Setting Up AdGuard: DNS Redirect doesn’t work Topic is solved

Having issues with your DietPi installation or found a bug? Post it here.
Rhizome
Posts: 27
Joined: Sun Jun 27, 2021 5:22 pm

Re: Setting Up AdGuard: DNS Redirect doesn’t work

Post by Rhizome »

Excellent tutorial link, Joulinar! I've got UFW setup to allow access to port 53 only my local network. Thank you, again.

Also:
* I have a guest network setup on the same router for any IoT devices. But I notice after enabling UFW as above the Echo 5 doesn't connect to the network. I assumed that allowing my local network access to port 53 would allow this device access to, but apparently not. [EDIT: after rebooting the router it appears a few devices can't find the network. So I've disabled UFW until I figure this one out.]
* At one point, I removed Unbound. Now when I enter cat /etc/resolv.conf I see my Rpi address 192.168.1.100. What is the advantage of Unbound if my Rpi is already the DNS server?
* Does Dietpi running AGH perform well with other software installed such as Snapcast and Motioneye? Or is it preferable to install these on a separate Rpi? I'm using the 4GB model for AGH.
User avatar
Joulinar
Posts: 5090
Joined: Sat Nov 16, 2019 12:49 am

Re: Setting Up AdGuard: DNS Redirect doesn’t work

Post by Joulinar »

* I have a guest network setup on the same router for any IoT devices. But I notice after enabling UFW as above the Echo 5 doesn't connect to the network. I assumed that allowing my local network access to port 53 would allow this device access to, but apparently not. [EDIT: after rebooting the router it appears a few devices can't find the network. So I've disabled UFW until I figure this one out.]
Usually guest network is separated from your local network and devices inside the guest network should not be able to connect to the normal one. Or did you allowed this? Does your IoT systems start working once UFW has been disabled? Can you share your UFW rules?
* At one point, I removed Unbound. Now when I enter cat /etc/resolv.conf I see my Rpi address 192.168.1.100. What is the advantage of Unbound if my Rpi is already the DNS server?
Best practice is not to use AGH as DNS server for your RPi themselves (/etc/resolv.conf). We recommend to use a global public DNS provider like Quad9 or Cloudflare on the RPi locally. Why? Because what happen if AGH is failing? Your local DNS resolution would not be working anymore and you would need to change local settings anyway. This has no effect to devices on your local network, they will use AGH still as settings inside /etc/resolv.conf are impacting the RPi only.

The benefit of Unbound is not to perform local DNS resolution. It is more data privacy. Because Unbound will not use a public DNS provider to resolve DNS request. On a default configuration Unbound will use the root DNS directly. Means non of the public DNS provider or your ISP knows what you are looking for. As well it's a little bit of failsafe. If one of the root DNS server is failing, still others are available to be used.
* Does Dietpi running AGH perform well with other software installed such as Snapcast and Motioneye? Or is it preferable to install these on a separate Rpi? I'm using the 4GB model for AGH.
AGH is a small application leaving a small footprint on your system. There shouldn't be an issue to have it running together with other apps.
Pls let us know if a solution is working. This could help others if they hit by similar situation. Your DietPi Team
Rhizome
Posts: 27
Joined: Sun Jun 27, 2021 5:22 pm

Re: Setting Up AdGuard: DNS Redirect doesn’t work

Post by Rhizome »

The IoT device starts working on the guest network once UFW is disabled. I notice I didn't click "Isolate Clients" on the guest network options, so I assume they can access the regular network. I've now selected "Isolate Clients" option.

I notice the regular network (not guest network) also doesn't work with UFW enabled. I must've changed something at some point. Gets a bit confusing! However, with UFW disabled both guest and normal network work fine.

Here are the UFW rules:

To Action From
-- ------ ----
22 ALLOW Anywhere
8083 ALLOW Anywhere
3000 ALLOW Anywhere
53 ALLOW 192.168.1.0
22 (v6) ALLOW Anywhere (v6)
8083 (v6) ALLOW Anywhere (v6)
3000 (v6) ALLOW Anywhere (v6)

Re: not using AGH server for the Rpi: can you clarify how to use AGH for the DNS server but not for the Rpi? I like the added features of AGH compared to my router. Much clearer, detailed info is available in AGH.
User avatar
Joulinar
Posts: 5090
Joined: Sat Nov 16, 2019 12:49 am

Re: Setting Up AdGuard: DNS Redirect doesn’t work

Post by Joulinar »

can you share the output of

Code: Select all

cat /etc/resolv.conf
Pls let us know if a solution is working. This could help others if they hit by similar situation. Your DietPi Team
Rhizome
Posts: 27
Joined: Sun Jun 27, 2021 5:22 pm

Re: Setting Up AdGuard: DNS Redirect doesn’t work

Post by Rhizome »

Code: Select all

nameserver 192.168.1.100
nameserver 192.168.1.100
Not sure why it outputs twice.
User avatar
Joulinar
Posts: 5090
Joined: Sat Nov 16, 2019 12:49 am

Re: Setting Up AdGuard: DNS Redirect doesn’t work

Post by Joulinar »

ok let's check the location of the file

Code: Select all

readlink -f /etc/resolv.conf
if location is same, you can simply edit the file using nano /etc/resolv.conf and change DNS server to Quad9 or any other public DNS provide

Code: Select all

nameserver 9.9.9.9
nameserver 149.112.112.112
Pls let us know if a solution is working. This could help others if they hit by similar situation. Your DietPi Team
Rhizome
Posts: 27
Joined: Sun Jun 27, 2021 5:22 pm

Re: Setting Up AdGuard: DNS Redirect doesn’t work

Post by Rhizome »

Aha, ok I get it. The file was in the same location and has been updated.
Thanks, Joulinar!
Post Reply