I can see AdGuard Home correctly processing queries, but every website ends with DNS_PROBE_FINISHED_BAD_CONFIG

thecouchcoder · 27 September 2024 15:02

Creating a bug report/issue

I have searched the existing open and closed issues

Required Information

DietPi version | cat /boot/dietpi/.version
G_DIETPI_VERSION_CORE=9
G_DIETPI_VERSION_SUB=7
G_DIETPI_VERSION_RC=1
G_GITBRANCH=‘master’
G_GITOWNER=‘MichaIng’
Distro version | echo $G_DISTRO_NAME $G_RASPBIAN
bookworm 0
Kernel version | uname --all
Architecture | dpkg --print-architecture
Linux DietPi 6.1.21-v8+ #1642 SMP PREEMPT Mon Apr 3 17:24:16 BST 2023 aarch64 GNU/Linux
SBC model | echo $G_HW_MODEL_NAME or (EG: RPi3)
RPi 3 Model B (aarch64)
Power supply used | (EG: 5V 1A RAVpower)
Unsure - unlabeled micro USB but Pi is definitely on
SD card used | (EG: SanDisk ultra)
Kingston 32GB MicroSD

Additional Information (if applicable)

Software title | (EG: Nextcloud)
AdGuard Home
Was the software title installed freshly or updated/migrated?
Fresh install of diet pi and installed AdGuard Home using dietpi-software
Can this issue be replicated on a fresh installation of DietPi?
Unsure, but I will try a fresh install just in case.
← If you sent a “dietpi-bugreport”, please paste the ID here →
Bug report ID | echo $G_HW_UUID

Steps to reproduce

Install Adguard home in diet pi software
Set PI’s static IP address in router
Navigate to dietpi.com

Expected behaviour

DNS query appears in the Query Log on staticIP:8083
See dietpi.com

Actual behaviour

DNS query appears in the Query Log on staticIP:8083. I can even see the resolved A names
dietpi.com and every website ends with DNS_PROBE_STARTED then a refresh gives DNS_PROBE_FINISHED_BAD_CONFIG

Extra details

I previously was using the cloud version of Adguard DNS and my router was using that fine for a few days before I decided to self host, so I don’t think this is a problem with my router especially since I can see the queries make it to Adguard on the PI.

SSHing into the Pi and running host returns

root@DietPi:~# host dietpi.com 127.0.0.1
Using domain server:
Name: 127.0.0.1
Address: 127.0.0.1#53
Aliases:

dietpi.com has address 104.21.12.65
dietpi.com has address 172.67.193.183
dietpi.com has IPv6 address 2606:4700:3034::ac43:c1b7
dietpi.com has IPv6 address 2606:4700:3035::6815:c41
dietpi.com mail is handled by 94 amir.mx.cloudflare.net.
dietpi.com mail is handled by 41 linda.mx.cloudflare.net.
dietpi.com mail is handled by 34 isaac.mx.cloudflare.net.

Running host from outside the PI returns

host netflix.com 192.168.0.42
Using domain server:
Name: 192.168.0.42
Address: 192.168.0.42#53
Aliases:

netflix.com has address 3.225.92.8
netflix.com has address 54.160.93.182
netflix.com has address 3.211.157.115
netflix.com has IPv6 address 2600:1f18:631e:2f85:93a9:f7b0:d18:89a7
netflix.com has IPv6 address 2600:1f18:631e:2f84:4f7a:4092:e2e9:c617
netflix.com has IPv6 address 2600:1f18:631e:2f83:49ee:beaa:2dfd:ae8f
netflix.com mail is handled by 1 aspmx.l.google.com.
netflix.com mail is handled by 10 aspmx2.googlemail.com.
netflix.com mail is handled by 10 aspmx3.googlemail.com.
netflix.com mail is handled by 5 alt1.aspmx.l.google.com.
netflix.com mail is handled by 5 alt2.aspmx.l.google.com.

I am at a loss for what else to troubleshoot.

Joulinar · 27 September 2024 17:34

Did you tried to set AGH as DNS server directly without using the router in between? Benefit would be to see each client individually within AGH interfaces instead of the router

thecouchcoder · 28 September 2024 11:06

Thanks for the quick reply! I tried setting my computer’s DNS using these steps.

(Mixture of PowerShell and Linux commands)
	- Find DNS server of computer `Get-DnsClientServerAddress `
	- Set WiFi DNS Server to pi IP Address `Set-DnsClientServerAddress -InterfaceIndex 13 -ServerAddress ("192.168.0.42", "192.168.0.42")`
	- Switch to WSL and ran `dig google.com` and watch query log for pi
	- Turned pi off and ran `dig google.com` again and it failed

It seems to work as expected when set from my computer, but setting 192.168.0.42 as the DNS Server in my router is giving the BAD CONFIG error

Joulinar · 28 September 2024 15:39

Maybe an issue with router configuration. You could try to adjust the DHCP settings in your DHCP server to distribute AGH as network DNS. Or you check if your router has some security features like DNS rebind protection

thecouchcoder · 28 September 2024 17:15

I don’t think it could be my router preventing me from setting DNS since I have already customized the DNS IP Address to point to the cloud version of Ad Guard just fine.

Joulinar · 28 September 2024 18:32

For DNS rebind protection, it makes a difference where the DNS server is located, inside or outside your network. Personally I have a router where I need to disable this feature to allow my local DNS server to work correctly.

thecouchcoder · 28 September 2024 19:45

I think I finally got it figured out, so thanks for pointing me in the right direction.

I am using a TP Link Router and it as Primary DNS and Secondary DNS under Internet. Before, I was setting the cloud AdGuard DNS Server and everything worked fine. When I set my self hosted AdGuard is when I got the error.

I just found there is another section for Primary DNS and Secondary DNS under DHCP Server. So I set Primary DNS and Secondary DNS under Internet to Cloudflare DNS Servers and Primary DNS and Secondary DNS under DHCP to my self hosted AdGuard Server and my requests seem to be going through AdGuard and resolving correctly now.

system · 26 March 2025 07:45

This topic was automatically closed 178 days after the last reply. New replies are no longer allowed.