DDNS does not work anymore (possibly after installing AGH)

Not 100% sure, but I think it stopped working after I installed AGH, not sure since I've had the config for 2 days so cannot pin point everything.

Here are the logs:

nslookup: write to '::1': Connection refused
 153545  WARN : Get registered/public IP for '[redacted].[redacted].com' failed - retry 1/0 in 60 seconds
 153645       : #> /usr/bin/nslookup [redacted].[redacted].com  >/var/run/ddns/myddns_ipv4.dat 2>/var/run/ddns/myddns_ipv4.err
 153645 ERROR : BusyBox nslookup error: '1'

Could you elaborate further? Not sure what I am achieving and where.

AGH works fine, it's just that my DDNS clinet doesn't upload my current IP to cloudflare as it used to?

Thanks. I successfully updated per your instruction and it works!

Could you please still elaborate, I want to understand what I actually did?

DDNS service ran on the router, adguard already served the DNS queries to 192.168.1.1 which was my router, so how come it only worked once I changed it to local host?

AGH doesn't listen on localhost, but the default config for the router itself is to query the DNS on 127.0.0.1.
name resolution is broken, until you change the settings in AGH or the router.

1 Like

When changing in the router, you mean changing directly in /etc/resolv.conf?

I noticed that DDNS works fine (with certificates authenticating) if I configure the nameservers in /etc/resolv.conf to 1.1.1.1, but then the router won't be using AGH.

If I setup the nameservers there to 127.0.0.1, or 192.168.1.1 I can't get DDNS to work through https (in the case of duckdns.org).

@frollic

Could you please let me know how to resolve this issue, namely:

So this is despite me both having 127.0.0.1 and 192.168.1.1 in the DNS settings in the adguardhome.yaml file.

@psherman

Do you perhaps have any input on the issue I'm having with , I'll quote my response from the other post:

is that an actual issue ?

have you checked if AGH perhaps blocks the DDNS provider, or the IP lookup site ?

So what I just tested, I picked some AGH blocklist, windows spyblocker list, grabbed a blocked host, in this case: bn3sch020010560.wns.windows.com

Pinged it to it through my own machine (connected to my router), it did not work.

ping: sendto: Socket is not connected
Request timeout for icmp_seq 0

SSH'ed into my router, checked /etc/resolv.conf, where I actually currently have 192.168.1.1 as the name server, however, no icmp error bn3sch020010560.wns.windows.com, but re-routed to localhost.

The error I have is a certification failure, probably because I am pinging locally as you said, when I change the /etc/resolv.conf to 1.1.1.1 I successfully get DDNS to work.

 194025 ERROR : cURL Error: '60'
 194025       : curl: (60) Cert verify failed: BADCERT_CN_MISMATCH
More details here: https://curl.se/docs/sslcerts.html

curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.
 194025  WARN : Transfer failed - retry 201/0 in 60 seconds

check the date on the router.
check if you need to install the openwrt cert package, I don't remember the name of it though.

All cert packages installed, the date is alright.

I just changed the resolv.conf to 1.1.1.1 and I still get bn3sch020010560.wns.windows.com blocked? Do I need to force a restart on resolv.conf somehow? I am pretty sure I don't since last time when I had opkg update not working due to wrong config, a simple save worked fine.

@frollic

Ok, not sure what happened, but my current nameserver is 8.8.8.8 for example, and yes, AGH doesn't apply within the rooter anymore (when sshed), while AGH properly works for any clients on the network under the router.

If I keep this configuration, I successfully get DDNS to work.

Is there anything negative about this? What about the fact that it seems that /etc/resolv.conf always seem to get reset back to it's default config of nameservers being 127.0.0.1?

not really, the router itself doesn't generate any requests that would require AGH.

yes, it gets overwritten.

But why don't the 127.0.0.1 works properly in my case? I have it listed in my AGH config as you instructed?

Sure, should I somehow overwrite that process for good? How to fix the issue on hand? A cronjob?

I feel like I am putting bandages and not understanding why my current config won't work with the defaults.

you can always verify it by running nslookup google.com 127.0.0.1.

usually this is only an issue post reboot, and you can add an echo namserver ... to the local start up script.

it's also a config option somewhere in the UI :slight_smile:

1 Like

You were right, there was some blocklist blocking duckdns.org...

Added it to my custom filter rules: @@||duckdns.org^

Works fine now.

Ok, now to the next thing, how to stop AGH crashing my network every time I update it (even with a single added third party blocklist) and I got 512 MB of RAM, which is not much, but also not 64 or so.

Update what, the application or the list(s) ?

Anything, I just added the filter rule mentioned above, AGH crashed my router then needed to restart AGH. Happened the first moment I added a custom blocklist, I think it only had like 3000 entries too. Worked perfectly fine with any of the default blocklists.

Also, total router (not only from AGH) ram usage is about 60% at all times, but when updating something I can see it starts to shoot up and eventually crashing everything.

EDIT: Possibly also happening on every filter update interval.

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.