Hi, i have followed very carefully the documentation to set up the adguardhome, but still, no luck bringing it, there is something going wrong on dns port, how do i correct it?
Setup AGH through the web interface
On first time setup the default web interface port is TCP 3000.
Go to http://192.168.1.1:3000/ (If your router IP is not 192.168.1.1, change this accordingly)
Setup the Admin Web Interface to listen on 192.168.1.1 at port 8080. (Changing the web interface port is optional)
Set DNS server to listen on 192.168.1.1 at port 53.
Create an user and choose a strong password.
root@R6220:/usr/bin# logread -e AdGuardHome
Fri Oct 14 01:33:48 2022 daemon.err AdGuardHome[3784]: 2022/10/13 17:33:48.913729 [info] AdGuard Home, version v0.107.6
Fri Oct 14 01:33:48 2022 daemon.err AdGuardHome[3784]: 2022/10/13 17:33:48.914049 [info] This is the first time AdGuard Home is launched
Fri Oct 14 01:33:48 2022 daemon.err AdGuardHome[3784]: 2022/10/13 17:33:48.914139 [info] Checking if AdGuard Home has necessary permissions
Fri Oct 14 01:33:48 2022 daemon.err AdGuardHome[3784]: 2022/10/13 17:33:48.915775 [info] AdGuard failed to bind to port 53 due to listen tcp 127.0.0.1:53: bind: address already in use
Fri Oct 14 01:33:48 2022 daemon.err AdGuardHome[3784]:
Fri Oct 14 01:33:48 2022 daemon.err AdGuardHome[3784]: Please note, that this is crucial for a DNS server to be able to use that port.
Fri Oct 14 01:33:48 2022 daemon.err AdGuardHome[3784]: 2022/10/13 17:33:48.925953 [info] Initializing auth module: /tmp/adguardhome/data/sessions.db
Fri Oct 14 01:33:48 2022 daemon.err AdGuardHome[3784]: 2022/10/13 17:33:48.928390 [info] auth: initialized. users:0 sessions:0
Fri Oct 14 01:33:48 2022 daemon.err AdGuardHome[3784]: 2022/10/13 17:33:48.928717 [info] Initialize web module
Fri Oct 14 01:33:48 2022 daemon.err AdGuardHome[3784]: 2022/10/13 17:33:48.928909 [info] This is the first launch of AdGuard Home, redirecting everything to /install.html
Fri Oct 14 01:33:48 2022 daemon.err AdGuardHome[3784]: 2022/10/13 17:33:48.929689 [info] AdGuard Home is available at the following addresses:
Fri Oct 14 01:33:48 2022 daemon.err AdGuardHome[3784]: 2022/10/13 17:33:48.934734 [info] Go to http://127.0.0.1:3000
Fri Oct 14 01:33:48 2022 daemon.err AdGuardHome[3784]: 2022/10/13 17:33:48.934931 [info] Go to http://[::1]:3000
Fri Oct 14 01:33:48 2022 daemon.err AdGuardHome[3784]: 2022/10/13 17:33:48.935031 [info] Go to http://192.168.8.100:3000
Fri Oct 14 01:33:48 2022 daemon.err AdGuardHome[3784]: 2022/10/13 17:33:48.935134 [info] Go to http://172.16.1.1:3000
Fri Oct 14 01:33:48 2022 daemon.err AdGuardHome[3784]: 2022/10/13 17:33:48.935239 [info] Go to http://[fdec:c9ad:8563::1]:3000
Fri Oct 14 01:45:50 2022 daemon.err AdGuardHome[3784]: 2022/10/13 17:45:50.192503 [info] Starting the DNS proxy server
Fri Oct 14 01:45:50 2022 daemon.err AdGuardHome[3784]: 2022/10/13 17:45:50.192746 [info] Ratelimit is enabled and set to 20 rps
Fri Oct 14 01:45:50 2022 daemon.err AdGuardHome[3784]: 2022/10/13 17:45:50.192861 [info] The server is configured to refuse ANY requests
Fri Oct 14 01:45:50 2022 daemon.err AdGuardHome[3784]: 2022/10/13 17:45:50.192970 [info] DNS cache is enabled
Fri Oct 14 01:45:50 2022 daemon.err AdGuardHome[3784]: 2022/10/13 17:45:50.193399 [info] MaxGoroutines is set to 300
Fri Oct 14 01:45:50 2022 daemon.err AdGuardHome[3784]: 2022/10/13 17:45:50.193567 [info] Creating the UDP server socket
Fri Oct 14 01:45:50 2022 daemon.err AdGuardHome[3784]: 2022/10/13 17:45:50.194243 [info] Listening to udp://172.16.1.1:53
Fri Oct 14 01:45:50 2022 daemon.err AdGuardHome[3784]: 2022/10/13 17:45:50.194391 [info] Creating a TCP server socket
