After installing AdGuard Home, DHCP server doesn't send a DNS server to VLANs

As previously discussed in-depth in Same SSID, some devices can't get internet despite connecting, we concluded with @psherman that AGH is the main cause of the issue.

Steps to reproduce:

Install AGH following the steps in the official wiki:

Have multiple VLANs on different subnets.

https://openwrt.org/docs/guide-user/services/dns/adguard-home#setup

Issue:

Successful connection to router and also to the internet if connecting on the main VLAN (located at 192.168.1.1). So gets connected to the router, successfully obtaining IP in the proper subnet, 192.168.1.1 (router) as the main gateway, and propgated DNS servers by AGH (which listens on 192.168.1.1) so the DNS servers are set to 192.168.1.1. AGH successfully blocks anything specified and works through the DNS servers (DOH, DOT, DOQ as specified)

Successful connection to the router but NO internet connection if connecting to any other VLAN (located on any other subnet other than 192.168.1.1, so for example on a guest network on 192.168.5.1). Gets connection to the router, gets an IP in the right subnet, the proper gateway at 192.168.1.1, however doesn't get any DNS servers, so no internet access. You can resolve the issue if the client ovewriting of the DNS server to get intenet access, since everything else is in place. For example my Fire TV stick does seem to overwrite the DNS server propgated to it by the router, and it never had an issue connecting to the SSID that was under the guest VLAN, while my phone didn't get the connection since by default it did not overwrite the DNS servers.

How to resolve it:

As said above, you can manually overwrite the DNS server propagated from the router on the client side, then everything is working fine since you already get everything, except the DNS servers.

Uninstalling using the uninstallation script:

https://openwrt.org/docs/guide-user/services/dns/adguard-home#uninstalling

All things go back to normal, DNS is properly propagated on all VLANs.

@psherman fill in some details if you think are missing and find them interesting, but I guess I could not manage to get traction on the issue. :frowning:

I don't have much to add here since AGH is outside my expertise.

However, I will say that the specific symptom that AGH seems to introduce is that is somehow causes dnsmasq to not send DHCP option 6 to clients as it would be expected to do under all normal situations (defaulting to the router's IP address when not explicitly specified by the user). I really don't know why this is happening, but I am hoping that someone with AGH experience will be able to point to the cause and solution.

Sorry... I wish I had more to give here.

1 Like

I think I have solved the issue.

So I added DHCP option 6 and 3 on each VLAN interface, pointing to their subnet's gateway. So for example my VLAN_91, DHCP set to 6,192.168.9.1 and 3,192.168.9.1.

I already had traffic rules for DNS and DHCP, or 53, 67, 68. Now I do use DoQ, so I've thought that adding 853 there is also needed, but I read that AGH has some mechanism which handles this, however I would need to test it on my own.

Last and crucial step which I haven't done in the past, is binding the interfaces to AGH:

Scroll down a bit to the dns configuration section.

What I've done is added all the vlan gateways there, e.g.:

# Different network interfaces.
'dns':
    'bind_hosts':
    - '127.0.0.1'
    - '192.168.1.1'
    - '192.168.2.1'
    ...
    - '192.168.9.1'

Now I successfully get connected.

What I am still confused about is the /etc/resolv.conf

Also this file seems to reset all the time, no matter what changes I do, it seems to be back to it's default configuration, not immediately, but the very next day I open it. And this causes me to have DDNS issues: DDNS does not work anymore (possibly after installing AGH) - #6 by wizcourage

1 Like