Installing ADGuardHome causes DNS problem (BananaPi R3)

As it's mentioned in the title I'm using a Banana Pi R3 for this, currently running a snapshot version, r22638-097f350aeb to be exact with 5.15.108 kernel version. I'm not sure if this can be a problem, but I couldn't find any information related to a snapshot version being unable to run adguardhome.
After following this guide: https://openwrt.org/docs/guide-user/services/dns/adguard-home, I can browse with no issue on my Wireless and cabled devices, but when doing a ping google.com or openwrt.org directly into the OpenWRT router while ssh (or in LuCi), it always returns as 'bad address' (opkg update doesn't work either, of course).
After reading tons of posts on the forum, I do know it's something related to DNS, but I'm not sure on how to debug and find this issue. Apart from my Wi-Fi SSID's and packages for diagnostics/utils, there's no crazy custom configuration, everything is at its default state.

A few points that I've tested/done already:

• Changing nameserver 127.0.0.1 to nameserver 1.1.1.1 works (as mentioned on this post), but it's not a definitive answer as I need to change it every time I do a reboot or run /etc/init.d/dnsmasq restart, plus, and not sure why changing this works.
• When setting up AdGuardHome by going to 192.168.1.1:3000, choose only my router as the web interface, changing first port 80 to 8080 and the DNS server remained 53.
• My wan interface is using the options Use DNS servers advertised by peer, I've tried disabling it and adding Google and Cloudflare's DNS and the same with wan6.

Files after installing and configuring everything for AdGuard:

My /etc/resolv.conf:

search lan
nameserver 127.0.0.1
nameserver ::1

My /etc/config/network:

config interface 'loopback'
        option device 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'

config globals 'globals'
        option ula_prefix 'fdb3:90b5:9eae::/48'
        option packet_steering '1'

config device
        option name 'br-lan'
        option type 'bridge'
        list ports 'lan1'
        list ports 'lan2'
        list ports 'lan3'
        list ports 'lan4'
        list ports 'sfp2'

config interface 'lan'
        option device 'br-lan'
        option proto 'static'
        option ipaddr '192.168.1.1'
        option netmask '255.255.255.0'
        option ip6assign '60'

config device
        option name 'br-wan'
        option type 'bridge'
        list ports 'eth1'
        list ports 'wan'

config device
        option name 'eth1'
        option macaddr '3e:69:b1:b4:34:09'

config device
        option name 'wan'
        option macaddr '3e:69:b1:b4:34:09'

config interface 'wan'
        option device 'br-wan'
        option proto 'dhcp'

config interface 'wan6'
        option device 'br-wan'
        option proto 'dhcpv6'

My /etc/config/dhcp:

config dnsmasq
        option domainneeded '1'
        option boguspriv '1'
        option filterwin2k '0'
        option localise_queries '1'
        option rebind_protection '0'
        option rebind_localhost '1'
        option local '/lan/'
        option domain 'lan'
        option expandhosts '1'
        option nonegcache '0'
        option cachesize '1000'
        option authoritative '1'
        option readethers '1'
        option leasefile '/tmp/dhcp.leases'
        option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
        option nonwildcard '1'
        option localservice '1'
        option ednspacket_max '1232'
        option filter_aaaa '0'
        option filter_a '0'
        option confdir '/tmp/dnsmasq.d'
        option noresolv '0'
        option port '54'
        list server '192.168.1.1'

config dhcp 'lan'
        option interface 'lan'
        option start '100'
        option limit '150'
        option leasetime '12h'
        option dhcpv4 'server'
        option dhcpv6 'server'
        option ra 'server'
        option ra_slaac '1'
        list ra_flags 'managed-config'
        list ra_flags 'other-config'
        list dhcp_option '6,192.168.1.1'
        list dhcp_option '3,192.168.1.1'
        list dns 'fdb3:90b5:9eae::1'

config dhcp 'wan'
        option interface 'wan'
        option ignore '1'

config odhcpd 'odhcpd'
        option maindhcp '0'
        option leasefile '/tmp/hosts/odhcpd'
        option leasetrigger '/usr/sbin/odhcpd-update'
        option loglevel '4'

My /tmp/resolv.conf.d/resolv.conf.auto, I've tried with 1.1.1.1 and 8.8.8.8 too, didn't work (I've hidden the nameserver because it's from my ISP, not sure if there are any safety risks by including it, better safe than sorry):

# Interface wan
nameserver "IPS"
nameserver "IPS"
# Interface wan6
nameserver fe80::1%br-wan

nslookup google.com 1.1.1.1 results:

Server:         1.1.1.1
Address:        1.1.1.1#53

Non-authoritative answer:
Name:   google.com
Address: 142.251.129.142
Name:   google.com
Address: 2800:3f0:4001:808::200e

ping google.com results (same as other domains):
ping: bad address 'google.com'

ping 8.8.8.8 results:

PING 8.8.8.8 (8.8.8.8): 56 data bytes
64 bytes from 8.8.8.8: seq=0 ttl=61 time=5.683 ms
64 bytes from 8.8.8.8: seq=1 ttl=61 time=4.062 ms
64 bytes from 8.8.8.8: seq=2 ttl=61 time=4.515 ms
# I stopped it here.
--- 8.8.8.8 ping statistics ---
3 packets transmitted, 3 packets received, 0% packet loss
round-trip min/avg/max = 4.062/4.753/5.683 ms

Now, I'm not an expert, but I would gladly redo all the steps for the AdGuardHome installation and do some extra logging while at it for anyone willing to help me find out what's wrong. Thanks.

