Need help:- Adguardhome + Dnscrypt Proxy 2 setup bypassing Unbound

Started by plikmuny, December 26, 2024, 10:16:06 PM

Previous topic - Next topic
Print
Go Down Pages1 2
User actions
December 26, 2024, 10:16:06 PM
Hi Forum Members,
i got latest Opnsense installed onto my Qotom q355G4. its running quite well. I also installed AGH with Unbound. But the response time is little bit more aroung 8-10ms.
i saw a guide where it says AGH + Unbound + Dnscrypt. Instead of installing all the 3 Plugins and get it to work which will obviously increase the resolving time, i wanted to try AGH + Dnscrypt Proxy 2 Setup by Bypassing Unbound totally. The DHCP Part works well in AGH, why dont we use it instead of diverting the traffic to Unbound and create one more Hop in the Network ? if it is possible i want to know how do i do it.
I tried to disable Unbound and also tried to enable DHCP Function in AGH, but it refuses to get enabled. I think i need to disable DHCP Function under LAN in Opensense.
I guess AGH can do all the functions of Unbound and it is more efficient. Then why should i use both together instead of using AGH for all purposes ? Is my interpretation of Network in Opnsense works ? if i am wrong pls correct i am not a network guy but i would like to try things. i am learning.

Any proper steps would be higly appreciated.
December 26, 2024, 11:01:45 PM #1
They're just different ways of doing things. You can chose your preference.
Just remember that you can't have two services on the same port at the same time. Enable one and not the other and you'll be fine. And as you experiment, you'll start noticing what works best for you.
December 26, 2024, 11:24:35 PM #2
you mean its not possible to get AGH & Dnscrypt work together in Opnsense ? i could get it working together nicely under Openwrt.
Is there a way on how i disable the DHCP of Opnsense completely and use AGH DHCP function ?
On the Internet all i am seeing is the complex guide on installing AGH+Unbound+Dnscrypt. I dont understand why Unbund is necessary in the middle when AGH can function the same like Unbound?
December 26, 2024, 11:41:05 PM #3
> you mean its not possible to get AGH & Dnscrypt work together in Opnsense ?
No, I haven't said that ;) but I think AGH and Dnscrypt can only be made to work together via command line incantations in AGH. That said, there is probably a way to run dnscrypt on opn and you need to configure them to work in tandem.

> Is there a way on how i disable the DHCP of Opnsense completely and use AGH DHCP function ?
Yes. I'm not sure why you'd want to do this but just disable it on OPN and enable it on AGH. Did you try that?

>I dont understand why Unbund is necessary in the middle when AGH can function the same like Unbound?
OPN is a router/firewall and the usual/normal (albeit not the only on) setup is to provide DNS services. Unbound is included to allow you to get going. Also dnsmasq as an alternative.
December 27, 2024, 12:03:31 AM #4
To add. https://github.com/opnsense/docs/blob/master/source/manual/how-tos/dnscrypt-proxy.rst seems to have instructions on how to get dnscrypt on OPNSense.
December 27, 2024, 12:46:25 AM #5
Quote from: cookiemonster on December 26, 2024, 11:41:05 PM> Is there a way on how i disable the DHCP of Opnsense completely and use AGH DHCP function ?
Yes. I'm not sure why you'd want to do this but just disable it on OPN and enable it on AGH. Did you try that?
Hi, thanks for your reply. i tried that but AGH simply refuses to enable DHCP Option( an error keeps popping up saying its not possible) i think Opnsense doesnt allow that.
any Instructions on how to do it pls?

December 27, 2024, 12:47:56 AM #6
Quote from: cookiemonster on December 27, 2024, 12:03:31 AMTo add. https://github.com/opnsense/docs/blob/master/source/manual/how-tos/dnscrypt-proxy.rst seems to have instructions on how to get dnscrypt on OPNSense.
Sorry, this post didnt help me much. no matter how many times i override the config manually, once i commit the config and restart the service, the Config gets reset to default ... i dont know why
December 27, 2024, 09:39:14 AM #7
I've not tried to use dnscrypt, so maybe there's some nuance that I'm not aware of, but....

Unbound is not a DHCP server, it's a DNS resolver.

The DHCP server is not "a hop in the network" - it's a service for centralising IP address assignment and network configuration for devices on your network. It's not involved in DNS transactions, other than telling clients which DNS servers to use.

What are you trying to accomplish with the AGH DHCP server?
December 27, 2024, 11:31:21 AM #8
Quote from: dseven on December 27, 2024, 09:39:14 AMI've not tried to use dnscrypt, so maybe there's some nuance that I'm not aware of, but....

Unbound is not a DHCP server, it's a DNS resolver.

The DHCP server is not "a hop in the network" - it's a service for centralising IP address assignment and network configuration for devices on your network. It's not involved in DNS transactions, other than telling clients which DNS servers to use.

What are you trying to accomplish with the AGH DHCP server?
Hi, now we are getting there with the right Point... all i am saying is that when AGH has its own DHCP Function and when i am using AGH as main DNS Resolver, why dont i use the both so that the DNS QUery from all the Devices works better and all in one Hand ?
Because when i use AGH as DHCP server + DNS resolver i have a very low response time of 1ms....
But when i use Opnsense DHCP and AGH as DNS resolver the response time is 8-18ms.... i can see that the website struggles to open in this setup compared to when the AGH alone handles everything... the Webpages opens on the fly and i can feel it...
If i use AGH as a DHCP server (i still dont know how todo it) + DNS server and when i disable Unbound completely, what happens to the function of local dns resolver? do i need it or will i miss any important function  or do i have any drawbacks associated with it ?

