Hello!
By no means assume this is an OPNSense issue, but being it [adguard] is on it, thought maybe anyone else knew the solution. As topic states, all is well but only ever shows 1 host, 192.168.5.1, the Gateway/OPNSense Firewall and none of the actual host ip's of the machines.
If you have your clients use the OPNsense recursive DNS server and OPNsense forward to AdGuard (Home, i assume?) that is to be expected. You need to direct your clients to AGH and have that forward to OPNsense.
Hmmm, not sure how to respond.
Let me see.
OPNSense is handing out the DHCP Server IP's... The clients grab their IP
and DNS from the DHCP Server 192.168.5.1.
Adguard is using
Quote192.168.5.1:5353
.
Adguard is
not handing out DHCP.
OPNSense Unbound DNS is set to Port 53, but I have a Query Forwarding to Address 192.168.5.1 Port 5353.
Does this tell of my situation any more?
Set AdGuard Home to port 53 and Unbound to 5353 and set AdGuard Home to use Unbound as its upstream DNS.
Hello!
So does this mean I do not enable/utilize the query forwarding (on opnsense unbound)
1.) Adguard set to 53
2.) OPNSense/Unbound set to Port 5353
2.) Under Addguard settings, set the UPSTREAM to 192.168.5.181:5353
Yes. If AdGuard Home only receives requests from your Unbound, how could it log anything but that single IP address? If you want to see your clients in the AGH UI you must have your clients use AGH first.
In Unbound you do not configure an upstream/forwarder DNS at all in this setup.
Alright, that all makes sense. For some reason DNS (Not the concept but implementation) has always been a cloud over me.
I was curious, since I may as well ask all the details,
OPNSense:System:Settings:General do I put in DNS 1&2 I.E 1.1.1.1 and 8.8.8.8?
Opnsense: Services:DHCP:LAN: Do I leave the DNS Servers Blank and it uses default OPNSense, or do I put in 192.168.5.1, which would be Adguard:53.. Which as I am understanding uses the uplink to 192.168.5.181:5353 which is Unbound, which I am assuming then uses the OPNSense 1.1.1.1/8.8.8.8?
Is there really even a reason to use Unbound and simply not just put 2 uplink dns servers on adguard 1.1.1.1/8.8.8.8? Or is there a benefit to it?
Well, I disabled Unbound... I set the rest as you mentioned and it works fine and I see each individual client. I thank you.
Being a home setup, am I find with the https://dns10.quad9.net/dns-query as the DNS Server or are there better?
I don't use any public DNS servers, so I cannot recommend one.
Quote from: fbeye on May 23, 2023, 04:17:46 AM
Well, I disabled Unbound... I set the rest as you mentioned and it works fine and I see each individual client. I thank you.
Being a home setup, am I find with the https://dns10.quad9.net/dns-query as the DNS Server or are there better?
Your search terms are
uncensored non-logging dns servers
and then choose something close to you, depending where you are located... ;-)
Everything works great, I am happy and I appreciate the responses and help.
Using Unbound, I was able to do local DNS so while on the LAN could type in host name and it worked. I was under the impression that Adguard Home did the same, and I see an option under filters>create and did, for example, heimdall.blah.duckdns.org 192.168.5.181 but it does not work, times out. Is this in theory the correct way and it should be working?
I rebooted OPNSense (adguard alog with it) and my PC as well as flushed the DNS. I do not wanna go back to the unbound/adguard combo but I know it worked that way, so hoping I am missing a silly configuration.
To resolve local (LAN/DHCP) hostnames you must use Unbound. AGH does not do that. Activate Unbound on port 5353 (for example) and have AGH forward to 127.0.0.1:5353.
Ugh! I am sorry, "AGH forward to 127.0.0.1:5353"
Would this be under DNS Rewrite?
You will want to configure AGH to forward DNS queries for your local domain to Unbound which you seem to have running on port 5353
based on the "heimdall.blah.duckdns.org" example you provided, do the following
in AGH, Settings > DNS Settings, in the "Upstream DNS Servers" text box add the below at the bottom
#local hosts resolver
[/blah.duckdns.org/]127.0.0.1:5353
This entry will forward all DNS queries for the domain blah.duckdns.org to 127.0.0.1:5353. You may need to adjust blah.duckdns.org and port 5353 based on your actual configuration.
The "configuring upstream" section of the AGH wiki covers this in some detail as well, https://github.com/AdguardTeam/AdGuardHome/wiki/Configuration#upstreams
Brilliant! Just brilliant!
All works as it should, all set up at I want it, no substitutions. Thank you!
Am I able to "SOLVED" this or does a moderator have to?
.