Some time ago, I have created a few Wi-Fi networks that were working totally fine. I have also set up AdGuard Home. That was working totally fine too. A few days ago, I saw my Wi-Fi networks are working, but I have no access to the internet anymore. I have checked that all disk space on my router was used, so I thought that this may cause an issue somehow. I have checked my router and I spotted that I was never clearing AdGuard Home logs, so I have decided to remove the logs and restart AdGuard Home. While restarting, I have spotted, there is a dnsproxy error all the time:
2025/01/06 21:36:23.515724 [error] dnsproxy: exchange failed upstream=https://dns.google:443/dns-query question=";www.reddit.com.\tIN\t AAAA" duration=34.280154ms err="requesting https://dns.google:443/dns-query: Get \"https://dns.google:443/dns-query?dns=AAABAAABAAAAAAABA3d3dwZyZWRkaXQDY29tAAAcAAEAACkIAAAAgAAAAA\": tls: failed to verify certificate: x509: certificate has expired or is not yet valid: current time 2025-01-06T21:36:23Z is before 2025-01-20T08:37:58Z"
2025/01/06 21:36:23.520765 [error] dnsproxy: exchange failed upstream=https://dns.google:443/dns-query question=";www.youtube.com.\tIN\t AAAA" duration=32.014308ms err="requesting https://dns.google:443/dns-query: Get \"https://dns.google:443/dns-query?dns=AAABAAABAAAAAAABA3d3dwd5b3V0dWJlA2NvbQAAHAABAAApCAAAAIAAAAA\": tls: failed to verify certificate: x509: certificate has expired or is not yet valid: current time 2025-01-06T21:36:23Z is before 2025-01-20T08:37:58Z"
2025/01/06 21:36:23.532646 [error] dnsproxy: exchange failed upstream=https://dns.cloudflare.com:443/dns-query question=";www.reddit.com.\tIN\t AAAA" duration=16.733923ms err="requesting https://dns.cloudflare.com:443/dns-query: Get \"https://dns.cloudflare.com:443/dns-query?dns=AAABAAABAAAAAAABA3d3dwZyZWRkaXQDY29tAAAcAAEAACkIAAAAgAAAAA\": tls: failed to verify certificate: x509: certificate has expired or is not yet valid: current time 2025-01-06T21:36:23Z is before 2025-01-28T23:34:55Z"
2025/01/06 21:36:23.537835 [error] dnsproxy: exchange failed upstream=https://dns.cloudflare.com:443/dns-query question=";www.youtube.com.\tIN\t AAAA" duration=16.881462ms err="requesting https://dns.cloudflare.com:443/dns-query: Get \"https://dns.cloudflare.com:443/dns-query?dns=AAABAAABAAAAAAABA3d3dwd5b3V0dWJlA2NvbQAAHAABAAApCAAAAIAAAAA\": tls: failed to verify certificate: x509: certificate has expired or is not yet valid: current time 2025-01-06T21:36:23Z is before 2025-01-28T23:34:55Z"
I have checked are my DNS addresses I have put in AdGuard Home config are correct, and they are (I have crossed checked with the official website provided by AdGuard). So now I am confused, and I do not know what could change that all my Wi-Fi networks stopped working all in the sodden. I have also checked and when I try wire connection to my router, then I do have the internet, so there is an issue only with the Wi-Fi. Can you please help me with resolving and understating why this could happen?
Below I put all the data I think can be useful. If you need anything else, please let me know in the comments.
