OpenClash + AdGuardHome + MosDNS Complete Closed-Loop Solution: Fake-IP Enforcement, DNS Anti-Pollution, More Thorough Ad Blocking & DNS Cache Optimization

Total 3664 characters, estimated reading time: 10 minutes.

openclash+adguarddhome+MosDNS adblock DNS anti-leakage domestic and international shunt parsingWe commonly use it for DNS ad blocking, smart triage and DNS anti-pollution features. Previously our multiple settings, includingpasswall+adguardhome+MosDNSCombined with the use of use can be stable and efficient operation, but found a problem OpenClash in the Fake-IP mode can not be effective, which is also in the previous video partner message response to this problem, did not notice before. So how much it affects certain proxy rules and access efficiency and security issues. Recently, after repeated testing and debugging, the final realization of the Fake-IP effective, DNS leakage prevention, and compared to the previous configuration AdGuardHome ad blocking effect to enhance the effect of better, with MosDNS as a DNS cache intelligent triple!make superiorObjective.

This post will shareKing of Science and TechnologyTested and proven set ofComplete Closed-Loop DNS Architecture::Make Open Clash's Fake-IP work properly, Adguardhome ad blocking stronger, MosDNS caching stable and efficient, and avoid DNS pollution and duplicate resolution problems.

Of course, stating the DNS resolution logic here may be a bit controversial because theopenclashWith Mosdns self formed a closed loop, so it may also form a dead loop or parsing errors instead of lagging response, partners need to be careful to try to see if it is suitable for their own use of the scene!

✅ Core objectives

• ✔️ Fake-IP mode back in effect to enhance proxy resolution - That's what's important here today and that's what we're going to fix.
• ✔️ AdGuardHome ad blocking is more thorough and reduces the number of leakage - That's what's important here today and that's what we're going to fix.
• ✔️ MosDNS acts as a transit cache and gas pedal, lightweight and efficient - This is just a test use and not unique, FYI
• ✔️ builds a complete closed-loop link, with OpenClash making the final DNS decision, ensuring global resolution security.

🔁 Data flow logic (full closed-loop version)

The overall flow direction is as follows:

Client request
   ↓
OpenClash hijack DNS
   ↓
AdGuardHome (listening on port 533, ad blocking)
   ↓
MosDNS (listens on port 5335, caching only)
   ↓
OpenClash (listens on port 7874, final resolution)
   ↓
Upstream DNS (DoH / DoT)

🔧 Core Change Points:I have found after various tests that the only way to get the DNS trafficFirst import OpenClash and have it do the Fake-IP processing in order for the mode to take effect. Therefore, the key setup for the tweak is to place OpenClash at the beginning of the DNS link, and the other components are configured with that in mind, thenThe upstream of MosDNS is then set to OpenClash itself (port 7874), creating a closed loop of resolution, giving OpenClash full control over outbound/inbound, and ensuring that Fake-IP works.

📌 Detailed configuration of each component

1️⃣ OpenClash Settings

• start using Fake-IP mode
• start using dnsmasq Hijacking DNS requests
• Nameserver:: Point to AdGuardHome → 127.0.0.1#533
• Fallback DNS: Foreign encrypted DNS (e.g. tls://1.1.1.1, tls://8.8.8.8)
• Default Nameserver:: Domestic standby (e.g. 114.114.114.114)
• Keep listening on port 7874 as the final DNS forwarding interface

✅ recount (e.g. results of election): OpenClash is the first hijacking entry point and the final upstream resolution exit (it's the upstream for MosDNS)

2️⃣ AdGuardHome Settings (ad filtering core)

• listening port:: 533
• The upstream DNS is set to MosDNS:127.0.0.1:5335
• Turn off caching to let MosDNS be the caching server, turn on ad rules filtering (e.g. EasyList, AdGuard Chinese rules, etc.)

✅ recount (e.g. results of election): AdGuardHome specializes in ad blocking and avoids hijacking and diversion duties to interfere with the effect.