Fri Oct 14 01:45:50 2022 daemon.err AdGuardHome[3784]: 2022/10/13 17:45:50.194743 [info] Listening to tcp://172.16.1.1:53
Fri Oct 14 01:45:50 2022 daemon.err AdGuardHome[3784]: 2022/10/13 17:45:50.196921 [info] Entering the tcp listener loop on 172.16.1.1:53
Fri Oct 14 01:45:50 2022 daemon.err AdGuardHome[3784]: 2022/10/13 17:45:50.198537 [info] Entering the UDP listener loop on 172.16.1.1:53
Fri Oct 14 01:45:51 2022 daemon.err AdGuardHome[3784]: 2022/10/13 17:45:51.228440 [info] Go to http://172.16.1.1:8080
Fri Oct 14 01:45:51 2022 daemon.err AdGuardHome[3784]: 2022/10/13 17:45:51.494757 [info] saving filter 1 contents to: /tmp/adguardhome/data/filters/1.txt
Fri Oct 14 01:45:51 2022 daemon.err AdGuardHome[3784]: 2022/10/13 17:45:51.495251 [info] updated filter 1: 943030 bytes, 48856 rules
root@R6220:/usr/bin# AdGuardHome
2022/10/13 18:15:36.605620 [info] AdGuard Home, version v0.107.6
2022/10/13 18:15:36.606223 [info] This is the first time AdGuard Home is launched
2022/10/13 18:15:36.606630 [info] Checking if AdGuard Home has necessary permissions
2022/10/13 18:15:36.608303 [info] AdGuard Home can bind to port 53
2022/10/13 18:15:36.621271 [info] Initializing auth module: /usr/bin/data/sessions.db
2022/10/13 18:15:37.177726 [info] auth: initialized. users:0 sessions:0
2022/10/13 18:15:37.177986 [info] Initialize web module
2022/10/13 18:15:37.178208 [info] This is the first launch of AdGuard Home, redirecting everything to /install.html
2022/10/13 18:15:37.178714 [info] AdGuard Home is available at the following addresses:
2022/10/13 18:15:37.184095 [info] Go to http://127.0.0.1:3000
2022/10/13 18:15:37.184311 [info] Go to http://[::1]:3000
2022/10/13 18:15:37.184487 [info] Go to http://192.168.8.100:3000
2022/10/13 18:15:37.184642 [info] Go to http://172.16.1.1:3000
2022/10/13 18:15:37.184805 [info] Go to http://[fdec:c9ad:8563::1]:3000
as part of the setup you should have either moved dnsmasq to port 54 and set PTR requests from AGH to dnsmasq on port 54. or setup dnsmasq to use AGH.
Personally I suggest moving dnsmasq to port 54 and using it for downstream (internal lan lookups) and using AGH for primary dns.
Ideally AGH would be replacing DHCP provided by openwrt with its own dhcp server which would remove the need for dnsmasq internal PTR lookups. However the AGH team have moved their DHCP revamp to version 109 on their timetable. it is possible with a simple network that you could do this anyway but I haven't tested it personally.
What I have tested and detail in my thread is this split system where AGH does filtering etc and dnsmasq provides internal PTR lookups.
There is some differences with the opkg version and my thread. the edge version is installed to /opt and is saved to disk. The opkg version is the stable 107 release and also filters and logs are saved in ram and lost when the router is rebooted.
I can't really figure it out, which one did I miss out on?
I have already moved the dnsmasq to port 54.
Please can you enlighten me?
Appreciated.
# Get the first IPv4 and IPv6 Address of router and store them in following variables for use during the script.
NET_ADDR=$(/sbin/ip -o -4 addr list br-lan | awk 'NR==1{ split($4, ip_addr, "/"); print ip_addr[1] }')
NET_ADDR6=$(/sbin/ip -o -6 addr list br-lan scope global | awk 'NR==1{ split($4, ip_addr, "/"); print ip_addr[1] }')
echo "Router IPv4 : ""${NET_ADDR}"
echo "Router IPv6 : ""${NET_ADDR6}"
# 1. Enable dnsmasq to do PTR requests.
# 2. Reduce dnsmasq cache size as it will only provide PTR/rDNS info.
# 3. Disable rebind protection. Filtered DNS service responses from blocked domains are 0.0.0.0 which causes dnsmasq to fill the system log with possible DNS-rebind attack detected messages.
