Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

AdGuard Not Working On Host Machine #83

Open
bigverm23 opened this issue Nov 4, 2024 · 3 comments
Open

AdGuard Not Working On Host Machine #83

bigverm23 opened this issue Nov 4, 2024 · 3 comments
Labels
issue

Comments

@bigverm23
Copy link

bigverm23 commented Nov 4, 2024
edited
Loading

Operating System

Ubuntu

Architecture

64-bit

Platform

Linux

Project

Aduard Home

Browser

Firefox

Issue

Other (explain in description)

Issue Description

I have Unbound installed and listening on localhost:53, and DNSCrypt (anonymized) installed and listening on localhost:5353.

I can install AdGuardHome just fine on the host machine, 10.0.0.11, and it works for all networked devices EXCEPT the host. No logs are being shown in the query log either. How do I resolve this?

COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
AdGuardHo 512522 root 11u IPv4 1902545 0t0 UDP 10.0.0.11:domain
AdGuardHo 512522 root 12u IPv4 1902546 0t0 TCP 10.0.0.11:domain (LISTEN)
unbound 512909 unbound 3u IPv4 1906257 0t0 UDP localhost:domain
unbound 512909 unbound 4u IPv4 1906258 0t0 TCP localhost:domain (LISTEN)

COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
dnscrypt- 1554 root 6u IPv4 25824 0t0 UDP localhost:mdns
dnscrypt- 1554 root 7u IPv4 25825 0t0 TCP localhost:5353 (LISTEN)
dnscrypt- 1554 root 8u IPv6 25826 0t0 UDP ip6-localhost:mdns
dnscrypt- 1554 root 9u IPv6 25827 0t0 TCP ip6-localhost:5353 (LISTEN)

I have dnsstublistener disabled according to #27
@bigverm23 bigverm23 added the issue label Nov 4, 2024
@welcome Welcome
Copy link

welcome bot commented Nov 4, 2024

Thanks for opening your first issue here 🙋🕵️

@trinib
Copy link
Owner

trinib commented Nov 6, 2024
edited
Loading

Operating System

Ubuntu

Architecture

64-bit

Platform

Linux

Project

Aduard Home

Browser

Firefox

Issue

Other (explain in description)

Issue Description

I have Unbound installed and listening on localhost:53, and DNSCrypt (anonymized) installed and listening on localhost:5353.

I can install AdGuardHome just fine on the host machine, 10.0.0.11, and it works for all networked devices EXCEPT the host. No logs are being shown in the query log either. How do I resolve this?

COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME AdGuardHo 512522 root 11u IPv4 1902545 0t0 UDP 10.0.0.11:domain AdGuardHo 512522 root 12u IPv4 1902546 0t0 TCP 10.0.0.11:domain (LISTEN) unbound 512909 unbound 3u IPv4 1906257 0t0 UDP localhost:domain unbound 512909 unbound 4u IPv4 1906258 0t0 TCP localhost:domain (LISTEN)

COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME dnscrypt- 1554 root 6u IPv4 25824 0t0 UDP localhost:mdns dnscrypt- 1554 root 7u IPv4 25825 0t0 TCP localhost:5353 (LISTEN) dnscrypt- 1554 root 8u IPv6 25826 0t0 UDP ip6-localhost:mdns dnscrypt- 1554 root 9u IPv6 25827 0t0 TCP ip6-localhost:5353 (LISTEN)

I have dnsstublistener disabled according to #27

It sounds like the setup you have for DNS resolution on your host machine could be running into a conflict with AdGuard Home, Unbound, and DNSCrypt operating on overlapping ports and potentially not forwarding requests properly. Here’s a breakdown of the configuration you need and adjustments you can make to resolve this:

Step-by-Step Solution

1. Verify DNS Forwarding Configuration in AdGuard Home

  • Since AdGuard Home on 10.0.0.11 is listening for networked devices, it should ideally forward DNS queries to Unbound on localhost:53, which in turn forwards to DNSCrypt on localhost:5353.
  • Go to the AdGuard Home settings, and configure the upstream DNS servers to 127.0.0.1:53. This ensures that AdGuard forwards queries to Unbound, which will handle DNS resolution using DNSCrypt as its backend.

2. Configure Unbound to Use DNSCrypt

  • Ensure Unbound is configured to forward its queries to DNSCrypt, which is listening on localhost:5353. Here’s a snippet for the Unbound configuration file (usually located at /etc/unbound/unbound.conf):

    forward-zone:
    name: "."
    forward-addr: 127.0.0.1@5353

  • This setup tells Unbound to use DNSCrypt for all outbound DNS requests.

3. Ensure No Port Conflicts on localhost:53

  • Your setup shows Unbound and AdGuard Home listening on different interfaces (127.0.0.1 and 10.0.0.11, respectively), which is correct. To ensure there’s no confusion, explicitly configure AdGuard Home to avoid localhost:53 entirely.

4. Modify the DNS Settings on the Host Machine (10.0.0.11)

  • On the host, set the DNS resolver to use AdGuard Home at 10.0.0.11. You can do this by editing the /etc/resolv.conf file or using systemd-resolved if available:

    sudo nano /etc/resolv.conf

  • Add the following line:

    nameserver 10.0.0.11

  • Alternatively, if systemd-resolved is managing DNS, you can set it via:

    sudo systemd-resolve --set-dns=10.0.0.11 --interface=<interface-name>

5. Restart All Services

  • Restart AdGuard Home, Unbound, and DNSCrypt services in sequence to ensure they pick up the new configurations.

    sudo systemctl restart adguardhome
sudo systemctl restart unbound
sudo systemctl restart dnscrypt-proxy

6. Test DNS Resolution on the Host

  • Try resolving a domain from the host to see if it logs the request in AdGuard Home.

    dig @10.0.0.11 example.com

  • Check AdGuard Home's query logs to confirm if the requests from the host machine are now logged.

This setup should route all DNS queries from the host machine to AdGuard Home, which then routes to Unbound and finally DNSCrypt, with each service handling requests as intended.

@bigverm23
Copy link
Author

bigverm23 commented Nov 6, 2024
edited
Loading

just want to make sure,but Unbound ONLY works if I set a DNS provider in the config as well...does this unbound config portion look right?

server:
    tls-cert-bundle: /etc/ssl/certs/ca-certificates.crt
forward-zone:
  name: "."
  forward-tls-upstream: yes

  #dnscryptproxy
  forward-addr: 127.0.0.1@5353
  forward-addr: ::1@5353

  #AdGuardDNS
  forward-addr: 94.140.14.14@853#dns.adguard.com
  forward-addr: 94.140.15.15@853#dns.adguard.com
  forward-addr: 2a10:50c0::ad1:ff@853#dns.adguard.com
  forward-addr: 2a10:50c0::ad2:ff@853#dns.adguard.com

It seems to be working and AdGuard Home is resolving host as it should, but it seems to be very slow

; <<>> DiG 9.20.0-2ubuntu3-Ubuntu <<>> @10.0.0.11 example.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 43107
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;example.com.			IN	A

;; ANSWER SECTION:
example.com.		1664	IN	A	93.184.215.14

;; Query time: 631 msec
;; SERVER: 10.0.0.11#53(10.0.0.11) (UDP)
;; WHEN: Wed Nov 06 05:28:02 EST 2024
;; MSG SIZE  rcvd: 56

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
issue
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@bigverm23 @trinib