diff --git a/docs/wip/MIKROTIK-ADGUARD-DOT-DOH.md b/docs/wip/MIKROTIK-ADGUARD-DOT-DOH.md new file mode 100644 index 0000000..3f20c1a --- /dev/null +++ b/docs/wip/MIKROTIK-ADGUARD-DOT-DOH.md @@ -0,0 +1,64 @@ +# WIP: MikroTik AdGuard Home with DoT/DoH + +**Status:** In Progress +**Started:** 2026-01-25 + +--- + +## Objective + +Single DNS endpoint with failover: +- External: dns.xtrm-lab.org (DoT 853, DoH 443) +- Internal: 192.168.31.1 (all LAN clients) +- Failover: Unraid AdGuard (192.168.31.4) as upstream backup + +## Architecture + +``` +External ──► dns.xtrm-lab.org ──► NAT ──┐ + (DoT 853, DoH 443) │ + ▼ +Internal ──► 192.168.31.1:53 ────► MikroTik AdGuard + (LAN clients) (container) + │ + ▼ + Upstreams: + - 192.168.31.4 (Unraid AdGuard) + - 8.8.8.8 (Google) + - 1.1.1.1 (Cloudflare) +``` + +## Implementation Steps + +- [ ] 1. Install AdGuard container on MikroTik +- [ ] 2. Configure veth interface with IP +- [ ] 3. Configure AdGuard upstreams +- [ ] 4. Enable DoT/DoH in AdGuard +- [ ] 5. Generate/configure TLS certificates +- [ ] 6. Update NAT rules (DoT/DoH → container) +- [ ] 7. Update DNS redirect rules (LAN → container) +- [ ] 8. Test internal DNS +- [ ] 9. Test external DoT/DoH +- [ ] 10. Update documentation + +## Container Configuration + +- **Image:** adguard/adguardhome:latest +- **Root dir:** /usb1/adguard +- **Interface:** veth-adguard +- **Mounts:** Config persistence + +## Network Configuration + +| Service | Port | Target | +|---------|------|--------| +| DNS | 53 | Container | +| DoT | 853 | Container | +| DoH | 443 | Container | +| Web UI | 3000 | Container | + +## Notes + +- Using script from: https://github.com/maximpri/mikrotik-adguardhome +- Previous MikroTik containers removed (storage issues) +- Unraid AdGuard (192.168.31.4) remains as backup upstream