A little lost - some websites blocked completely, some random access issues

[andyd]

So I have opnsense updated to latest firmware...

1. Use adguard as DNS
2. Have it pointing to Unbound as a private reverse DNS server
3. I have no blocklists in Unbound. I just have DNS over TLS servers

If I disable adguard protection. It's still blocked. Same goes with a lot of redirect links. Browser doesn't matter. If I go off my network, I have 0 issues accessing the same things.

And since updating to the latest firmware / updates on opnsense...

1. Adguard keeps complaining it can't update
2. All my docker containers on Unraid no longer can do version checks and some updates timeout / fail

I'm not sure about those two but at the very least I'd like to know what could be blocking access to some websites and redirects.

[cookiemonster]

What ports are you using for Unbound and for AdguardHome ? I'd like to understand the flow. Is it LAN client > AdGuard on 53 > Unbound on (port what) ?
So what do you have in AdG upstream servers (ip and port) and bootstrap servers ?

[andyd]

I have Adguard pointing to Unbound as an upstream server on...

192.168.10.1:65353

And Adguard running on port 53 on the same device as opnsense

With that said, I just noticed the Unbound reporting page. Why would it have a top blocked lists using some block list if I don't have it enabled with any block lists?

[andyd]

So additional testing...

1. If I set the DNS ip address 1.1.1.1 on any device, I no longer have this issue
2. I updated the upstream dns server on adguard to "tls://one.one.one.one" and that seems to resolve the issue as well

So it's unbound it looks like and unclear why it's doing any level of blocking if I don't have anything enabled?

[cookiemonster]

Yes seems that way but sorry, can't offer an explanation.
I also have AdGH pointing to Unbound on a custom port like you. I don't see this behaviour but, my DoT is done differently from Unbound out.