Router Model: Banana PI R3
/etc/config/network
config interface 'loopback'
option device 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option ula_prefix 'fd90:5d4d:1cd5::/48'
config device
option name 'br-lan'
option type 'bridge'
list ports 'lan1'
list ports 'lan2'
list ports 'lan3'
list ports 'lan4'
list ports 'sfp2'
config interface 'lan'
option device 'br-lan'
option proto 'static'
option ipaddr '192.168.1.1'
option netmask '255.255.255.0'
option ip6assign '60'
config device
option name 'br-wan'
option type 'bridge'
list ports 'eth1'
list ports 'wan'
config device
option name 'eth1'
option macaddr '5e:d1:6c:6e:ba:b7'
config device
option name 'wan'
option macaddr '5e:d1:6c:6e:ba:b7'
config interface 'wan'
option device 'br-wan'
option proto 'dhcp'
option peerdns '0'
list dns '8.8.8.8'
list dns '8.8.4.4'
config interface 'wan6'
option device 'br-wan'
option proto 'dhcpv6'
option peerdns '0'
list dns '2001:4860:4860::8888'
list dns '2001:4860:4860::8844'
config device
option type 'bridge'
option name 'br-guest'
option bridge_empty '1'
config interface 'guest'
option proto 'static'
option device 'br-guest'
option ipaddr '192.168.2.1'
option netmask '255.255.255.0'
config device
option type 'bridge'
option name 'br-iot'
option bridge_empty '1'
config interface 'iot'
option proto 'static'
option device 'br-iot'
option ipaddr '192.168.3.1'
option netmask '255.255.255.0'
/etc/config/dhcp
config dnsmasq
option domainneeded '1'
option boguspriv '1'
option filterwin2k '0'
option localise_queries '1'
option rebind_protection '0'
option rebind_localhost '1'
option local '/lan/'
option domain 'lan'
option expandhosts '1'
option nonegcache '0'
option authoritative '1'
option readethers '1'
option leasefile '/tmp/dhcp.leases'
option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
option nonwildcard '1'
option localservice '1'
option ednspacket_max '1232'
option filter_aaaa '0'
option filter_a '0'
option noresolv '0'
option cachesize '1000'
option port '54'
list server '192.168.1.1'
config dhcp 'lan'
option interface 'lan'
option start '100'
option limit '150'
option leasetime '24'
option dhcpv4 'server'
option dhcpv6 'server'
option ra 'server'
option ra_slaac '1'
list ra_flags 'managed-config'
list ra_flags 'other-config'
list dhcp_option '6,192.168.1.1'
list dhcp_option '3,192.168.1.1'
list dns 'fd90:5d4d:1cd5::1'
config dhcp 'wan'
option interface 'wan'
option ignore '1'
config odhcpd 'odhcpd'
option maindhcp '0'
option leasefile '/tmp/hosts/odhcpd'
option leasetrigger '/usr/sbin/odhcpd-update'
option loglevel '4'
config dhcp 'guest'
option interface 'guest'
option start '100'
option limit '150'
option leasetime '12h'
list dhcp_option '6,192.168.1.1'
list dhcp_option '3,192.168.2.1'
config dhcp 'iot'
option interface 'iot'
option start '100'
option limit '150'
option leasetime '12h'
list dhcp_option '6,192.168.1.1'
list dhcp_option '3,192.168.3.1'
/etc/config/wireless
config wifi-device 'radio0'
option type 'mac80211'
option path 'platform/soc/18000000.wifi'
option band '2g'
option channel '1'
option htmode 'HE20'
option cell_density '0'
config wifi-iface 'default_radio0'
option device 'radio0'
option network 'lan'
option mode 'ap'
option ssid 'kk-private'
option encryption 'sae'
option key 'some-password'
option ocv '0'
config wifi-device 'radio1'
option type 'mac80211'
option path 'platform/soc/18000000.wifi+1'
option band '5g'
option channel '36'
option htmode 'HE80'
option disabled '0'
option cell_density '0'
config wifi-iface 'default_radio1'
option device 'radio1'
option network 'lan'
option mode 'ap'
option ssid 'kk-private-5ghz'
option encryption 'sae'
option key 'some-password'
option ocv '0'
config wifi-iface 'wifinet5'
option device 'radio0'
option mode 'ap'
option ssid 'kk-guest'
option encryption 'sae'
option network 'guest'
option key 'some-password'
option ocv '0'
config wifi-iface 'wifinet3'
option device 'radio0'
option mode 'ap'
option ssid 'kk-iot'
option encryption 'psk-mixed'
option network 'iot'
option key 'some-password'
/etc/config/firewall
config defaults
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
option synflood_protect '1'
config zone
option name 'lan'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
list network 'lan'
config zone
option name 'wan'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
option masq '1'
option mtu_fix '1'
list network 'wan'
list network 'wan6'
config forwarding
option src 'lan'
option dest 'wan'
config rule
option name 'Allow-DHCP-Renew'
option src 'wan'
option proto 'udp'
option dest_port '68'
option target 'ACCEPT'
option family 'ipv4'
config rule
option name 'Allow-Ping'
option src 'wan'
option proto 'icmp'
option icmp_type 'echo-request'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-IGMP'
option src 'wan'
option proto 'igmp'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-DHCPv6'
option src 'wan'
option proto 'udp'
