AdGuard Home setup guide

[RamSense]

do have you adguard on 53 and unbound on 5353?

[cookiemonster]

I have Unbound on 53 pushing dns requests on via "Custom Options" to my preferred stub on localhost:853.
AdG is running on 5353.
DHCP clients get the independent pi-hole ipaddress as DNS server and pihole listens on 53 and has OPN as its upstream.
So currently clients DNS requests go:
client > pi-hole:53 > OPN-Unbound:53 > OPN-Stubby:853 > DoT resolvers.
Then to test ADG I put it inline:
client > pi-hole:53 > OPN-AdG:5353 > OPN-Unbound:53 > OPN-Stubby:853 > DoT resolvers.
With testing OK now I wanted to just bypass pi-hole.
That's where I'm scratching my head. Getting DHCPv4 to push 5353 to the clients.

[RamSense]

Maybe it is the easiest way in your config to shutdown pihole and run than AdG on port 53 also to see if that works, and work from there?

[cookiemonster]

pi-hole being "there" is not an issue. My issue is getting OPN to dish out a different port via DHCP for a DNS resolver.
If pi-hole was out of the equation I can change the listening ports on both Unbound or AdG but the tricky part is with AdG now being on the same IP (plugin on OPN). It could look like this:
client > OPN-AdG:53 > OPN-Unbound:5353 > OPN-Stubby:853 > DoT resolvers.
But then how do I get DHCP to push clients to AdG on 53. Hm, that could work actually. I'll check.
I appreciate the input.

[madindehead]

I have the opnsense adguard home plugin running - https://www.routerperformance.net/opnsense-repo/

What dns setting do you have in your Wireguard client config? I Use the Wireguard interface eg: 10.10.10.1

In Adguard dns settings i have
Bootstrap dns servers: 192.168.1.1:5353
private dns servers: 192.168.1.1:5353
where 192.168.1.1 is my opnsense ip and have Services: Unbound DNS: General - Listen Port : 5353

hope that helps.

In the client config (on my phone) I used the WireGuard interface IP (let's say it's 10.10.10.1).
On OPNsense, I didn't set a DNS server at the end point.

The issue is definitely with AdGuard Home added in.

I will recheck my configuration later today and see if I'm messing something up along the way.

The fixes at this threadt didn't seem to work for me: https://forum.opnsense.org/index.php?topic=22409.0

[RamSense]

https://forum.opnsense.org/index.php?topic=22918.0

[madindehead]

I might look at just removing Unbound from the chain right now.

I'm getting very confused as to why I suddenly can't resolve local names.

I use a domain name, example.net, for my internal network. This now isn't resolving.
I previously had my OPNsense router IP as my top upstream DNS in AdGuard, but I don't think this is correct?

I've discovered that you can definite a DNS server in upstream for specific domains, e.g. [/host.com/]1.2.3.4 (from here: https://github.com/AdguardTeam/AdGuardHome/wiki/Configuration#upstreams).

I feel like this is quite flakey and the sheer amount of conflicting and confusing posts in here isn't making it any easier to understand  :-\ Definitely need a concise roundup/summary of what is correct.

Update: I had to re-enable the Static DHCP mapping and register leases in Unbound and it started working again for now. There's probably something else I could do to fix this, but for now I don't have the time to mess around too much.

[cookiemonster]

pi-hole being "there" is not an issue. My issue is getting OPN to dish out a different port via DHCP for a DNS resolver.
If pi-hole was out of the equation I can change the listening ports on both Unbound or AdG but the tricky part is with AdG now being on the same IP (plugin on OPN). It could look like this:
client > OPN-AdG:53 > OPN-Unbound:5353 > OPN-Stubby:853 > DoT resolvers.
But then how do I get DHCP to push clients to AdG on 53. Hm, that could work actually. I'll check.
I appreciate the input.

Yup that worked. I've bypassed pi-hole now. It's still on so I can push the queries back but so far all good. I was expecting my firewall rules to be a little trickier with being localhost but so far just replacing the ip with the lan local has worked without problem.
I had to test different ad hosts blocklists but so far functionally I'm good.

[madindehead]

Hmm. I may have fixed my WireGuard issue.

I had a Port Forward rule from WAN address to a different net and using the WireGuard port. When I disabled that it seemed to start working again.

Very weird. I can't use my local domain name right now, but I'm getting there. 

Update: I think it's all fixed now. Used the WG interface as the DNS and it seems to work fine. Also added 1.1.1.1 to be safe. So have local name resolution and internet.

[flushell]

For local DNS I now use Unbound in OPNsense. I own a domain name and I have Pi-hole configured to do Conditional forwarding for my domain.

If I want to switch to adguard, how does Adguard know when to query Unbound for local domain? Does it take the domainname configured in OPNsense (Under System - Settings - General - Domain)?

[burntoc]

deleted

[yeraycito]

Adguard beta ?

I have upgraded Opnsense to 21.7.3. After restarting Opnsense Adguard has moved to a beta version. After 10 minutes I logged in again and I had a new update, also beta. Adguard works fine but I don't quite understand the move to beta software.

[Vesalius]

Per the OPNsense adguard home maintainer on the reason for moving to .107 beta.

https://www.reddit.com/r/OPNsenseFirewall/comments/pm84nr/need_betatesters_for_adguardhome_0107_update/

https://www.reddit.com/r/OPNsenseFirewall/comments/pndq1m/new_updates_to_community_repo_adguardhome_caddy/

[yeraycito]

Thank you, I didn't know that.

[RamSense]

Question about the config of Adguard Home: Is there a way to backup and restore the adguard home config?
Or is this already being added to the opnsense backup config file?