AdGuard Home and dnsmasq rDNS

Hello.

I've installed AdGuard Home following this guide:
https://openwrt.org/docs/guide-user/services/dns/adguard-home

AdGuard Home is listening well on port 53, and all clients on the network are querying it successfully, except for the router itself, which is unable to resolve anything.

Additionally, reverse DNS does not work because dnsmasq is not listening on port 54, even though it is instructed to do so.

I've tried to remove every possible conflicting setting in the network and DHCP config, but the issue persists and I don't see anything relevant in the logs.

So, the first question is:

  • why dnsmasq does not want to listen on port 54
    and next:
  • why dnsmasq is unable to resolve any domains

Here is my network config:

config interface 'loopback'
        option device 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'

config globals 'globals'
        option ula_prefix 'fd83:8959:32e0::/48'

config device
        option name 'br-lan'
        option type 'bridge'
        list ports 'lan1'
        list ports 'lan2'
        list ports 'lan3'

config interface 'lan'
        option device 'br-lan'
        option proto 'static'
        option ipaddr '192.168.1.1'
        option netmask '255.255.255.0'
        option ip6assign '60'

config interface 'wan'
        option device 'wan'
        option proto 'dhcp'
        option hostname '*'

config interface 'wan6'
        option device 'wan'
        option proto 'dhcpv6'

The dhcp config:

config dnsmasq
        option rebind_protection '0'
        option local '/lan/'
        option domain 'lan'
        option cachesize '1000'
        option authoritative '1'
        option readethers '1'
        option leasefile '/tmp/dhcp.leases'
        option ednspacket_max '1232'
        option sequential_ip '1'
        option dhcpleasemax '250'
        option confdir '/tmp/dnsmasq.d'
        option noresolv '0'
        option port '54'
        list server '192.168.1.1'
        list interface 'lan'

config dhcp 'lan'
        option interface 'lan'
        option start '200'
        option limit '250'
        option leasetime '12h'
        option dhcpv4 'server'
        option dhcpv6 'server'
        option ra 'server'
        option ra_slaac '1'
        list ra_flags 'managed-config'
        list ra_flags 'other-config'
        list dhcp_option '6,192.168.1.1'
        list dhcp_option '3,192.168.1.1'
        list dns 'fd83:8959:32e0::1'

config dhcp 'wan'
        option interface 'wan'
        option ignore '1'

config odhcpd 'odhcpd'
        option maindhcp '0'
        option leasefile '/tmp/hosts/odhcpd'
        option leasetrigger '/usr/sbin/odhcpd-update'
        option loglevel '4'

And the logs (re)starting dnsmasq

Thu Jun  6 17:49:37 2024 daemon.info dnsmasq[1]: started, version 2.90 cachesize 1000
Thu Jun  6 17:49:37 2024 daemon.info dnsmasq[1]: compile time options: IPv6 GNU-getopt no-DBus UBus no-i18n no-IDN DHCP no-DHCPv6 no-Lua TFTP no-conntrack no-ipset no-nftset no-auth no-cryptohash no-DNSSEC no-ID loop-detect inotify dumpfile
Thu Jun  6 17:49:37 2024 daemon.info dnsmasq[1]: UBus support enabled: connected to system bus
Thu Jun  6 17:49:37 2024 daemon.info dnsmasq-dhcp[1]: DHCP, IP range 192.168.1.200 -- 192.168.1.254, lease time 12h
Thu Jun  6 17:49:37 2024 daemon.info dnsmasq-dhcp[1]: DHCP, sockets bound exclusively to interface br-lan
Thu Jun  6 17:49:37 2024 daemon.info dnsmasq[1]: using nameserver 192.168.1.1#53
Thu Jun  6 17:49:37 2024 daemon.info dnsmasq[1]: using only locally-known addresses for test
Thu Jun  6 17:49:37 2024 daemon.info dnsmasq[1]: using only locally-known addresses for onion
Thu Jun  6 17:49:37 2024 daemon.info dnsmasq[1]: using only locally-known addresses for localhost
Thu Jun  6 17:49:37 2024 daemon.info dnsmasq[1]: using only locally-known addresses for local
Thu Jun  6 17:49:37 2024 daemon.info dnsmasq[1]: using only locally-known addresses for invalid
Thu Jun  6 17:49:37 2024 daemon.info dnsmasq[1]: using only locally-known addresses for bind
Thu Jun  6 17:49:37 2024 daemon.info dnsmasq[1]: using only locally-known addresses for lan
Thu Jun  6 17:49:37 2024 daemon.info dnsmasq[1]: reading /tmp/resolv.conf.d/resolv.conf.auto
Thu Jun  6 17:49:37 2024 daemon.info dnsmasq[1]: using nameserver 192.168.1.1#53
Thu Jun  6 17:49:37 2024 daemon.info dnsmasq[1]: using nameserver 212.27.40.240#53
Thu Jun  6 17:49:37 2024 daemon.info dnsmasq[1]: using nameserver 212.27.40.241#53
Thu Jun  6 17:49:37 2024 daemon.info dnsmasq[1]: using nameserver fd0f:ee:b0::1#53
Thu Jun  6 17:49:37 2024 daemon.info dnsmasq[1]: using only locally-known addresses for test
Thu Jun  6 17:49:37 2024 daemon.info dnsmasq[1]: using only locally-known addresses for onion
Thu Jun  6 17:49:37 2024 daemon.info dnsmasq[1]: using only locally-known addresses for localhost
Thu Jun  6 17:49:37 2024 daemon.info dnsmasq[1]: using only locally-known addresses for local
Thu Jun  6 17:49:37 2024 daemon.info dnsmasq[1]: using only locally-known addresses for invalid
Thu Jun  6 17:49:37 2024 daemon.info dnsmasq[1]: using only locally-known addresses for bind
Thu Jun  6 17:49:37 2024 daemon.info dnsmasq[1]: using only locally-known addresses for lan
Thu Jun  6 17:49:37 2024 daemon.info dnsmasq[1]: read /etc/hosts - 6 names
Thu Jun  6 17:49:37 2024 daemon.info dnsmasq[1]: read /tmp/hosts/dhcp.cfg01411c - 198 names
Thu Jun  6 17:49:37 2024 daemon.info dnsmasq[1]: read /tmp/hosts/odhcpd - 3 names
Thu Jun  6 17:49:37 2024 daemon.info dnsmasq-dhcp[1]: read /etc/ethers - 0 addresses

And my simple tests:

# nmap 192.168.1.1
Starting Nmap 7.95 ( https://nmap.org ) at 2024-06-06 17:49 CEST
Nmap scan report for 192.168.1.1
Host is up (0.000044s latency).
Not shown: 996 closed tcp ports (reset)
PORT     STATE SERVICE
22/tcp   open  ssh
53/tcp   open  domain
80/tcp   open  http
8080/tcp open  http-proxy

Nmap done: 1 IP address (1 host up) scanned in 13.35 seconds
root@office:/etc/config# ping -c2 google.fr
ping: bad address 'google.fr'
root@office:/etc/config# ping -c2 studio.lan
ping: bad address 'studio.lan'

Thanks for your help.

Thank you for the suggestion; it was very helpful.

I made the following changes in the /etc/adguardhome.yaml file:

dns:
  bind_hosts:
    - 127.0.0.1
    - 192.168.1.1
  port: 53

As a result, OpenWRT can now successfully resolve domains.

Making progress, one step at a time! :slight_smile:

The remaining issue is that dnsmasq is not listening on port 54 as expected, causing local and reverse resolution to not work.