Hello,
I've installed the Adguard Home package on my OPNSense box. AGH listens on port 53 and forwards to the configured upstream 127.0.0.1:5335, where Unbound is listening. My network is dual-stack IPv4 and IPv6 which is important for my problem. The issue I'm having is that AGH does not forward reverse DNS lookups for private IP ranges (such as 192.168.0.0/16) to the configured upstream private reverse DNS server; instead, it returns NXDOMAIN. Looking at the AGH DNS configuration, I think I know why. The AGH configuration instructions for the reverse private DNS server state the following:
"A request is considered private if it asks for an ARPA domain containing a subnet within private IP ranges (such as "192.168.12.34") and comes from a client with a private IP address."
My client, a Windows PC, is making the reverse DNS request using its public IPv6 address; thus, the request doesn't "come from a client with a private IP address" and it seems that AGH doesn't consider it as a private rDNS request although it's for a private IP in the range 192.168.0.0/16. Is there any way to fix this in AGH? What would be needed is to not require that the request origin be a "client with a private IP address".
Thanks!
AGH does allow you to configure a list of private_networks, although I don't see any way to do it through the brower UI. Edit /usr/local/AdGuardHome/AdGuardHome.yaml and set something like:
dns:
...
private_networks:
- 10.0.0.0/8
- 192.168.0.0/16
...
- 2001:xxxx:xxxx:xx00::/56
...
...
(then restart the AGH service)
Thanks! I had read about private_networks in the unbound documentation, but I thought it applies only to the networks being looked up, not the origin of the request. Does it apply to the origin?
Thanks.
I tried it before I suggest it, and it seems to work for me...
Thank you!!