adguard home dns forwarding?
I have adguard home installed in my docker environment using macvlan so it has a real IP on my main lan. I set the adguard home ip address as the dns address for all my networks in the firewalla. The problem is, all traffic appears like it's coming from the firewalla unless I turn off dns booster for all devices.
However, once I turn off dns booster for my devices they loose the ability to resolve hostnames. So no contacting my dvr server at dvr-server.lan. Turning dns booster back on fixes this, but then most queiries from my devices come from the firewalla directly instead of the device itself.
I attempted to put my firewalla ip in the reverse dns zone setting on the adguardhome which should fix the dns booster turned off issue, but the firewalla does not respond to adguard home when it attempts to forward local hostnames to it.
Has anyone gotten the work? I feel like I'm going crazy. This should just work like any normal external dns service.
-
Soooo preface with I am not an expert a noob tinkerer
The way I have mine set (though I actually run my backyard on it a NAS with a Raspberry pi back up, but I think it’s the same general concept.
I have to turn off Nestor on all the networks in order for My devices to send it to instances and be identified by that number. My understanding is that by turning on the DS booster all your DS traffic is going to Firewalla first the sent to Whatever IP address you designating as the dns server.
again this is me kind of digging around and trying things, but I believe you to do a edit to the network settings of each network and set DHCP option to option 43 and put in the IP address of the AdGuard Home instance and then it should be able to resolve client to their actual names.
-
Hi, I just noticed this, you can make it work, and if it's just for using "friendly names" when browsing it's easy (let me know if you need anything else this does not cover). Simply navigate to filters, DNS rewrites, and set them manually, which you probably tried by now. The trick is, not to use .lan .local as well as any local domain you are using (in case you change from .lan), but something else, and AdGuardHome will resolve the domain to IP, allowing you to call your dvr-server.lan (these things are still used I guess... just kidding :)
-
ran into this thread again. The real answer is that Firewalla won't respond to RTP requests on any subnet where AGH is configured as the DNS server, so if this question is still relevant (highly unlikely :), and AGH is se as RTP server in AGH, just create a new subnet where the gateway (x.x.x.1) remains the DNS for the subnet, and add that network gateway/original unchanged DNS server on AGH, and firwalla will answer all RTP requests, for all clients on all local networks, regardless of firewall rules. If you don't have enough phyical ports, use a managed switch and configure a Firewalla vlan network with Trunk port connected to Firewalla, and access port, using the vlan ID, with AGH MacVlan IP in that subnet.
Please sign in to leave a comment.
Comments
3 comments