[Solved] DNS Troubleshooting

Hi folks,

I seem to be having an issue with DNS and I'm not sure how to pinpoint the cause. I know it's a DNS issue because I can ping, but not www.google.com. I can also fix this by specifying my own DNS server in network settings on my laptop - say Quad9 When I do this, everything is fine.

I suspect it might have something to do with AdGuard Home when I installed it, because it takes over DNS. I did a factory reset and no longer have AdGuard Home installed. I did restore some config and I am suspecting it might actually have something to do with DHCP and static leases. I have quite a few static leases. Here's an example:

config host
	option name 'DEVICE NAME REMOVED'
	option dns '1'
	option mac 'AA:AA:A:AA:AA:AA'
	option leasetime '0'
	option ip ''

What is DNS 1 exactly? Should this be a 0? AdGuard also seems to have disappeared from the software page, so I wonder has it been removed? That's another issue I guess.

I appreciate any suggestions. Thank you!

You said:

So I'm not sure how that's an issue.

From: https://openwrt.org/docs/guide-user/base-system/dhcp#static_leases

dns boolean no 0 Add static forward and reverse DNS entries for this host.

What are your WAN DNS settings?


Correct in asking for setting for DCHP file setting to see if there are AdGuard Home specific setting that linger causing the conflict.
This type of issue hampered me when Stubby specific options lingered

	list server ''
	option noresolv '1'
	option dnssec '1'

1 Like

I'm not sure if you're the OP on another account.

Nonetheless, no such AdGuard issues linger, but the OP never mentioned the WAN DNS settings - which are relevant too.

Perhaps the OP can note if they had Stubby installed.

I didn't think so either, but thought I would mention it incase something copied accross to the config which I restored.

What are your WAN DNS settings?

My WAN DNS are set to "Use DNS servers advertised by peer". That box is checked. I unchecked it and set a custom domain on but it made no difference.

I don't have Stubby and never had. Here's some stuff from etc/config/dhcp which may be relevant:

Below is from the dhcp config file which is

config dnsmasq
	option domainneeded '1'
	option localise_queries '1'
	option local '/lan/'
	option domain 'lan'
	option expandhosts '1'
	option authoritative '1'
	option readethers '1'
	option leasefile '/tmp/dhcp.leases'
	option localservice '1'
	option ednspacket_max '1232'
	option noresolv '1'
	option cachesize '1000'
	option rebind_protection '0'
	list server ''
	option port '5353'

config dhcp 'lan'
	option interface 'lan'
	option leasetime '12h'
	option dhcpv4 'server'
	option dhcpv6 'server'
	option ra 'server'
	list ra_flags 'managed-config'
	list ra_flags 'other-config'
	list dhcp_option '6,'
	list dhcp_option '3,'
	option start '151'
	option limit '100'

config dhcp 'wan'
	option interface 'wan'
	option ignore '1'
	list ra_flags 'none'

config odhcpd 'odhcpd'
	option maindhcp '0'
	option leasefile '/tmp/hosts/odhcpd'
	option leasetrigger '/usr/sbin/odhcpd-update'
	option loglevel '4'

I don't understand what you mean by this?

My WAN DNS are set to "Use DNS servers advertised by peer". That box is checked. I unchecked it and set a custom domain on but it made no difference. Is thre any other detail I could provide that might be useful? Thanks.

No, never used Stubby. Thanks.

1 Like

Copy the default /etc/config/dhcp file back to /etc/config/dhcp. On a squashfs install you can find it at /rom/etc/config/dhcp.

Ehm... you are forwarding everything to itself.


Yes exactly that dhcp config has several things held over from using adblock.

Options 3 and 6 will by default be sent as the router's IP on the LAN, it is not necessary to specify that separately.


Thanks! Are you saying I need to remove these entries completely or change them? Cheers :slight_smile:

Thanks for that. So AdGuard did have something to do with it? When I had AdGuard installed, DNS wouldn't work at all until I logged into AdGuard. After I factory reset, all I did was copy over the dhcp file and a few other things, but suspected it was something in the dhcp config that was causing it.

I wonder should I just do this for simplicity? Thanks!

That ^^
would put this back in order as default option noresolv '0'

Split DNS

LuCI β†’ Network β†’ DHCP and DNS β†’ Resolv and Hosts Files β†’ Ignore resolve file

Ignore resolvfile option and limit upstream resolvers to server option. This effectively enables split DNS and makes the local system not to use dnsmasq.

1 Like
config dnsmasq
  list server '' # <-- here you say your upstream DNS server is - which is your router. remove it.
  option port '5353' # <-- here you say that your dns server (=dnsmasq) should listen on port 53. but i assume your clients use default 53. remove it

above setup made sense when you had adguard as all dns traffic was hijacked/captured by adguard instead of dnsmasq.

config dhcp 'lan'
	list dhcp_option '6,' # <-- here you say all dhcp client should use this ip as DNS server. which is ok if your router with dnsmasq runs on this ip, but actually obsolete. you can remove 
    list dhcp_option '3,' # <-- strictly speaking this is neither a must, you can remove but ok to leave as is. this sets the default gateway for your dhcp clients

As others have pointed out, your dnsmasq file still has some leftovers from AGH install. I made an uninstall script from my manual install thread that removes all AGH options and resets your dnsmasq file back to a working config.

