Messages

1

General Discussion / Re: Reverse DNS for local IPs failing with Adguard Home and IPv6

« on: November 24, 2024, 11:37:05 pm »

Thanks!  I had read about private_networks in the unbound documentation, but I thought it applies only to the networks being looked up, not the origin of the request.  Does it apply to the origin?

Thanks.

2

General Discussion / Reverse DNS for local IPs failing with Adguard Home and IPv6

« on: November 24, 2024, 04:34:53 am »

Hello,

I've installed the Adguard Home package on my OPNSense box.  AGH listens on port 53 and forwards to the configured upstream 127.0.0.1:5335, where Unbound is listening.  My network is dual-stack IPv4 and IPv6 which is important for my problem.  The issue I'm having is that AGH does not forward reverse DNS lookups for private IP ranges (such as 192.168.0.0/16) to the configured upstream private reverse DNS server; instead, it returns NXDOMAIN.  Looking at the AGH DNS configuration, I think I know why.  The AGH configuration instructions for the reverse private DNS server state the following:

"A request is considered private if it asks for an ARPA domain containing a subnet within private IP ranges (such as "192.168.12.34") and comes from a client with a private IP address."

My client, a Windows PC, is making the reverse DNS request using its public IPv6 address; thus, the request doesn't "come from a client with a private IP address" and it seems that AGH doesn't consider it as a private rDNS request although it's for a private IP in the range 192.168.0.0/16.  Is there any way to fix this in AGH?  What would be needed is to not require that the request origin be a "client with a private IP address".

Thanks!