FWG + AdGuard Home + NextDNS

Comments

5 comments

  • Avatar
    Jef

    I too had some oddities here based in what I thought about it works.

    I did this.

    1 - have a Pi running pihole on a dedicated segment connected to FWG.
    2 - on the FWG WAN port I designate the DNS to be the Pihole IP
    3 - on each other FWG lan I specify the pihole IP
    4 I disabled dns booster for a subset of devices

    For a few days I only saw the subset of devices hitting pihole plus the IP that is FWG

    I noticed yesterday that now all 30+ devices now show up in pihole stats but they still have dns booster on.

    So it seems I don't need to turn off dns booster to get discrete stats now?

    I have ad blocking and DoH disabled on the FWG

    0
    Comment actions Permalink
  • Avatar
    Dave Kellermanns

    Jef - how did you change the WAN DNS? Did you configure it as static? Thanks, Dave

    0
    Comment actions Permalink
  • Avatar
    David Osborne

    Okay, reverted to just the FWG for now.

    What I found was that over time, responsiveness started to drag dramatically. It's possible that with the Booster enabled there was some form of loop behavior occurring. Disabling it didn't seem to help, either. An nslookup on any domain resulted in a timeout, though DNS requests do eventually resolve in a browser. Not sure what that means. Initiating RDP to a local box took significantly longer as well.

    Another thing I found was that disabling IPV6 on the LAN segment entirely disabled AGH's ability to resolve ARP entries. No idea why, I'm not sure what it's doing under the hood. Upon reenabling IPV6, hostnames began to resolve again in AGH.

    I also attempted to forward local DNS queries from AGH to the FWG, as you would using conditional forwarding on a PiHole, and that certainly created some kind of loop behavior, killing all requests for DNS.

    I'm going to continue fiddling with it, but in the meantime I have a simple rule set up to block ytimg.com on the devices I don't want YouTube available on.

    0
    Comment actions Permalink
  • Avatar
    Jef

    @DaveK - on my WAN I set it to static IP and set the primary DNS server to be my pihole address. So it has a public IP from ONT, but DNS is private IP

    0
    Comment actions Permalink
  • Avatar
    Jef

    One point to note i cleared my pihole logs and now I am only seeing traffic from the devices I turned off DNS booster for. So I wonder if when I last booted the FWG if DNS booster startsup delayed and at first all the devices had used the pihole ip I have set from the LAN? Maybe I will restart the FWG and see if they connect again

    0
    Comment actions Permalink

Please sign in to leave a comment.