The reason you lost DNS is because AGH inserts itself as the primary DNS and pushes dnsmasq to port 5353 to be a resolver internal dns. Its sole use is for PTR lookups for your clients. A cleaner way to deploy AGH would be to disable OpenWrt's DHCP and switch over completely to AGH's DHCP but they still have some code refactoring to sort out for AGH. I and James decided that due to the state of AGH's DHCP that it would be wiser to do this split setup until AGH's DHCP improves to the level of OpenWrt's DHCP. Right now simple DHCP on a flat network will work but more complex networks with VLANs etc would be tricky to implement.

#include uninstall script.


curl -s -S -L https://raw.githubusercontent.com/AdguardTeam/AdGuardHome/master/scripts/install.sh | sh -s -- -v -u
# 1. Reverts AdGuard Home configuration and resets settings to default.
# 2. Enable rebind protection.
# 3. Remove DHCP options for IPv4 and IPv6 
uci -q delete dhcp.@dnsmasq[0].noresolv
uci -q delete dhcp.@dnsmasq[0].cachesize
uci set dhcp.@dnsmasq[0].rebind_protection='1'
uci -q delete dhcp.@dnsmasq[0].server
uci -q delete dhcp.@dnsmasq[0].port
uci -q delete dhcp.lan.dhcp_option
uci -q delete dhcp.lan.dns
# Network Configuration
# Disable peer/ISP DNS
uci set network.wan.peerdns="0"
uci set network.wan6.peerdns="0"
# Configure DNS provider to Google DNS
uci -q delete network.wan.dns
uci add_list network.wan.dns=""
uci add_list network.wan.dns=""
# Configure IPv6 DNS provider to Google DNS
uci -q delete network.wan6.dns
uci add_list network.wan6.dns="2001:4860:4860::8888"
uci add_list network.wan6.dns="2001:4860:4860::8844"
# Save and apply
uci commit dhcp
uci commit network
/etc/init.d/network restart
/etc/init.d/dnsmasq restart
/etc/init.d/odhcpd restart
1 Like

That shouldnt happen. Properly setup AGH should load and provide DNS as one of the last network start queues. Guess its bit late to troubleshoot now you've reset however :slight_smile:

I tried removing a few things from the dhcp config, but no luck. I then decided to do another factory reset, then just manually copy over the static dhcp leases to the newly install dhcp config. Everything is now working correctly :slight_smile: No more DNS issues!

I think something was missed when I installed AdGuard. I'm not sure what happened! I really would like it to run but it looks like it is no longer available from the opkg package list?

Thank you! That uninstall script would have probably saved me a lot of bother. I didn't realise that after factory reset and restoring that it wouldn't restore packages. Even still though, this is really useful. Thanks for pointing it out!

Yeah I think something was missed during the install which I didn't realise.


Thanks again to everyone for helping me out. I really do appreciate it :slight_smile:


opkg update from SSH command line or do a update lists from the opkg software page here :

opkg requires that update as it doesn't save the update lists. So when you reboot you have to tell it to update again and then you should see the software updates / installs.

1 Like

Thanks. I've done this a number of times and also via ssh, but AdGuard isn't showing in my list for some reason? It was there a few days ago. Not sure what I'm missing

curious. Maybe something up with the feed?

Its showing up here on my feed but i'm using a snapshot release.

You can always do a manual install using my thread. Both the opkg and manual install require some SSH usage as you cannot deploy out of box without assuming some defaults and so you must do some config on the way. The differance between the opkg versions and the manual is opkg only takes the stable releases and repacks them for OpenWrt. Manual version lets you use the more up to date feeds (which are at this point fairly stable) but aren't really "stable" releases so aren't allowed under opkg rules.

Not sure why. I installed it from here before, but it's not there after factory reset. I have updated the list many times which is successful, but still AdGuard Home is not there. There's a normal adblock application but I would much rather use AdGuard.

I was going to use this guide, but I don't want to screw my DNS up again.

Also, it would be interesting to know why I can't see it. I am using a Belking RT3200 router and I updated the snapshot for RT3200 UBI using today's snapshot.

If you use my thread it prepares your router for installing AGH and uses AGH's developer script to install their edge build directly. This means making the minimal of changes and means all of AGH's stuff is in the same places as if you follow their manual install method off their wiki.

The main difference between the opkg version and mine is that mine follows the AGH developers install of using /opt/AdGuardHome as base install (but with this you require more space for the binaries and logs) vs the opkg version that installs into custom location and logs to /tmp which means when you reboot you loose your statistics and logs. It does however mean less space used.

Both opkg and manual install insert AGH as primary DNS and push dnsmasq to internal only to keep memory usage lower and to stop extra hops for dns lookups. The easier way is to install AGH behind dnsmasq but this is a sub par way of dealing with this and makes for extra dns hops. (and additional memory usage as dnsmasq forks each request and uses more memory)


System requirements[#](https://bayas.dev/posts/adguard-home-openwrt/#system-requirements)

* A router with a recent OpenWrt version installed.
* 100MB free RAM.
* 20MB free disk space.

the main AGH binary is now 35 mb so u need at least 70mb free (for main binary and backup when it updates)

His guide also does a full manual install (using a zipped package) and doesn't use the developers automated script.

There's more info here about manual installs from the AGH team.

1 Like