[AdGuardHome] DNS not working on VIP interface

[kayti]

Hello,
I have strange problem and i can't find what can be the root of it. I set up AdGuardHome (mimugmail repository). It works very well, with AGH working on port 53 and Unbound on 5353 (for registering in AGH DHCP leases). However, after setting VIP addresses for HA (HA is working perfectly), AGH is not working on VIP interface (but it is normally listed in AGH setup). When i try to nslookup different domains via VIP interface address, nslookup times out and OPNSense nor AGH don't even show anything in logs (Firewall, general, backend and AGH log). Unbound works well on VIP via 5353 port so it is clearly not entirely VIP interface fault but rather AGH using VIP interface bug.

I know this is community repository and not directly related to OPNSense, but maybe someone has any idea how to try to debug this?

[Patrick M. Hausen]

This is probably due to a known bug in the FreeBSD golang implementation that cannot be fixed by the AGH team, unfortunately. If the queries go to the VIP, the answers sent by AGH come from the "real" interface address and are ignored by any correctly working client.

See:
https://github.com/AdguardTeam/AdGuardHome/issues/3015

Workaround: have AGH listen on 127.0.0.1 and use inbound port forwarding NAT to facilitate the queries.

[kayti]

Thanks, workaround is working well :)

[Travis2359345]

This is probably due to a known bug in the FreeBSD golang implementation that cannot be fixed by the AGH team, unfortunately. If the queries go to the VIP, the answers sent by AGH come from the "real" interface address and are ignored by any correctly working client.

See:
https://github.com/AdguardTeam/AdGuardHome/issues/3015

Workaround: have AGH listen on 127.0.0.1 and use inbound port forwarding NAT to facilitate the queries.

Thank you for this, i was pulling my hair out until I saw this and made it work.  :)