Reverse DNS for local IPs failing with Adguard Home and IPv6

[cinergi]

Hello,

I've installed the Adguard Home package on my OPNSense box.  AGH listens on port 53 and forwards to the configured upstream 127.0.0.1:5335, where Unbound is listening.  My network is dual-stack IPv4 and IPv6 which is important for my problem.  The issue I'm having is that AGH does not forward reverse DNS lookups for private IP ranges (such as 192.168.0.0/16) to the configured upstream private reverse DNS server; instead, it returns NXDOMAIN.  Looking at the AGH DNS configuration, I think I know why.  The AGH configuration instructions for the reverse private DNS server state the following:

"A request is considered private if it asks for an ARPA domain containing a subnet within private IP ranges (such as "192.168.12.34") and comes from a client with a private IP address."

My client, a Windows PC, is making the reverse DNS request using its public IPv6 address; thus, the request doesn't "come from a client with a private IP address" and it seems that AGH doesn't consider it as a private rDNS request although it's for a private IP in the range 192.168.0.0/16.  Is there any way to fix this in AGH?  What would be needed is to not require that the request origin be a "client with a private IP address".

Thanks!

[dseven]

AGH does allow you to configure a list of private_networks, although I don't see any way to do it through the brower UI. Edit /usr/local/AdGuardHome/AdGuardHome.yaml and set something like:

Code Select Expand


dns:
...
  private_networks:
    - 10.0.0.0/8
    - 192.168.0.0/16
    ...
    - 2001:xxxx:xxxx:xx00::/56
    ...
...


(then restart the AGH service)

[cinergi]

Thanks!  I had read about private_networks in the unbound documentation, but I thought it applies only to the networks being looked up, not the origin of the request.  Does it apply to the origin?

Thanks.

[dseven]

I tried it before I suggest it, and it seems to work for me...

[cinergi]

Thank you!!