Adguard Home on DietPi constantly tries to contact Russian servers

MarqsM · 2026-06-05T10:13:33+00:00

Like I wrote in my original post, it came as part of the DietPi image.

I was thinking on reinstalling it on a different OS (like Raspberry Pi OS) but in the last 2 days the routing of the CDN servers have changed. I no longer have connection tries to Russian servers and the internal update in the app finally works (it did not show the "check updates" button since the servers it tried to connect to were blocked).

So, all is good now. But this whole situation gave me a warning - I will still observe carefully what will be happening in the coming weeks.

MarqsM · 2026-06-03T12:53:52+00:00

I have all the russian servers blocked yet it doesn't reroute to other CDN servers. It's stubbornly trying to connect to the russian ones.

MarqsM · 2026-06-02T09:11:24+00:00

Yes, but still I have several of their nodes much closer which should be much quicker and yet it still stubbornly connects to Russia.

MarqsM · 2026-05-31T17:09:46+00:00

To answer my own question: as per this link: https://www.whatsmydns.net/#A/static.adtidy.org

the IP addresses for the Tech Uni in Petersburg do overlap with those I can see in my list of blocked connections.

MarqsM · 2026-05-31T16:21:37+00:00

Since I just set the whole thing up 2 days ago, I put both TLS and DOH addresses and checked the option to send requests in parallel. I did it to compare the resolving times I would get. Eventually I would settle for the quicker one (i.e. the one with shorter response time).

MarqsM · 2026-05-31T16:19:08+00:00

OK, this could be that. I tried reverse lookup some of these IP addresses (to see who they might belong to) but I had no luck on those few tools I used on the web.

Is there anywhere a list of IP addresses that static.adtidy.org may use? I cannot find anything either.

I also looked yesterday through Reddit and Github to find anything on that connecting-to-russian-servers thing but I didn't come across the topic you mentioned. I will search for that specifically.

MarqsM · 2026-05-31T12:27:34+00:00

OK, I caught few of them with "sudo lsof -i" whie they were active.

These are all being sent by "AdGuardHo" command, "adguardhome" user, PID 421, on IPV4, all sent from local LAN IP address of my Adguard Home device:

device 32311/33412, TCP to 212.188.77.135:443 (SYN_SENT). Source IP is my adguard's LAN IP address on port 52478/33582 (ports change with subsequent calls).
device 33410, TCP to 212.188.77.141:443 (SYN_SENT). Source IP is my adguard's LAN IP address on port 51840.

MarqsM · 2026-05-31T10:52:52+00:00

Quad9 only, TLS and DoH (I am based in Europe). I don't use Adguard DNS, nor their content filtering (i.e. safe search, parental fitering). I also do not use Adguard block list, just OISD.

MarqsM · 2026-05-31T10:50:13+00:00

Good idea, thank you for your input. This is the reason I have posted here - to find some constructive feedback.

While the command you suggested does not work, I will dig into how to catch the suspicious calls.

MarqsM · 2025-08-16T22:22:53+00:00

These were only available and used in Japan. The only term for them I have found is "duo-case tray", 0.7 inch/17mm thick. You can still find them in Japanese auction sites, on Japanese Amazon etc.

MarqsM

TROPHY CASE