option dest_port '546'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-MLD'
option src 'wan'
option proto 'icmp'
option src_ip 'fe80::/10'
list icmp_type '130/0'
list icmp_type '131/0'
list icmp_type '132/0'
list icmp_type '143/0'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Input'
option src 'wan'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
list icmp_type 'router-solicitation'
list icmp_type 'neighbour-solicitation'
list icmp_type 'router-advertisement'
list icmp_type 'neighbour-advertisement'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Forward'
option src 'wan'
option dest '*'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-IPSec-ESP'
option src 'wan'
option dest 'lan'
option proto 'esp'
option target 'ACCEPT'
config rule
option name 'Allow-ISAKMP'
option src 'wan'
option dest 'lan'
option dest_port '500'
option proto 'udp'
option target 'ACCEPT'
config zone
option name 'guest'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
list network 'guest'
config forwarding
option src 'guest'
option dest 'wan'
config rule
option name 'allow-dns-guest'
option src 'guest'
option dest_port '53'
option target 'ACCEPT'
config rule
option name 'allow-dhcp-guest'
list proto 'udp'
option src 'guest'
option dest_port '67'
option target 'ACCEPT'
config rule
option name 'allow-dns-iot'
option src 'iot'
option dest_port '53'
option target 'ACCEPT'
config rule
option name 'allow-dhcp-iot'
list proto 'udp'
option src 'iot'
option dest_port '67'
option target 'ACCEPT'
config zone
option name 'iot'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
list network 'iot'
config forwarding
option src 'iot'
option dest 'wan'
/etc/adguardhome.yaml
http:
pprof:
port: 6060
enabled: false
address: 0.0.0.0:53
session_ttl: 720h
users:
- name: some-username
password: some-password
auth_attempts: 5
block_auth_min: 15
http_proxy: ""
language: ""
theme: auto
dns:
bind_hosts:
- 0.0.0.0
port: 53
anonymize_client_ip: false
ratelimit: 20
ratelimit_subnet_len_ipv4: 24
ratelimit_subnet_len_ipv6: 56
ratelimit_whitelist: []
refuse_any: true
upstream_dns:
- https://dns10.quad9.net/dns-query
upstream_dns_file: ""
bootstrap_dns:
- 9.9.9.10
- 149.112.112.10
- 2620:fe::10
- 2620:fe::fe:10
fallback_dns: []
upstream_mode: load_balance
fastest_timeout: 1s
allowed_clients: []
disallowed_clients: []
blocked_hosts:
- version.bind
- id.server
- hostname.bind
trusted_proxies:
- 127.0.0.0/8
- ::1/128
cache_size: 4194304
cache_ttl_min: 0
cache_ttl_max: 0
cache_optimistic: false
bogus_nxdomain: []
aaaa_disabled: false
enable_dnssec: false
edns_client_subnet:
custom_ip: ""
enabled: false
use_custom: false
max_goroutines: 300
handle_ddr: true
ipset: []
ipset_file: ""
bootstrap_prefer_ipv6: false
upstream_timeout: 10s
private_networks: []
use_private_ptr_resolvers: false
local_ptr_upstreams: []
use_dns64: false
dns64_prefixes: []
serve_http3: false
use_http3_upstreams: false
serve_plain_dns: true
hostsfile_enabled: true
tls:
enabled: false
server_name: ""
force_https: false
port_https: 443
port_dns_over_tls: 853
port_dns_over_quic: 853
port_dnscrypt: 0
dnscrypt_config_file: ""
allow_unencrypted_doh: false
certificate_chain: ""
private_key: ""
certificate_path: ""
private_key_path: ""
strict_sni_check: false
querylog:
dir_path: ""
ignored: []
interval: 2160h
size_memory: 1000
enabled: true
file_enabled: true
statistics:
dir_path: ""
ignored: []
interval: 24h
enabled: true
filters:
- enabled: true
url: https://adguardteam.github.io/HostlistsRegistry/assets/filter_1.txt
name: AdGuard DNS filter
id: 1
- enabled: false
url: https://adguardteam.github.io/HostlistsRegistry/assets/filter_2.txt
name: AdAway Default Blocklist
id: 2
whitelist_filters: []
user_rules: []
dhcp:
enabled: false
interface_name: ""
local_domain_name: lan
dhcpv4:
gateway_ip: ""
subnet_mask: ""
range_start: ""
range_end: ""
lease_duration: 86400
icmp_timeout_msec: 1000
options: []
dhcpv6:
range_start: ""
lease_duration: 86400
ra_slaac_only: false
ra_allow_slaac: false
filtering:
blocking_ipv4: ""
blocking_ipv6: ""
blocked_services:
schedule:
time_zone: UTC
ids: []
protection_disabled_until: null
safe_search:
enabled: false
bing: true
duckduckgo: true
ecosia: true
google: true
pixabay: true
yandex: true
youtube: true
blocking_mode: default
parental_block_host: family-block.dns.adguard.com
safebrowsing_block_host: standard-block.dns.adguard.com
rewrites: []
safe_fs_patterns:
- /tmp/adguardhome/userfilters/*
safebrowsing_cache_size: 1048576
safesearch_cache_size: 1048576
parental_cache_size: 1048576
cache_time: 30
filters_update_interval: 24
blocked_response_ttl: 10
filtering_enabled: true
parental_enabled: false
safebrowsing_enabled: false
protection_enabled: true
clients:
runtime_sources:
whois: true
arp: true
rdns: true
dhcp: true
hosts: true
persistent: []
log:
enabled: true
file: ""
max_backups: 0
max_size: 100
max_age: 3
compress: false
local_time: false
verbose: false
os:
group: ""
user: ""
rlimit_nofile: 0
schema_version: 29