• Is there a reason you added these unnecessary DHCP configs?
• What purpose does the list dns stanza serve?

(OpenWrt - at least by default will announce itself as the gateway and DNS server, there's no need to configure that specifically.)

You put 2 PHYs on the same bridge, then gave them the same MAC - why?

What are those configs?

I know this is bad, but I don't really know their purpose beyond what is said on the installation page:

DHCP option 6: which DNS (Domain Name Server) to include in the IP configuration for name resolution

DHCP option 3: default router or last resort gateway for this interface

Set IPv6 Announced DNS (this would be the `list dns`)

Those DHCP configs were introduced in the AdGuard Home setup page, and this steps add the dhcp_options:

NET_ADDR=$(/sbin/ip -o -4 addr list br-lan | awk 'NR==1{ split($4, ip_addr, "/"); print ip_addr[1] }')
NET_ADDR6=$(/sbin/ip -o -6 addr list br-lan scope global | awk 'NR==1{ split($4, ip_addr, "/"); print ip_addr[1] }')
# NET_ADDR6 is not being used

...

# DHCP option 6: which DNS (Domain Name Server) to include in the IP configuration for name resolution
uci add_list dhcp.lan.dhcp_option='6,'"${NET_ADDR}" 
 
#DHCP option 3: default router or last resort gateway for this interface
uci add_list dhcp.lan.dhcp_option='3,'"${NET_ADDR}"
 
#Set IPv6 Announced DNS
for OUTPUT in $(ip -o -6 addr list br-lan scope global | awk '{ split($4, ip_addr, "/"); print ip_addr[1] }')
do
	echo "Adding $OUTPUT to IPV6 DNS"
	uci add_list dhcp.lan.dns=$OUTPUT
done

Well, as I've said before, at this moment I'm not sure what is the purpose of most thing that I did here, this was done through the command above to add the IPV6 to the dhcp.lan.dns.

Edit: just did a reset to test it out, it comes like this from the OpenWrt image, so it's default.
No modifications were made to the devices, if you think this could be a problem, I can do a reset on the BPI-R3 and see if these configurations persist.

I did not understand what you are looking for, if it's what are the configs for the AdGuardHome installation, they begin here on the OpenWrt Wiki.

I'm asking for the Adguard config on your router. Apologies if that's unclear.

No problem, here it is (I did a new installation of AdGuard but same results, this is a fresh config):
This is my /etc/adguardhome.yaml:

bind_host: 192.168.1.1
bind_port: 8080
users:
  - name: zhyp
    password: 
auth_attempts: 5
block_auth_min: 15
http_proxy: ""
language: ""
theme: auto
debug_pprof: false
web_session_ttl: 720
dns:
  bind_hosts:
    - 192.168.1.1
  port: 53
  anonymize_client_ip: false
  protection_enabled: true
  blocking_mode: default
  blocking_ipv4: ""
  blocking_ipv6: ""
  blocked_response_ttl: 10
  parental_block_host: family-block.dns.adguard.com
  safebrowsing_block_host: standard-block.dns.adguard.com
  ratelimit: 20
  ratelimit_whitelist: []
  refuse_any: true
  upstream_dns:
    - https://dns10.quad9.net/dns-query
  upstream_dns_file: ""
  bootstrap_dns:
    - 9.9.9.10
    - 149.112.112.10
    - 2620:fe::10
    - 2620:fe::fe:10
  all_servers: false
  fastest_addr: false
  fastest_timeout: 1s
  allowed_clients: []
  disallowed_clients: []
  blocked_hosts:
    - version.bind
    - id.server
    - hostname.bind
  trusted_proxies:
    - 127.0.0.0/8
    - ::1/128
  cache_size: 4194304
  cache_ttl_min: 0
  cache_ttl_max: 0
  cache_optimistic: false
  bogus_nxdomain: []
  aaaa_disabled: false
  enable_dnssec: false
  edns_client_subnet: false
  max_goroutines: 300
  handle_ddr: true
  ipset: []
  ipset_file: ""
  filtering_enabled: true
  filters_update_interval: 24
  parental_enabled: false
  safesearch_enabled: false
  safebrowsing_enabled: false
  safebrowsing_cache_size: 1048576
  safesearch_cache_size: 1048576
  parental_cache_size: 1048576
  cache_time: 30
  rewrites: []
  blocked_services: []
  upstream_timeout: 10s
  private_networks: []
  use_private_ptr_resolvers: true
  local_ptr_upstreams: []
  use_dns64: false
  dns64_prefixes: []
  serve_http3: false
  use_http3_upstreams: false
tls:
  enabled: false
  server_name: ""
  force_https: false
  port_https: 443
  port_dns_over_tls: 853
  port_dns_over_quic: 853
  port_dnscrypt: 0
  dnscrypt_config_file: ""
  allow_unencrypted_doh: false
  certificate_chain: ""
  private_key: ""
  certificate_path: ""
  private_key_path: ""
  strict_sni_check: false
querylog:
  enabled: true
  file_enabled: true
  interval: 2160h
  size_memory: 1000
  ignored: []
statistics:
  enabled: true
  interval: 1
  ignored: []
filters:
  - enabled: true
    url: https://adguardteam.github.io/HostlistsRegistry/assets/filter_1.txt
    name: AdGuard DNS filter
    id: 1
  - enabled: false
    url: https://adguardteam.github.io/HostlistsRegistry/assets/filter_2.txt
    name: AdAway Default Blocklist
    id: 2
whitelist_filters: []
user_rules: []
dhcp:
  enabled: false
  interface_name: ""
  local_domain_name: lan
  dhcpv4:
    gateway_ip: ""
    subnet_mask: ""
    range_start: ""
    range_end: ""
    lease_duration: 86400
    icmp_timeout_msec: 1000
    options: []
  dhcpv6:
    range_start: ""
    lease_duration: 86400
    ra_slaac_only: false
    ra_allow_slaac: false
clients:
  runtime_sources:
    whois: true
    arp: true
    rdns: true
    dhcp: true
    hosts: true
  persistent: []
log_file: ""
log_max_backups: 0
log_max_size: 100
log_max_age: 3
log_compress: false
log_localtime: false
verbose: false
os:
  group: ""
  user: ""
  rlimit_nofile: 0
schema_version: 16

