English Forums > Documentation and Translation

AdGuard Home setup guide

<< < (36/61) > >>

Coastal9772:
Delete

Coastal9772:
How do I know if my DNS requests are using DoT when using this implementation? Do I still set DoT on opnsense' end as well or just in AdGuard?

Vexz:
So I followed the instructions here to setup AGH on my OPNsense. It's working fine so far but I have one issue that bugs me. I don't know whether this is some problem with AGH itself or something else.

When I set the upstream DNS servers in AGH it's always complaining that my entered DNS server is wrong.
For example: tls://1.1.1.1 works just fine but tls://1dot1dot1dot1.cloudflare-dns.com is not accepted.
Same problem with any other upstream DNS server.

I found threads on reddit where people experienced the same problem but they just use the working solution from above but I don't like that.

Does anybody know what to do to fix this?

Edit:
I found the solution: The problem was that I blocked outgoing packages with destination port 53 to ensure DoT and DoH must be used to resolve domain names. That made it impossible for the bootstrap DNS servers to resolve the names of my upstream DNS servers.

tommiy:
Hi, I’m looking for some assistance as I’ve read the entire 12 pages and have not been able to get opnsense dns resolution working after the settings below are applied. It times out. There are a number of requests in the thread which states to follow the set up which I think I have done but still the own self status check does not work.

Appreciate any input.

Opnsense 22.7.4

1 - Activate mimugmail's community repository
2 - Install AdGuardHome from System --> Firmware --> Plugins
3 - Activate and start AdGuardHome from Services --> AdGuardHome
4 - Opnsense - System - Settings -General
      DNS Servers: empty
      Untick: Do not use the local DNS service as a nameserver for this system
      Untick: Allow DNS server list to be overridden by DHCP/PPP on WAN
5 - Services – DHCPv4 – [LAN] : DNS Servers all blank
6 – Opnsense – Servies - Unbound DNS – General
       Tick: Enable Unbound
       Tick: Enable DNSSEC Support
       Tick: Register DHCP Leases
       Tick: Register DHCP static mappings
       Tick: Register IPv6 link-local addresses
7 - Opnsense - Services - Unbound - Dns Over Tls
      Untick: Use System Nameservers
      Domain: blank
      Server IP: 1.1.1.1
      Server Port: 853
      Verify CN: cloudflare-dns.com

8 - Opnsense - Services - Unbound - General
 
     Listen Port: 53530

9 - Navigate to http://your.opnsense:3000/ ( 192.168.1.1:3000 ) to complete the setup Adguard

10 - Adguard Home - DNS Configuration - Upstream Servers: Add router_ip:53530  ( 192.168.1.1:5353 ) Delete those that exist

11 – Adguard Home – DNS Configuration – Private reverse DNS servers
       127.0.0.1:53530
      192.168.1.1:53530



Edit
Unfortunately with either the above configuration and or the previous one when I visit
https://1.1.1.1/help
it states that DNS over TLS is not being used. So I'm at a loss. Appears AGH is running and using unbound but unbound is not using the DNS over TLS configuration?

Edit
I remove AGH from the picture to validate that unbound is performing DNS over TLS. Using tcp dump on the WAN interface I can see that there are TLS sessions set up to 1.1.11 and 1.0.0.1 but the client dns queries are still going out the WAN interface on port 53. Guess that LAN fw rule may be required. I need to resolve this I guess before being concerned with AGH.

Edit
Easier avenue for initially validating DNS over TLS is Services-Unbound-Advance and set log level verbosity =2 and tick Log Queries. Then in unbound logs set to informational and you will see the queries and port #.

Solved
Issue is when you install AGH you need to bind to all interfaces or later edit the /usr/local/AdGuardHome/AdGuardHome.yaml file to bind to 0.0.0.0. Doing that permits the resolv.conf to still point to 127.0.0.1 which is bound to AGH and then to Unbound. The unbound logs are showing #853. So I'm happy. Good learning session.

yeraycito:
Opnsense 22.7.4 Install:

1 - Activate mimugmail's community repository

2 - Install AdGuardHome from System --> Firmware --> Plugins

3 - Opnsense - System - Settings -General

      DNS Servers: empty

      Untick: Do not use the local DNS service as a nameserver for this system

      Untick: Allow DNS server list to be overridden by DHCP/PPP on WAN

4 - Services – DHCPv4 – [LAN] : DNS Servers all empty

5 – Opnsense – Services - Unbound DNS – General

       Tick: Enable Unbound ( Listen Port: 5353 )

       Tick: Enable DNSSEC Support
       
       Network Interfaces: All

6 - Opnsense - Services - Unbound - Dns Over Tls

      Server IP: 1.1.1.1

      Server Port: 853

      Verify CN: cloudflare-dns.com

7 - Activate and start AdGuardHome from Services --> AdGuardHome

8 - Navigate to http://Opnsense ip:3000/ ( 192.168.1.1:3000 ) to complete the setup Adguard

9 - Adguard Home - DNS Configuration - Upstream Servers:

      Add Opnsense ip:5353  ( 192.168.1.1:5353 ) Delete those that exist

10 – Adguard Home – DNS Configuration – Bootstrap DNS servers

      Add Opnsense ip:5353  ( 192.168.1.1:5353 ) Delete those that exist
     
11 - Adguard Home - DNS Configuration - Private reverse DNS servers:

           192.168.1.1:5353

           
Extra Wireguard: If we have created a wireguard network in Opnsense, for example, 10.0.0.1/24 we have to set the dns 10.0.0.1 in the wireguard clients. In Wireguard Opnsense it is not necessary to configure anything.

Navigation

[0] Message Index

[#] Next page

[*] Previous page

Go to full version