You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I have searched other issues and found no duplicates
I want to request a feature or enhancement and not ask a question
The problem
When exposing DoT or DoH publicly many people reported just what I experienced myself multiple times - botnet pingings and malicious clients connecting from all over the world. Since standart DNS implementations and clients don't support authentication for the DNS request to succeed I looked for hacky ways to achieve just that.
Proposed solution
Apparently AdGuard DNS (afaik your paid DNS service) just added this feature 2 days ago!
https://adguard-dns.io/en/blog/private-adguard-dns-v2-7.html
This way we can easily authenticate users and control who can use our selfhosted instances way better. I believe it would be a gamechanger and many people would be interested in this. It would be great to have authentication for DNS-over-TLS & DNS-over-QUIC and DNSCrypt as well but seeing there is a ready implementation for DoH would make it easier for AdGuardHome to support this.
Alternatives considered and additional information
Alternative solutions one can use for now:
Under Access Settings > Allowed Clients add your local subnet(s) like 192.168.0.1/24 etc.
If you still want to use DoT/DoH also paste your ClientID in a new line.
This works well, but many use different reverse proxies in front of AdGuardHome, configuring some of them will be hard, especially having to configure level-2 subdomains (ones like client-name.adguardhome.example.org - a certificate would be needed for *.adguardhome.example.org).
The text was updated successfully, but these errors were encountered:
Thanks for the link. That's good to know, the guide you provided is for the web interface, Pomerium is also another reverse proxy to my knowledge... Maybe it works this way I have to test it. Eventually every modern reverse proxy should be able to do this, it could be complicated to combine this with other reverse proxies or switching to it.
An implementation natively supported by AdGuardHome looks more beneficial and can be secured easier.
Prerequisites
I have checked the Wiki and Discussions and found no answer
I have searched other issues and found no duplicates
I want to request a feature or enhancement and not ask a question
The problem
When exposing DoT or DoH publicly many people reported just what I experienced myself multiple times - botnet pingings and malicious clients connecting from all over the world. Since standart DNS implementations and clients don't support authentication for the DNS request to succeed I looked for hacky ways to achieve just that.
Proposed solution
Apparently AdGuard DNS (afaik your paid DNS service) just added this feature 2 days ago!
This way we can easily authenticate users and control who can use our selfhosted instances way better. I believe it would be a gamechanger and many people would be interested in this. It would be great to have authentication for DNS-over-TLS & DNS-over-QUIC and DNSCrypt as well but seeing there is a ready implementation for DoH would make it easier for AdGuardHome to support this.
Alternatives considered and additional information
Alternative solutions one can use for now:
Access Settings
>Allowed Clients
add your local subnet(s) like192.168.0.1/24
etc.This works well, but many use different reverse proxies in front of AdGuardHome, configuring some of them will be hard, especially having to configure level-2 subdomains (ones like
client-name.adguardhome.example.org
- a certificate would be needed for*.adguardhome.example.org
).The text was updated successfully, but these errors were encountered: