Adguard Home + unbound DNS -> Problems updating Home Assistant

Started by roli.ko, June 21, 2021, 09:52:26 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions
June 21, 2021, 09:52:26 AM
Hello,
I´m relativly new in opnsense and at the moment nearly everything is working great. My actual issue is, that I can not update my Home Assistant installation when Adguard is running.

Used Versions

  • Versions   OPNsense 21.1.7_1-amd64
  • FreeBSD 12.1-RELEASE-p18-HBSD
  • OpenSSL 1.1.1k 25 Mar 2021
  • os-adguardhome-maxit / 1.5 / AdGuardHome 0.106.1


Adguard

  • Same Machine
  • Port: 53
  • Upstream-DNS Server: 127.0.0.1:53530
  • Bootstrap DNS-Server: 127.0.0.1:53530

Unbound DNS
General

  • Listen Port: 53530
  • Network Interfaces: ALL
  • DNSSEC: Enabled
  • DHCP Registration: enabled
  • DHCP Static Mappings: enabled
  • IPv6 Link-loal: enabled

Miscellaneous
DNS over TLS Server:

  • 1.1.1.1@853
  • 1.0.0.1@853
  • 2606:4700:4700::1111@853
  • 2606:4700:4700::1001@853

Problem: Update of Home Assistant including Add Ons not possible.
Tested cases

  • Adguard enabled + Unbound DNS: NOK
  • Adguard enabled (all lists disabled) + Unbound DNS: NOK
  • Adguard disabled + Unbound DNS: NOK
  • Adguard stopped / Unbound DNS alone: OK


Error Description e.g. when updating esphome:

QuoteCan't install esphome/esphome-hassio-aarch64:1.19.2: 500 Server Error for http+docker://localhost/v1.41/images/create?tag=1.19.2&fromImage=esphome%2Fesphome-hassio-aarch64: Internal Server Error ("Get "https://registry-1.docker.io/v2/": context deadline exceeded (Client.Timeout exceeded while awaiting headers)")

Logfile of such a situation:

