Using Adguard Home and DNSMasq, Any point to Unbound DNS?

Started by JMini, November 25, 2025, 12:34:34 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions
November 25, 2025, 12:34:34 AM
I have Adguard Home set up to receive DNS on 53 from all internal networks and DNSMasq listening on 53053.
For forwarders in Adguard Home I have
[/internal/]127.0.0.1:53053
[//]127.0.0.1:53053
h3://cloudflare-dns.com/dns-query
https://dns.google/dns-query

So internal queries are forwarded the DNSMasq since it assigns DHCP and registers those hosts in its DNS.
And for Private reverse DNS in Adguard I have
127.0.0.1:53053

So config guides I see have Unbound DNS in the mix between Adguard Home and DNSMasq.
Is there any real need for Unbound since Adguard Home does DNS/DOH and can forward internal requests to DNSMasq?

Am I missing something?
November 25, 2025, 09:03:00 AM #1
I'm using this configuration (AdGuard Home on port 53) and dnsmasq also on port 53053, after previously abandoning a combination of ISC DHCP, Unbound, and AdGuard.

DNS resolution works perfectly. However, I'm experiencing significant problems with DHCP. After a complete system reboot (without any old leases), everything works as expected. After some time, presumably after the lease expires, the DHCP devices lose their connection and cannot reconnect. Unfortunately, I haven't been able to determine the cause of this behavior.

I've tried all available options in dnsmasq, but haven't found a stable solution yet. If you find a stable configuration, it would be great if you could share it here, especially the setting under "Services: Dnsmasq DNS & DHCP: General". My current settings are attached.
November 25, 2025, 05:26:16 PM #2
I don't know what could be causing that DHCP non-renew issue. There are a lot of folks here way more experienced with this than I am.
Maybe start a new thread.
November 25, 2025, 11:28:06 PM #3
As I understand it, Unbound provides more privacy than using AdGuard for your DNS service. Unbound is a resolver that directly queries authoritative nameservers, while AdGuard forwards requests to your ISP's (or Google's, etc.) DNS service. DOH will secure your request in transport, but the DNS service you are using will still know your DNS requests.
Today at 01:36:59 AM #4
You can configure AdGuard and Unbound to forward to any upstream resolvers you want.
Right now I have AdGuard to use DNS over HTTPS to Cloudflare and Google. I'd like to try using a non-google DOH resolver as a second service though.

h3://cloudflare-dns.com/dns-query
https://dns.google/dns-query

My ISP isn't seeing ANY DNS requests and can't inspect the ones being sent to CloudFlare
Print
Go Up Pages1
User actions