 2024): > Does the encryption box only is enabled if certificates are installed? Yes

deekerman commented

2026-03-04 05:46:16 -05:00

Author

Owner

@Landorin-GH commented on GitHub (Apr 2, 2024):

I believe this is a simple matter of misunderstanding the existing documentation as it is not exact (at least last time I checked). It does not really differentiate between servers on a public or home network. I used to have the same issue.

Any DNS requests to an upstream server made over DoH/DoT/DoQ already are encrypted as these protocols were made for that. So as long as you use these protocols for upstream servers you are all set.
This is the typical home network scenario where either a client device or an own Adugard Home server connects to a public upstream server.

The encryption setting merely is for upstream servers (e.g. unfiltered-adguard.com or one you might host yourself externally / VPS / in the cloud). These servers need a certificate, a domain name and the encryption option turned on if they want to answer queries on an encrypted level (else they could only send unencrypted DNS answers). This setting is not really intended for servers hosted at home due to the certificate as well as usually there is no need to encrypt this kind of traffic on a home network.

I wrote a bit more here when I discovered my mistake incl. a link to github where encryption was confirmed (and an info on how you can check if the traffic is encrypted if you wish to do so): https://www.reddit.com/r/Adguard/comments/l0gmrx/plain_dns_when_using_encrypted_upstream_dns_server/idtwyi5/

@Landorin-GH commented on GitHub (Apr 2, 2024): I believe this is a simple matter of misunderstanding the existing documentation as it is not exact (at least last time I checked). It does not really differentiate between servers on a public or home network. I used to have the same issue. Any DNS requests to an upstream server made over DoH/DoT/DoQ already are encrypted as these protocols were made for that. So as long as you use these protocols for upstream servers you are all set. This is the typical home network scenario where either a client device or an own Adugard Home server connects to a public upstream server. The encryption setting merely is for upstream servers (e.g. unfiltered-adguard.com or one you might host yourself externally / VPS / in the cloud). These servers need a certificate, a domain name and the encryption option turned on if they want to answer queries on an encrypted level (else they could only send unencrypted DNS answers). This setting is not really intended for servers hosted at home due to the certificate as well as usually there is no need to encrypt this kind of traffic on a home network. I wrote a bit more here when I discovered my mistake incl. a link to github where encryption was confirmed (and an info on how you can check if the traffic is encrypted if you wish to do so): https://www.reddit.com/r/Adguard/comments/l0gmrx/plain_dns_when_using_encrypted_upstream_dns_server/idtwyi5/

No milestone

No project

No assignees

1 participant

Notifications

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

starred/AdGuardHome#5065

No description provided.

Rows
Columns