Code Select
2021-06-21T09:29:59 unbound[74010] [74010:2] info: 127.0.0.1 registry-1.docker.io. A IN
2021-06-21T09:29:59 unbound[74010] [74010:3] info: 127.0.0.1 registry-1.docker.io. AAAA IN
2021-06-21T09:29:58 unbound[74010] [74010:1] debug: cache memory msg=174111 rrset=204987 infra=11364 val=148360
2021-06-21T09:29:58 unbound[74010] [74010:1] info: validation success version.home-assistant.io. AAAA IN
2021-06-21T09:29:58 unbound[74010] [74010:1] info: validate(positive): sec_status_secure
2021-06-21T09:29:58 unbound[74010] [74010:1] info: validator operate: query version.home-assistant.io. AAAA IN
2021-06-21T09:29:58 unbound[74010] [74010:1] debug: validator[module 0] operate: extstate:module_wait_module event:module_event_moddone
2021-06-21T09:29:58 unbound[74010] [74010:1] info: finishing processing for version.home-assistant.io. AAAA IN
2021-06-21T09:29:58 unbound[74010] [74010:1] info: query response was ANSWER
2021-06-21T09:29:58 unbound[74010] [74010:1] info: reply from <.> 1.0.0.1#853
2021-06-21T09:29:58 unbound[74010] [74010:1] info: response for version.home-assistant.io. AAAA IN
2021-06-21T09:29:58 unbound[74010] [74010:1] info: iterator operate: query version.home-assistant.io. AAAA IN
2021-06-21T09:29:58 unbound[74010] [74010:1] debug: iterator[module 1] operate: extstate:module_wait_reply event:module_event_reply
2021-06-21T09:29:58 unbound[74010] [74010:1] debug: cache memory msg=174111 rrset=204987 infra=11364 val=148360
2021-06-21T09:29:58 unbound[74010] [74010:1] debug: sending to target: <.> 1.0.0.1#853
2021-06-21T09:29:58 unbound[74010] [74010:1] info: sending query: version.home-assistant.io. AAAA IN
2021-06-21T09:29:58 unbound[74010] [74010:1] info: processQueryTargets: version.home-assistant.io. AAAA IN
2021-06-21T09:29:58 unbound[74010] [74010:1] info: error sending query to auth server 2606:4700:4700::1111 port 853
2021-06-21T09:29:58 unbound[74010] [74010:1] debug: sending to target: <.> 2606:4700:4700::1111#853
2021-06-21T09:29:58 unbound[74010] [74010:1] info: sending query: version.home-assistant.io. AAAA IN
2021-06-21T09:29:58 unbound[74010] [74010:1] info: processQueryTargets: version.home-assistant.io. AAAA IN
2021-06-21T09:29:58 unbound[74010] [74010:1] info: error sending query to auth server 2606:4700:4700::1111 port 853
2021-06-21T09:29:58 unbound[74010] [74010:1] debug: sending to target: <.> 2606:4700:4700::1111#853
2021-06-21T09:29:58 unbound[74010] [74010:1] info: sending query: version.home-assistant.io. AAAA IN
2021-06-21T09:29:58 unbound[74010] [74010:1] info: processQueryTargets: version.home-assistant.io. AAAA IN
2021-06-21T09:29:58 unbound[74010] [74010:1] info: error sending query to auth server 2606:4700:4700::1001 port 853
2021-06-21T09:29:58 unbound[74010] [74010:1] debug: sending to target: <.> 2606:4700:4700::1001#853
2021-06-21T09:29:58 unbound[74010] [74010:1] info: sending query: version.home-assistant.io. AAAA IN
2021-06-21T09:29:58 unbound[74010] [74010:1] info: processQueryTargets: version.home-assistant.io. AAAA IN
2021-06-21T09:29:58 unbound[74010] [74010:1] info: resolving version.home-assistant.io. AAAA IN
2021-06-21T09:29:58 unbound[74010] [74010:1] debug: iterator[module 1] operate: extstate:module_state_initial event:module_event_pass
2021-06-21T09:29:58 unbound[74010] [74010:1] info: validator operate: query version.home-assistant.io. AAAA IN
2021-06-21T09:29:58 unbound[74010] [74010:1] debug: validator[module 0] operate: extstate:module_state_initial event:module_event_new
2021-06-21T09:29:58 unbound[74010] [74010:1] info: 127.0.0.1 version.home-assistant.io. AAAA IN
2021-06-21T09:29:53 unbound[74010] [74010:3] debug: outnettcp got tcp error -1
2021-06-21T09:29:53 unbound[74010] [74010:1] info: 127.0.0.1 registry-1.docker.io. AAAA IN
2021-06-21T09:29:48 unbound[74010] [74010:0] info: 127.0.0.1 registry-1.docker.io. AAAA IN
2021-06-21T09:29:43 unbound[74010] [74010:3] debug: cache memory msg=174111 rrset=204987 infra=11364 val=148360


Does anybody know this behaviour and is there a solution which can be shared?
Thanks in advanced
Roland
June 21, 2021, 05:21:19 PM #1
Hello, try the following:

1 - Update Adguardhome to version 0.106.3

2 - Adguard
Same Machine
Port: 53
Upstream-DNS Server: 192.168.1.1:5353
Bootstrap DNS-Server: 192.168.1.1:5353

3 - Unbound DNS
General
Listen Port: 5353
Network Interfaces: ALL
DNSSEC: Enabled
DHCP Registration: disabled
DHCP Static Mappings: disabled
IPv6 Link-loal: disabled

4 - Leave the rest as you have it

5 - Restart Opnsense
June 21, 2021, 08:06:22 PM #2
thanks. will test it. before i have to check how to update to version 0.106.3. I used os-adguardhome-maxit, so I have to switch to manual installation I think.
June 22, 2021, 06:38:42 AM #3
Hello,

I installed Version 0.106.3 and changed the settings as proposed. The only difference is the port. It is 53530 because 5353 is used by mDNS.

Everything I tested is possible, except update of homeassistant
Print
Go Up Pages1
User actions