diff --git a/cfg/jobs/adguard.run b/cfg/jobs/adguard.run
index ec5ca6d..47e292e 100755
--- a/cfg/jobs/adguard.run
+++ b/cfg/jobs/adguard.run
@@ -10,7 +10,7 @@ VER="${VER//./-}"
 UPSTREAM_VER="0.107.54"
 UPSTREAM_VER_DASH="${UPSTREAM_VER//./-}"
 UPSTREAM_NAME="adguard"
-SERIAL="2benoitjpnet"
+SERIAL="4benoitjpnet"
 CNAME="$UPSTREAM_NAME-$UPSTREAM_VER_DASH-$SERIAL-$DIST-$VER"
 ALIAS="$UPSTREAM_NAME-$UPSTREAM_VER-$SERIAL"
 
@@ -38,6 +38,14 @@ rm AdGuardHome_linux_amd64.tar.gz
 setcap "CAP_NET_BIND_SERVICE=+eip CAP_NET_RAW=+eip" /opt/adguard/AdGuardHome
 
 install -d -m 755 -o adguard -g adguard /opt/adguard/{data,config}
+
+#https://github.com/AdguardTeam/AdGuardHome/wiki/FAQ#bindinuse
+mkdir -p /etc/systemd/resolved.conf.d
+cat <<EOT> /etc/systemd/resolved.conf.d/adguardhome.conf
+[Resolve]
+DNS=127.0.0.1
+DNSStubListener=no
+EOT
 '
 
 incus file push adguard.service "$CNAME"/etc/systemd/system/
diff --git a/run/adguard/workspace/adguard.service b/run/adguard/workspace/adguard.service
index 331014e..42e9add 100644
--- a/run/adguard/workspace/adguard.service
+++ b/run/adguard/workspace/adguard.service
@@ -5,11 +5,13 @@ ConditionFileIsExecutable=/opt/adguard/AdGuardHome
 After=syslog.target network-online.target
 
 [Service]
-User=adguard
-Group=adguard
+# First run must run as root, then chown -R adguard: /etc/adguard /opt/adguard
+# And uncomment + restart service
+#User=adguard
+#Group=adguard
 StartLimitInterval=5
 StartLimitBurst=10
-ExecStart=/tmp/AdGuardHome/AdGuardHome "-s" "run" "-c" "/etc/adguard/adguard.yaml"
+ExecStart=/opt/adguard/AdGuardHome "-s" "run" "-c" "/etc/adguard/adguard.yaml"
 
 WorkingDirectory=/opt/adguard