Clients
AdGuard Home allows flexible configuration for the devices that are connected to it. On a basic level, you may just want to be able to distinguish them and see friendly names instead of naked IP addresses. Additionally, AdGuard Home allows you applying different rules depending on the client.
AdGuard Home tries to automatically find out some basic information about the device that's connecting to it.
Here is what it tries to do in order to figure out the client's hostname:
- Inspects the hosts file and uses hostnames found there to identify clients.
- Makes a reverse DNS lookup.
- Inspects the system ARP table.
- For public IP addresses it also makes a whois query in order to find out the client's location and the company the IP belongs to.
If the only thing you need is to see friendly names in AdGuard Home stats, then editing the hosts file may be the easiest way to achieve this.
Note, that restarting AdGuard Home may be needed if you want to see the change immediately.
If you want more than just to see the client names, you may want to configure each client manually. If that's the case, head to "Clients settings" and click "Add client" there.
First of all, you need to decide how you would like to identify the client.
There are several options to do this.
-
IP address - for instance,
192.168.0.1. This is the easiest way to do this, but it may be not good enough if the IP address changes too often. -
CIDR range - for instance,
192.168.0.1/24. Allows attributing a whole range of IP addresses (in the example it is192.168.0.*) to the same client. - MAC address - using MAC as a client identifier is only possible when AdGuard Home works as a DHCP server.
-
Client ID - this method is supposed to be used for encrypted DNS protocols
(DoH, DoT or DoQ). Once this identifier is used, you can use a special domain
name while configuring your client. Here's an example:
- AdGuard Home domain name
example.org. - In AdGuard Home you add a client with the client ID
my-client. - On the client device you can now configure:
-
DNS-over-TLS:tls://my-client.example.org -
DNS-over-QUIC:quic://my-client.example.org -
DNS-over-HTTPS:https://example.org/dns-query/my-client
-
- AdGuard Home domain name
Each client can be configured individually. You may choose what to block, what settings should be used, or you could even configure a completely different set of upstream DNS servers to be used for this client.
There are two ways of how you can configure blocking on the per-client basis.
Both of them are based on using AdGuard blocklist rules syntax for the rules you're adding to "Custom filtering rules".
$client rules
The first one is using $client modifier. This way you can limit the rule
to a client (or clients).
Examples:
-
@@||*^$client=127.0.0.1— unblock everything for localhost -
||example.org^$client='Frank\'s laptop'— blockexample.orgfor the client namedFrank's laptoponly. Note that quote (') in the name must be escaped. -
||example.org^$client=192.168.0.0/24-- blockexample.orgfor all clients with IP addresses in the range192.168.0.0-192.168.0.255
You can find more examples in the article about blocking rules syntax.
$ctag rules
The second way is to use another modifier called $ctag. When you create
a new client, special "tags" can be assigned to it. These tags can then
be used in the filtering rules:
-
||example.org^$ctag=device_pc|device_phone- blockexample.orgfor clients tagged asdevice_pcordevice_phone -
||example.org^$ctag=~device_phone- blockexample.orgfor all clients except those tagged asdevice_phone