Not sure if there's anything I can show here.
p.s. While setting up AdGuard, I choose only br-lan - 192.168.1.1:53 as my Server DNS.

Chicken and the egg config?

I see no outside DNS servers configured anywhere.

What public servers are configured to receive ypur requests?

Just WAN assigned DNS from the ISP?

Try assigning DNS.

@trendy @frollic - do you know if it should it be added to WAN configuration or Adguard?

On my lan there are no custom dns servers.
But assigning google DNS for example doesn't help:

config interface 'lan'
    option device 'br-lan'
    option proto 'static'
    option ipaddr '192.168.1.1'
    option netmask '255.255.255.0'
    option ip6assign '60'
    list dns '8.8.8.8'

On my wan the ISP DNS is assigned, but when changing it to google DNS, it doesn't help either:

config interface 'wan'
    option device 'br-wan'
    option proto 'dhcp'
    option peerdns '0'
    list dns '8.8.8.8'

I judge that this is what you meant by saying this:

If it wasn't please enlighten me

I think the problem is that you are binding adguardhome to 192.168.1.1, but resolv.conf has 127.0.0.1
A netstat -lnp | grep 53 will clarify that.
You can bind adguardhome to all addresses 0.0.0.0
Or you can delete the symlink /etc/resolv.conf and create a new file with the nameserver 192.168.1.1 which can survive the reboot, but not the upgrade, so add it also in the sysupgrade list of files.

This is the output of:

netstat -lnp | grep 53
tcp        0      0 192.168.1.1:53          0.0.0.0:*               LISTEN      7496/AdGuardHome
udp        0      0 192.168.1.1:53          0.0.0.0:*                           7496/AdGuardHome

I'm going to try to bind adguardhome to all addresses and see it's going to help.

Here you got your problem.

Can you explain so I can understand it better? It's not clear for me yet what is the problem haha.

You have bound adg to 192.168.1.1, but the nameserver in resolv.conf is 127.0.0.1 .

Ah, ok, so by either bounding ADG to 0.0.0.0 or changing resolv.conf nameserver to 192.168.1.1 it should fix it?

Not should, will.
@mercygroundabyss @jamesmacwhite maybe you could edit the wikipage to avoid this situation in the future. Also I don't see the point to alter dhcp options 3 and 6 if you are going to advertise again OpenWrt.

It did fix it.
Thank you so much @trendy and @lleachii for the help.

I will try without them.

This was the part that said to bind to 192.168.1.1 or the router IP:

3. Set DNS server to listen on `192.168.1.1` at port `53`.

I generally use the opkg version and have never modified the binding for my own configuration, so it's something we should update if it's causing problems, I think that script was originally added for manual installation steps, if you didn't use the opkg version.

Hello James.
I did use the opkg version of adguard home, and followed exactly how it was described on the setup guide above. The binding process was part of the AdGuard Home setup on the Web GUI, not on the ssh'ed router. Besides that, everything worked out great!

Thanks for letting me know! I will have a look at the Wiki guidance to see what we can do to make it clearer.

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.