Thanks. I successfully updated per your instruction and it works!
Could you please still elaborate, I want to understand what I actually did?
DDNS service ran on the router, adguard already served the DNS queries to 192.168.1.1 which was my router, so how come it only worked once I changed it to local host?
AGH doesn't listen on localhost, but the default config for the router itself is to query the DNS on 127.0.0.1.
name resolution is broken, until you change the settings in AGH or the router.
When changing in the router, you mean changing directly in /etc/resolv.conf?
I noticed that DDNS works fine (with certificates authenticating) if I configure the nameservers in /etc/resolv.conf to 1.1.1.1, but then the router won't be using AGH.
If I setup the nameservers there to 127.0.0.1, or 192.168.1.1 I can't get DDNS to work through https (in the case of duckdns.org).
So what I just tested, I picked some AGH blocklist, windows spyblocker list, grabbed a blocked host, in this case: bn3sch020010560.wns.windows.com
Pinged it to it through my own machine (connected to my router), it did not work.
ping: sendto: Socket is not connected
Request timeout for icmp_seq 0
SSH'ed into my router, checked /etc/resolv.conf, where I actually currently have 192.168.1.1 as the name server, however, no icmp error bn3sch020010560.wns.windows.com, but re-routed to localhost.
The error I have is a certification failure, probably because I am pinging locally as you said, when I change the /etc/resolv.conf to 1.1.1.1 I successfully get DDNS to work.
194025 ERROR : cURL Error: '60'
194025 : curl: (60) Cert verify failed: BADCERT_CN_MISMATCH
More details here: https://curl.se/docs/sslcerts.html
curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.
194025 WARN : Transfer failed - retry 201/0 in 60 seconds
I just changed the resolv.conf to 1.1.1.1 and I still get bn3sch020010560.wns.windows.com blocked? Do I need to force a restart on resolv.conf somehow? I am pretty sure I don't since last time when I had opkg update not working due to wrong config, a simple save worked fine.
Ok, not sure what happened, but my current nameserver is 8.8.8.8 for example, and yes, AGH doesn't apply within the rooter anymore (when sshed), while AGH properly works for any clients on the network under the router.
If I keep this configuration, I successfully get DDNS to work.
Is there anything negative about this? What about the fact that it seems that /etc/resolv.conf always seem to get reset back to it's default config of nameservers being 127.0.0.1?
You were right, there was some blocklist blocking duckdns.org...
Added it to my custom filter rules: @@||duckdns.org^
Works fine now.
Ok, now to the next thing, how to stop AGH crashing my network every time I update it (even with a single added third party blocklist) and I got 512 MB of RAM, which is not much, but also not 64 or so.
Anything, I just added the filter rule mentioned above, AGH crashed my router then needed to restart AGH. Happened the first moment I added a custom blocklist, I think it only had like 3000 entries too. Worked perfectly fine with any of the default blocklists.
Also, total router (not only from AGH) ram usage is about 60% at all times, but when updating something I can see it starts to shoot up and eventually crashing everything.
EDIT: Possibly also happening on every filter update interval.