3️⃣ MosDNS setup (lightweight caching node)

• listening port:: 5335
• Upstream DNS Settings::127.0.0.1:7874(OpenClash's DNS listening port)
• Shut down port 53 listening and drop dnsmasq takeover
• Keep caching on, but don't do complex domestic and international triage logic

✅ recount (e.g. results of election)MosDNS no longer handles domestic/foreign domains directly, but caches and forwards them to OpenClash, reducing its own burden significantly.

✅ Effectiveness verification

⚠️ Notes

• The upstream of MosDNS must be a listening port for OpenClash.(e.g., 7874), otherwise the closed loop cannot be formed
• Do not use conflicting ports for each component. It is recommended to use non-standard ports such as 533 / 5335.
• If there are DNS deadlocks or failed requests, troubleshoot on a layer-by-layer basis (use the nslookup utility)
• Disable the system's local DNS service (e.g. systemd-resolved) to avoid interference.

❗ Note the logical key points:

• OpenClash takes over DNS for the first time: make sure Fake-IP in effectThe
• AdGuardHome is in the middle tier: only responsible for ad blocking, no complex triage.
• MosDNS no longer does master triage: only cache forwarding.
• MosDNS upstream back to OpenClash: forming a “closed loop”.

✅ Why does this configuration work for internet?

This is because OpenClash takes on both:

1. Initial DNS Hijacking Entry(handling fake-ip, validation policy)
2. Final DNS Exit(Exit analysis via DoH/DoT)

MosDNS and AdGuardHome only play the role of “caching” and “ad cleaning” in this link, and no longer dominate the diversion and exit paths, so they do not cause DNS loops or errors.

⚠️ Possible risks or imperfections

🔚 Closed-loop optimization scheme::

• ✅ Can realize fake-ip mode
• ✅ Enables ad blocking enhancements
• ✅ MosDNS has cache optimization effects
• ⚠️ Not recommended for deployment by novice users, setup with caution

The key to this program is:Making OpenClash the Start and End of DNSIn this way, Fake-IP can be restored to normal, and the whole DNS architecture is clearer, more controllable, and more flexible. In this way, not only the Fake-IP can be restored to normal and the effect of ad blocking can be improved, but also the whole DNS architecture is clearer, more controllable and flexible, which is suitable for users with high demands on the network environment.

If you also encounter DNS confusion, Fake-IP failure, ads blocking problems, you may want to try this program. Of course, please make sure to make a backup before deployment and verify it carefully in a test environment.

Using AdGuardHome + MosDNS to Realize Efficient Ad Filtering and Intelligent DNS Triage for Scientific Internet Access - Detailed Explanation (Take OpenClash as an Example)

In the environment of scientific Internet access, DNS configuration not only affects the speed of access, but also relates to ad filtering, privacy protection and even the accuracy of network traffic. Previously, whether it is combined with the combination of passwall or openclash combination have done videos and blogs, but there are still all sorts of problems [...].

Full tutorial for manually uninstalling OpenClash (and other plugins) for OpenWrt/iStoreOS

Preface When using a router system like OpenWrt or iStoreOS, we often install various plug-ins to extend the functionality, such as OpenClash (a very popular proxy management tool). However, sometimes due to misuse, or the software itself [...]

Solve the problem of not being able to access home devices via DDNS in make-ip/Redir-Host mode under Openclash

After building a one-stop DNS magic system based on OpenClash + mosDNS + AdGuardHome, the network experience has been significantly improved, but we also encountered the problem of unstable remote desktop port mapping. In this article, we will go through the details of the OpenClash [...]

Use OpenClash + mosDNS + AdGuardHome to build a one-stop DNS magic system: scientific Internet access, advertisement blocking, and live resolution are all included!

In this era where browsing the web is like walking through a minefield, not only do you have to worry about DNS pollution, ad hijacking, privacy leakage, but you also have to be careful about whether there is any “you-know-what” playing behind the pop-up windows. So, a set of tools based around OpenClash + mosDNS + AdGuard [...]

Slag Players Cloud - The cheapest soft router on the net OpenWRT scientific Internet over the wall solution: a guide to waste utilization

In today's scientific Internet to explore more knowledge over the wall Google watch YouTube demand is increasingly popular background, many people are looking for cheap, cost-effective soft routing solutions. Here is a product and PCDN run traffic to earn pocket money once because of the failure of Xunlei play, reduced to “slag” play [...].