AdGuard Home setup guide

[mkono87]

The thing I have noticed that when I try to connect to another VLAN even by a simple ping or to access a web ui. It will hang on a first attempt. If I cancel and ping again or refresh the page it connects without issue. Im not exactly where this is happening. Its acting is if there is no route table created or something. Would love some insight into why this could be happening. Forgive me if this isnt enough info, just ask and il be happy to provide.

[RamSense]

I was looking into the AdGuard Home queries and saw .local and .localdomain with processed NXDOMAIN.

Is it normal to have those queried to outside dns (in my case cloudflare)

Is there a way to have those queried only locally?

[wadhwa]

Add following to your upstream DNS servers box:

[/mydomain.local/]192.168.1.1

replace mydomain.local with your local domain and 192.168.1.1 with your local DNS server IP.

I was looking into the AdGuard Home queries and saw .local and .localdomain with processed NXDOMAIN.

Is it normal to have those queried to outside dns (in my case cloudflare)

Is there a way to have those queried only locally?

[RamSense]

thnx for that tip.
But I see also domains like wpad.localdomain and api.wordpress.org.localdomain etc.
So I just tried a custom filtering rule (block):
||*.local^$important
||*.localdomain^$important

don't know what is better?

On further thought... maybe I can better add [/localdomain/]192.168.1.1:5353
to the Upstream DNS server

[wadhwa]

To Reject all wdap you can use following custom filtering rule:

Code Select Expand

/wpad[.]([a-z0-9.])*/$dnsrewrite=NXDOMAIN;;

I have seen api.wordpress.org.localdomain, when you use Blocking mode as NXDOMAIN, change to default and these will go away...

thnx for that tip.
But I see also domains like wpad.localdomain and api.wordpress.org.localdomain etc.
So I just tried a custom filtering rule (block):
||*.local^$important
||*.localdomain^$important

don't know what is better?

On further thought... maybe I can better add [/localdomain/]192.168.1.1:5353
to the Upstream DNS server

[moe]

Are there anything happend with AdGuard? I am currently unable to log into the webinterface running on my opnsense installation.
Do I need custom username for this interface or is it the same as the admin-panel from opnsense?
I have used ADGuard now for really long time without any troubles, but now i am not able to login.

On the frontend from Opnsense i use ldap for the authentication.

Thanks for help.
Kind regards

[sclawrenc]

I followed the guide at the site listed below to setup AdGuard Home using the freebsd version instead of the community plugin, and it's working great other than I only see one client (127.0.0.1) listed in the clients.  All DNS queries are processing as far as I can tell.  Anyone know how to fix my setup to show the individual clients instead of only 127.0.0.1?

Any thoughts on using the guide I linked below versus using the community plugin?

Thanks

https://forums.torguard.net/index.php?/topic/2545-opnsense-adguardhome-total-control-mode-doq/#replyForm

[sclawrenc]

In regards to my post above, I suspect it has to do with the fact Unbound is listening on port 53 and AdGuard is listening on port 53530, but I'm not certain how to go about fixing it.  I could try some things and probably will in the meantime until someone has some feedback.  :)

[RamSense]

Why not use the plugin version? Works great, including updates :-)

But For your unbound: have you tried setting unbound to port 5353 and adguard on port 53?
and in Adguard dns settings: Bootstrap DNS servers and Private reverse DNS servers pointing to opnsenseip:5353

That's my setting.

[sclawrenc]

Why not use the plugin version? Works great, including updates :-)

But For your unbound: have you tried setting unbound to port 5353 and adguard on port 53?
and in Adguard dns settings: Bootstrap DNS servers and Private reverse DNS servers pointing to opnsenseip:5353

That's my setting.

Thanks RamSense for your response.  I tried the plugin first, ran into an issue (most likely misconfiguration on my side), and then decided to try that other guide for fun, plus I wanted to use IPv6, but I'm not sure the plugin version supports it.  I think it would, but I am not certain.

[RamSense]

Ah ok. Well I hope you can get it to work with changing the ports.

p.s. I have also (very recently) got ipv6 and I can confirm it works with the plugin version.

[sclawrenc]

Thanks RamSense.  Are you able to see the individual clients in AdGuard or do they all show coming from your router or local host IP?  Also, what did you do different to get IPv6 working?  Thanks again.

[RamSense]

settings - client settings -> I see the ipv6 devices and gave them a name in adguard. Opnsense is DHCP.
I did not have to do any changes in adguard, it worked right away. I do not remember what interfaces I used with the adguard install, maybe I just did all interfaces and that is why I did not have to change anything (?)

In opnsense i have static ipv6 what works great, but there is still a ipv6 bug in freebsd what will be hopefully fixed in the opnsense 22.1 / freebsd 13 version. see e.g. here: https://forum.opnsense.org/index.php?topic=25824.0

[supercm]

Has anyone gotten AdGuard to also listed on virtual IP addresses?

[mkono87]

Has anyone setup keepalived to sync with this with a second instance on another server for high availability?