XTRM-Unraid
d44ffdbcff
All checks were successful
ci/woodpecker/push/woodpecker Pipeline was successful
1.8 KiB
1.8 KiB
WIP: MikroTik AdGuard Home with DoT/DoH
Status: In Progress
Started: 2026-01-25
Objective
Single DNS endpoint with failover:
- External: dns.xtrm-lab.org (DoT 853, DoH 443)
- Internal: 192.168.31.1 (all LAN clients)
- Failover: Unraid AdGuard (192.168.31.4) as upstream backup
Architecture
External ──► dns.xtrm-lab.org ──► NAT ──┐
(DoT 853, DoH 443) │
▼
Internal ──► 192.168.31.1:53 ────► MikroTik AdGuard
(LAN clients) (container)
│
▼
Upstreams:
- 192.168.31.4 (Unraid AdGuard)
- 8.8.8.8 (Google)
- 1.1.1.1 (Cloudflare)
Implementation Steps
- 1. Install AdGuard container on MikroTik
- 2. Configure veth interface with IP
- 3. Configure AdGuard upstreams
- 4. Enable DoT/DoH in AdGuard
- 5. Generate/configure TLS certificates
- 6. Update NAT rules (DoT/DoH → container)
- 7. Update DNS redirect rules (LAN → container)
- 8. Test internal DNS
- 9. Test external DoT/DoH
- 10. Update documentation
Container Configuration
- Image: adguard/adguardhome:latest
- Root dir: /usb1/adguard
- Interface: veth-adguard
- Mounts: Config persistence
Network Configuration
| Service | Port | Target |
|---|---|---|
| DNS | 53 | Container |
| DoT | 853 | Container |
| DoH | 443 | Container |
| Web UI | 3000 | Container |
Notes
- Using script from: https://github.com/maximpri/mikrotik-adguardhome
- Previous MikroTik containers removed (storage issues)
- Unraid AdGuard (192.168.31.4) remains as backup upstream