using dnsmasq with unbound and adguard with multiple vlans

Started by jata, July 24, 2025, 05:20:46 AM

Previous topic - Next topic
Print
Go Down Pages 1 2
User actions
July 25, 2025, 06:00:17 AM #15
I expect Adguard to listen on 192.168.20.1:53

So create a Firewall rule in that vlan that allows this DNS traffic.

Otherwise no idea.
Hardware:
DEC740
July 25, 2025, 04:09:31 PM #16
> Is it expected that when I connect a client to the VLAN20 the dhcp network settings are showing 192.168.20.1 as gateway and for dns? I expected them to be 192.168.1.1 VLAN01 - lan?

Usually, yes. Each VLAN is a separate network, the whole reason to be. So the traffic is expected to stay "in it", and not go "across to another". As I say, normally.  The cross over would be needed to be specified and create "allows" for it.

I as Monviech would expect your services to be bound to your network interface or one in the same network so they can be found.
This is why if you look in AdGuardHome's "Setup Guide" (top right menu), under "Configure your devices", you would normally see it is listening to the a.b.c.1 address of the interfaces it has identified. I _guess_ your  192.168.20.1 is there ? Can you check ?
July 25, 2025, 11:51:21 PM #17
Thanks all for help.

For testing I have both main network (VLAN1 192.168.1.1/24) and guest network (VLAN20 192.168.20.1/24) fully open with one rule (allow all to all). See screenshot.

Adguard is installed on the main network in opnsense so it is listening on the following addresses.
127.0.0.1
192.168.1.1

It was setup this way and working when using ISC for DHCP. I think I was able to configure ISC for the guest VLAN to use 192.168.1.1 as the gateway and DNS. So maybe this is the key difference that made it work using ISC but I need to change my setup for dnsmasq.

I will try editing the adgauard config file to include 192.168.20.1 as a listening address.
July 26, 2025, 12:23:04 AM #18
thank you @cookiemonster!

That was it. I just needed to add the VLAN IP in the adguard config yaml - to the dns bind_hosts. See below

Code Select
http:
  pprof:
    port: 6060
    enabled: false
  address: 0.0.0.0:8083
  session_ttl: 720h
users:
  - name: [redacted]
    password: [redacted]
auth_attempts: 5
block_auth_min: 15
http_proxy: ""
language: ""
theme: auto
dns:
  bind_hosts:
    - 127.0.0.1
    - 192.168.1.1
    - 192.168.20.1
    - 192.168.30.1
  port: 53

July 26, 2025, 12:27:02 AM #19
I think this is how I 'should' have set it up in the first place with ISC but I was a complete newbie then (still am haha).

Thanks again everyone who has chipped in to help.

I think I have now successfully migrated to 25.7 and dnsmasq.
Print
Go Up Pages 1 2
User actions