AdGuard Home setup guide

Started by N0_Klu3, March 19, 2021, 10:54:50 PM

Previous topic - Next topic
Print
Go Down Pages 1 ... 13 14 15 16 17 ... 24
User actions
January 17, 2023, 10:45:20 AM #210 Last Edit: January 17, 2023, 10:47:39 AM by hushcoden
Quote from: pmhausen on January 16, 2023, 10:24:56 PM
I do not know what the "bootstrap" is for from the top of my head but I also do not set this. If AGH forwards to a full capable local resolver, e.g. Unbound or BIND, only the "upstream" setting is necessary.
I recall I read on the AdGuard forum that bootstrap addresses are basically only used to resolve the hosts in the upstream servers (and that's also the comment you see in that section).
January 17, 2023, 11:03:42 AM #211
Makes sense. But then I put IP addresses in forwarder configurations, not host names.
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)
January 17, 2023, 11:13:01 AM #212
Quote from: pmhausen on January 17, 2023, 10:29:57 AM
Yes.

Then I'm doing some else wrong. If I go into Firewall > Rules > "Notebook" my test Network called "Notebook" (do also have a NAT Port Forward rule for it), then the upper rule is the one automatically set from the NAT rule.

After that rule I have to create another rule (I think this one is not working correct) that I can get any DNS resolution and the last rule is my rule, that I can access the internet but no RFC1918 Networks.
Maybe this rule is also not correct?

What rules do I need within this "Notebook" network, that the devices can access the internet but not other local networks?

January 17, 2023, 11:00:03 PM #213
Quote from: pmhausen on January 16, 2023, 10:24:56 PM
If the forward DNS server is identical with the one keeping your local forward and reverse zones, than you do not need the "private reverse" setting. This is for the occasions when the two are different.


They are identical, but it does not work. No hostnames showing up - only IPs.
January 19, 2023, 12:25:33 PM #214
Maybe I found something. Could it be, that I need to set the Admin Web Interface "Listening Interface" to All instead of my LAN Network?

At the moment it's only listening on the IP of my OPNsense itself (example igc1 - 192.168.1.1).

I could choose:
- All
- WAN
- LAN
- Loopback

Or should I choose the loopback interface 127.0.0.1?
January 19, 2023, 12:44:59 PM #215 Last Edit: January 19, 2023, 12:52:13 PM by RamSense
it states that ALL is recommended :-), but you can change it see also the opnsense manual: https://docs.opnsense.org/manual/settingsmenu.html

p.s. also change the order of the firewall rules. You start with all -> source  * and port * ..... port 53
Than the ones below that one for port 53 will not be reached.
End with the first one en put the other above the allow all/auto rule
Deciso DEC850v2
January 19, 2023, 01:02:30 PM #216
Quote from: RamSense on January 19, 2023, 12:44:59 PM
it states that ALL is recommended :-), but you can change it see also the opnsense manual: https://docs.opnsense.org/manual/settingsmenu.html

Within the OPNsense manual there is no manual for the AdGuard Home plugin. Already checked.
January 19, 2023, 01:12:56 PM #217
Ah, I was mistaken and thought you were referring to the opnsense gui listening ports.
Adguard listening to all works without thinking, but you can also manually configure it to listen only to your preferred interfaces.
Deciso DEC850v2
January 19, 2023, 01:16:07 PM #218
Thx for your feedback.

The issue I still have is, that it doesn't resolve the host names within AGH. Only showing IPs.
Everything is working.

When I look at my OPNsense within DHCPv4 Leases I can see the hostnames of my devices.

Within unbound I activated:
- Register DHCP static mappings
- Register DHCP leases
- Flush DNS cache during reload
- Enable DNSSEC

Unbound Local Zone Type is: transparent
January 19, 2023, 01:37:05 PM #219
As soon as I enter 192.168.1.1:53530 within private reverse DNS servers AGH starts resolving hostnames.

But what confuses me is, that all of you are saying, that it also should work without any entry within this section.

If I leave it blank it stops resolving host names.
January 19, 2023, 02:45:09 PM #220
Do you have the same 192.168.1.1:53530 as the regular upstream DNS?
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)
January 19, 2023, 02:58:43 PM #221
Quote from: pmhausen on January 19, 2023, 02:45:09 PM
Do you have the same 192.168.1.1:53530 as the regular upstream DNS?

Yes.

Config is:
ADGUARD:
Code Select
bind_host: 192.168.1.1
bind_port: 3000
beta_bind_port: 0
...
dns:
  bind_hosts:
    - 0.0.0.0
  port: 53


AdGuard Webinterface:
Code Select

Upstream DNS servers: 192.168.1.1:53530


UNBOUND:
Code Select

Listen Port: 53530
Interfaces: All
DNSSEC = on
DHCP leases = on
Static mappings = on
Ipv6 link-local = on
Local Zone Type = transparent


OPNsense IP = 192.168.1.1

When the "Private reverse DNS servers" field is empty, then I do noch get any host resolution.
When I enter 192.168.1.1:53530 within Private reverse DNS servers I do get those host names.
January 19, 2023, 03:36:07 PM #222
Must be a feature then. I honestly don't know. AGH is a project entirely unrelated to OPNsense. May I suggest checking their documentation?
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)
January 19, 2023, 03:44:28 PM #223
Will do.

I also find the documentation/video from the original source:

https://www.max-it.de/adguard-dns-blocker-neues-opnsense-plugin/

He is showing it in an other way.
Going with an other port for AGH and leaving port from Unbound at 53.
Then making a NAT Port Forward to (in this video) 5310.

Why not choosing this way? Is there any downside?

The advantage would be, that the Firewall itself does not need to go through AGH and other networks, which I don't want to can also be Unbound only.
January 28, 2023, 01:35:39 AM #224
Opnsense 23.1 Install:

1 - Activate mimugmail's community repository:

SSH Opnsense: fetch -o /usr/local/etc/pkg/repos/mimugmail.conf https://www.routerperformance.net/mimugmail.conf

2 - Install AdGuardHome from System --> Firmware --> Plugins

3 - Opnsense - System - Settings -General

      DNS Servers: empty

      Untick: Do not use the local DNS service as a nameserver for this system

      Untick: Allow DNS server list to be overridden by DHCP/PPP on WAN

4 - Services – DHCPv4 – [LAN] : DNS Servers all empty

5 – Opnsense – Services - Unbound DNS – General

       Tick: Enable Unbound ( Listen Port: 5353 )

       Tick: Enable DNSSEC Support
       
       Network Interfaces: All

6 - Opnsense - Services - Unbound - Dns Over Tls

      Server IP: 1.1.1.1

      Server Port: 853

      Verify CN: cloudflare-dns.com

7 - Activate and start AdGuardHome from Services --> AdGuardHome

8 - Navigate to http://Opnsense ip:3000/ ( 192.168.1.1:3000 ) to complete the setup Adguard

9 - Adguard Home - DNS Configuration - Upstream Servers:

      Add Opnsense ip:5353  ( 192.168.1.1:5353 ) Delete those that exist

10 – Adguard Home – DNS Configuration – Bootstrap DNS servers

      Add Opnsense ip:5353  ( 192.168.1.1:5353 ) Delete those that exist
     
11 - Adguard Home - DNS Configuration - Private reverse DNS servers:

           192.168.1.1:5353
Print
Go Up Pages 1 ... 13 14 15 16 17 ... 24
User actions