# 4. Move dnsmasq to port 54.
# 5. Set Ipv4 DNS advertised by option 6 DHCP
# 6. Set Ipv6 DNS advertised by DHCP
uci set dhcp.@dnsmasq[0].noresolv="0"
uci set dhcp.@dnsmasq[0].cachesize="1000"
uci set dhcp.@dnsmasq[0].rebind_protection='0'
uci set dhcp.@dnsmasq[0].port="54"
uci -q delete dhcp.@dnsmasq[0].server
uci add_list dhcp.@dnsmasq[0].server="${NET_ADDR}"
#Delete existing config ready to install new options.
uci -q delete dhcp.lan.dhcp_option
uci -q delete dhcp.lan.dns
# DHCP option 6: which DNS (Domain Name Server) to include in the IP configuration for name resolution
uci add_list dhcp.lan.dhcp_option='6,'"${NET_ADDR}"
#DHCP option 3: default router or last resort gateway for this interface
uci add_list dhcp.lan.dhcp_option='3,'"${NET_ADDR}"
#Set IPv6 Announced DNS
for OUTPUT in $(ip -o -6 addr list br-lan scope global | awk '{ split($4, ip_addr, "/"); print ip_addr[1] }')
do
echo "Adding $OUTPUT to IPV6 DNS"
uci add_list dhcp.lan.dns=$OUTPUT
done
uci commit dhcp
/etc/init.d/dnsmasq restart
I'd suggest restarting from scratch. Either use my manual thread with the edge build or use the opkg version but you really should move dnsmasq if you want to use AGH as primary dns.
As I stated in my thread you add an additional latency by piggybacking AGH behind dnsmasq and this is a suboptimal solution. It also uses more memory as dnsmasq forks every request.
:edit: unless you have a massive ip range you require... why are you using a B class subnet? I'd take a look at your networking to ensure that's not part of the problem
The port is not the problem. It's your network setup.
You have multiple ip's and AGH isn't smart enough to listen to them all. You will have to manually edit the yaml file so it listens on all your networks. I'd suggest getting it working with your primary 192.168 range first then add in the other networks.
My router IP is 172.16.1.1, it is behind the isp wan modem IP (192.168.8.100), the wan modem will connect to the internet before the OpenWRT router.
It should not matter what internal IP addresses you are using as long as the private network or agh only recognizes 192.168.x.x addresses or follow the wan modem IP range, right?
curious why you have a B class ip range for internal network. this is your openwrt router yes? otherwise you need to take a serious look at your network and ensure your routing is correct.
you only require dns services on your LAN side. not your WAN.
I am struggling with how to remove the wan IP (192.168.1.100) because it is auto-assigned by the wan modem, the OpenWRT router wan port is connected to the "wan modem" by the LAN cable connection, by taking out the wan IP is to disconnect the internet.
If this is the case, how do I force the Openwrt router to be the main DNS of the network?
I ment remove it from your AGH setup. You obviously still require it to talk to your modem on the WAN interface.
You only require AGH to serve DNS to your internal lan clients on ipv4 and ipv6.
If you have used the script to move dnsmasq to port 54 then AGH should start and function on port 53 and thus be used by your downstream clients. Follow my thread to setup PTR requests to go downstream to dnsmasq and setup AGH as required.
Since AGH is to be the main dns, i have disabled and stopped the dnsmasq due to redundancy, it seems the error has gone.
root@r6220:/usr/bin# AdGuardHome
2022/10/15 13:05:50.512183 [info] AdGuard Home, version v0.107.6
2022/10/15 13:05:50.512597 [info] This is the first time AdGuard Home is launched
2022/10/15 13:05:50.512704 [info] Checking if AdGuard Home has necessary permissions
2022/10/15 13:05:50.513955 [info] AdGuard Home can bind to port 53
2022/10/15 13:05:50.535298 [info] Initializing auth module: /usr/bin/data/sessions.db
2022/10/15 13:05:50.537320 [info] auth: initialized. users:0 sessions:0
2022/10/15 13:05:50.538360 [info] Initialize web module
2022/10/15 13:05:50.539214 [info] This is the first launch of AdGuard Home, redirecting everything to /install.html
2022/10/15 13:05:50.542289 [info] AdGuard Home is available at the following addresses:
2022/10/15 13:05:50.553110 [info] Go to http://127.0.0.1:3000
2022/10/15 13:05:50.554100 [info] Go to http://[::1]:3000
2022/10/15 13:05:50.554800 [info] Go to http://192.168.8.100:3000
2022/10/15 13:05:50.555782 [info] Go to http://172.16.1.1:3000