I am a total noob in Network... so please bear with my silly questions... hoping for a solution..
December 27, 2024, 11:39:14 AM #9 Last Edit: December 27, 2024, 11:41:12 AM by dseven
Quote from: plikmuny on December 27, 2024, 11:31:21 AMBecause when i use AGH as DHCP server + DNS resolver i have a very low response time of 1ms....
But when i use Opnsense DHCP and AGH as DNS resolver the response time is 8-18ms.... i can see that the website struggles to open in this setup compared to when the AGH alone handles everything... the Webpages opens on the fly and i can feel it...

Again, the DHCP server is NOT involved in individual DNS transactions, so there's some other factor in play here.

AGH provides a DHCP server implementation for cases where the existing DHCP server is not flexible enough to allow pointing clients to specific DNS services, which could be the case with a basic consumer-grade router/gateway, but it is not the case with OPNsense. Using AGH's DHCP server instead of ISC or Kea will not have any effect on DNS response times, provided DHCP is configured to point clients to the same DNS servers.
December 27, 2024, 12:03:03 PM #10
Quote from: dseven on December 27, 2024, 11:39:14 AM
Quote from: plikmuny on December 27, 2024, 11:31:21 AMBecause when i use AGH as DHCP server + DNS resolver i have a very low response time of 1ms....
But when i use Opnsense DHCP and AGH as DNS resolver the response time is 8-18ms.... i can see that the website struggles to open in this setup compared to when the AGH alone handles everything... the Webpages opens on the fly and i can feel it...

Again, the DHCP server is NOT involved in individual DNS transactions, so there's some other factor in play here.

AGH provides a DHCP server implementation for cases where the existing DHCP server is not flexible enough to allow pointing clients to specific DNS services, which could be the case with a basic consumer-grade router/gateway, but it is not the case with OPNsense. Using AGH's DHCP server instead of ISC or Kea will not have any effect on DNS response times, provided DHCP is configured to point clients to the same DNS servers.

ok, then i will have to dissect my setup and pinpoint what could be wrong.
Is there a simple Guide on how i can setup Adguardhome + Dnscrypt on Opnsense or it is just Nonsense-Setup and i dont need it when i have AGH ?
December 27, 2024, 12:08:00 PM #11
Quote from: plikmuny on December 27, 2024, 12:03:03 PMIs there a simple Guide on how i can setup Adguardhome + Dnscrypt on Opnsense or it is just Nonsense-Setup and i dont need it when i have AGH ?

If you don't know that you need it, you probably don't need it. AGH can do DoT, if you're worried (for some reason) about your ISP being able to see your DNS queries. dnscrypt seems like unnecessary complication, and likely WILL impact DNS resolution time (negatively).
December 27, 2024, 12:12:51 PM #12
Quote from: dseven on December 27, 2024, 12:08:00 PM
Quote from: plikmuny on December 27, 2024, 12:03:03 PMIs there a simple Guide on how i can setup Adguardhome + Dnscrypt on Opnsense or it is just Nonsense-Setup and i dont need it when i have AGH ?

If you don't know that you need it, you probably don't need it. AGH can do DoT, if you're worried (for some reason) about your ISP being able to see your DNS queries. dnscrypt seems like unnecessary complication, and likely WILL impact DNS resolution time (negatively).
Ok, then you suggest i use AGH alone with Unbound for local dns resolving ????
can i just use Unbound running on another Port for local resolving and the rest of DNS Queries handled by AGH with DoT/DoH servers instead of using Unbound with its Port as the Upstream/Bootstrap servers ???
December 27, 2024, 12:18:43 PM #13
Quote from: plikmuny on December 27, 2024, 12:12:51 PMOk, then you suggest i use AGH alone with Unbound for local dns resolving ????
can i just use Unbound running on another Port for local resolving and the rest of DNS Queries handled by AGH with DoT/DoH servers instead of using Unbound with its Port as the Upstream/Bootstrap servers ???

Yes! Move unbound to another port, say 53530, put AGH on port 53, and configure it to use unbound on port 53530 as the upstream for your "localdomain" and DoT for everything else, and (optionally) point to unbound for "Private reverse DNS servers" too.
December 27, 2024, 12:26:20 PM #14
Quote from: dseven on December 27, 2024, 12:18:43 PM
Quote from: plikmuny on December 27, 2024, 12:12:51 PMOk, then you suggest i use AGH alone with Unbound for local dns resolving ????
can i just use Unbound running on another Port for local resolving and the rest of DNS Queries handled by AGH with DoT/DoH servers instead of using Unbound with its Port as the Upstream/Bootstrap servers ???

Yes! Move unbound to another port, say 53530, put AGH on port 53, and configure it to use unbound on port 53530 as the upstream for your "localdomain" and DoT for everything else, and (optionally) point to unbound for "Private reverse DNS servers" too.
wait wait wait pls... you mean i use Unbound with changed Port as Upstream DNS Server in AGH DNS Settings instead of DoT/DoH servers ?
i will tell you what i am doing now...
Upstream DNS Servers - from dns.brahma.world & libredns including its sdns addresses
Bootstrap DNS Servers - DoT Servers also from dns.brahma.world & Libredns including IpV6 Addresses
Fallback DNS Servers .. empty.... and
Private reverse DNS Server as 192.168.1.1:5353(AGH IP:Unbound Port) .

Is my configuration correct or should i fine tune it further ?
 
Print
Go Up Pages1 2
User actions