I am running OpenWrt 22.03.3 on x86. I used the firmware selector to make a custom image that included Adguard Home, luci-ssl, and a few other items. I am running 3 vlans: 192.168.1.1(local access), 192.168.10.1 (main), and 192.168.20.1 (guest).
When I set the following, Adguard Home will not start and I don't have internet on the vlans but the router can access the internet.
dns:
bind_hosts:
- ::1
- 127.0.0.1
- 192.168.1.1
- 192.168.10.1
- 192.168.20.1
port: 53
When I set the following, Adguard home works, I have internet on the vlans, but the router can't access the internet.
dns:
bind_hosts:
- 192.168.1.1
- 192.168.10.1
- 192.168.20.1
port: 53
The only way I can get everything to work properly is to set the bind dns to 0.0.0.0 in adguardhome.yaml. It seems like a bad idea to use 0.0.0.0. My current adguardhome.yaml and dhcp are included below.
Here's my adguardhome.yaml file.
bind_host: 192.168.1.1
bind_port: 8080
beta_bind_port: 0
users:
- name: root
password: $2a$10$FTh79Ca464QWEk9BSiTpquMDnKfoRlqe67Pcyyy3kaUCsoLqN0s86
auth_attempts: 5
block_auth_min: 15
http_proxy: ""
language: ""
debug_pprof: false
web_session_ttl: 720
dns:
bind_hosts:
- 0.0.0.0
port: 53
statistics_interval: 30
querylog_enabled: true
querylog_file_enabled: true
querylog_interval: 720h
querylog_size_memory: 1000
anonymize_client_ip: false
protection_enabled: true
blocking_mode: default
blocking_ipv4: ""
blocking_ipv6: ""
blocked_response_ttl: 10
parental_block_host: family-block.dns.adguard.com
safebrowsing_block_host: standard-block.dns.adguard.com
ratelimit: 20
ratelimit_whitelist: []
refuse_any: true
upstream_dns:
- '[/pool.ntp.org/]1.1.1.1'
- '[/pool.ntp.org/]1.0.0.1'
- tls://dns.adguard-dns.com
- tls://1dot1dot1dot1.cloudflare-dns.com
- tls://dns.quad9.net
upstream_dns_file: ""
bootstrap_dns:
- 9.9.9.10
- 149.112.112.10
- 2620:fe::10
- 2620:fe::fe:10
all_servers: false
fastest_addr: false
fastest_timeout: 1s
allowed_clients: []
disallowed_clients: []
blocked_hosts:
- version.bind
- id.server
- hostname.bind
trusted_proxies:
- 127.0.0.0/8
- ::1/128
cache_size: 4194304
cache_ttl_min: 0
cache_ttl_max: 0
cache_optimistic: false
bogus_nxdomain: []
aaaa_disabled: true
enable_dnssec: true
edns_client_subnet: true
max_goroutines: 300
handle_ddr: true
ipset: []
ipset_file: ""
filtering_enabled: true
filters_update_interval: 24
parental_enabled: true
safesearch_enabled: true
safebrowsing_enabled: true
safebrowsing_cache_size: 1048576
safesearch_cache_size: 1048576
parental_cache_size: 1048576
cache_time: 30
rewrites: []
blocked_services: []
upstream_timeout: 10s
private_networks: []
use_private_ptr_resolvers: true
local_ptr_upstreams:
- 192.168.1.1:54
serve_http3: false
use_http3_upstreams: false
tls:
enabled: false
server_name: ""
force_https: false
port_https: 443
port_dns_over_tls: 853
port_dns_over_quic: 853
port_dnscrypt: 0
dnscrypt_config_file: ""
allow_unencrypted_doh: false
certificate_chain: ""
private_key: ""
certificate_path: ""
private_key_path: ""
strict_sni_check: false
filters:
- enabled: true
url: https://adguardteam.github.io/HostlistsRegistry/assets/filter_1.txt
name: AdGuard DNS filter
id: 1
- enabled: true
url: https://adguardteam.github.io/HostlistsRegistry/assets/filter_27.txt
name: OISD Blocklist Full
id: 1676145614
- enabled: true
url: https://raw.githubusercontent.com/dibdot/DoH-IP-blocklists/master/doh-domains.txt
name: DoH
id: 1676146569
whitelist_filters:
- enabled: true
url: https://raw.githubusercontent.com/anudeepND/whitelist/master/domains/whitelist.txt
name: anudeepND whitelist
id: 1676145615
- enabled: true
url: https://raw.githubusercontent.com/anudeepND/whitelist/master/domains/referral-sites.txt
name: anudeepND referral-sites
id: 1676145616
- enabled: true
url: https://raw.githubusercontent.com/anudeepND/whitelist/master/domains/optional-list.txt
name: anudeepND optional-list
id: 1676145617
user_rules:
- '||si.com^'
- '||deviantart.com^'
dhcp:
enabled: false
interface_name: ""
local_domain_name: lan
dhcpv4:
gateway_ip: ""
subnet_mask: ""
range_start: ""
range_end: ""
lease_duration: 86400
icmp_timeout_msec: 1000
options: []
dhcpv6:
range_start: ""
lease_duration: 86400
ra_slaac_only: false
ra_allow_slaac: false
clients:
runtime_sources:
whois: true
arp: true
rdns: true
dhcp: true
hosts: true
persistent: []
log_file: ""
log_max_backups: 0
log_max_size: 100
log_max_age: 3
log_compress: false
log_localtime: false
verbose: false
os:
group: ""
user: ""
rlimit_nofile: 0
schema_version: 14
Here's my dhcp file.
config dnsmasq
option domainneeded '1'
option localise_queries '1'
option rebind_protection '0'
option local '/lan/'
option domain 'lan'
option expandhosts '1'
option authoritative '1'
option readethers '1'
option leasefile '/tmp/dhcp.leases'
option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
option localservice '1'
option ednspacket_max '1232'
option cachesize '1000'
option port '54'
list server '192.168.1.1'
list server '192.168.10.1'
list server '192.168.20.1'
config dhcp 'lan'
option interface 'lan'
option start '100'
option leasetime '12h'
option dhcpv4 'server'
list dhcp_option '6,192.168.1.1'
list dhcp_option '3,192.168.1.1'
option limit '100'
config odhcpd 'odhcpd'
option maindhcp '0'
option leasefile '/tmp/hosts/odhcpd'
option leasetrigger '/usr/sbin/odhcpd-update'
option loglevel '4'
config dhcp 'main'
option interface 'main'
option start '100'
option leasetime '12h'
option dhcpv4 'server'
option limit '100'
list dhcp_option '6,192.168.10.1'
list dhcp_option '3,192.168.10.1'
config dhcp 'guest'
option interface 'guest'
option start '100'
option leasetime '6h'
option dhcpv4 'server'
option limit '100'
list dhcp_option '6,192.168.20.1'
list dhcp_option '3,192.168.20.1'