Edit: So a solution I just found is that if I remove the second DNS from my router (1.1.1.1) then all traffic goes through adguard. This works but if I go on vacation and my parents are still home and this device dies or something then my mom will have no idea what to do…

Hello,

I have adguardhome running on a raspberry pi via docker compose. I once had tailscale installed on it but it has sense been uninstalled.

Using for example my phone when at home if it is on my tailnet the adguard works as intended and blocks ads trackers etc. But If at home and disconnected from my tailnet it does not go through adguard at all. So all my family members do not have the benefit of this and anything not on my tailnet. I would rather have it work for everyone and not sure how to fix or where I went wrong in the setup.

For the setup guide for adguard it says

AdGuard Home DNS server is listening on the following addresses: 127.0.0.1 172.18.0.2

So I added 172.18.0.2 to my /etc/systemd/resolved.conf file because before it had only DNS=127.0.0.1. This seems to have not worked unless I need to restart for it to take effect looks like this now

# Entries in this file show the compile time defaults. Local configuration
# should be created by either modifying this file, or by creating "drop-ins" in
# the resolved.conf.d/ subdirectory. The latter is generally recommended.
# Defaults can be restored by simply deleting this file and all drop-ins.
#
# Use 'systemd-analyze cat-config systemd/resolved.conf' to display the full config.
#
# See resolved.conf(5) for details.

[Resolve]
# Some examples of DNS servers which may be used for DNS= and FallbackDNS=:
# Cloudflare: 1.1.1.1#cloudflare-dns.com 1.0.0.1#cloudflare-dns.com 2606:4700:4700::1111#cloudflare-dns.com 2606:4700:4700::1001#cloudflare-dns.com
# Google:     8.8.8.8#dns.google 8.8.4.4#dns.google 2001:4860:4860::8888#dns.google 2001:4860:4860::8844#dns.google
# Quad9:      9.9.9.9#dns.quad9.net 149.112.112.112#dns.quad9.net 2620:fe::fe#dns.quad9.net 2620:fe::9#dns.quad9.net
DNS=127.0.0.1 172.18.0.2
#FallbackDNS=
#Domains=
#DNSSEC=no
#DNSOverTLS=no
#MulticastDNS=no
#LLMNR=no
#Cache=no-negative
#CacheFromLocalhost=no
DNSStubListener=no
#DNSStubListenerExtra=
#ReadEtcHosts=yes
#ResolveUnicastSingleLabel=no

docker-compose file

version: '3.3'
services:
    run:
        container_name: adguardhome
        restart: unless-stopped
        volumes:
            - '/home/Blxter/server/compose/adguard-home/config/adguardhome/workdir:/opt/adguardhome/work'
            - '/home/Blxter/server/compose/adguard-home/config/adguardhome/confdir:/opt/adguardhome/conf'
        ports:
            - '53:53/tcp'
            - '53:53/udp'
            - '67:67/udp'
            - '68:68/udp'
            - '68:68/tcp'
            - '80:80/tcp'
            - '443:443/tcp'
            - '443:443/udp'
            - '3005:3000/tcp'
        image: adguard/adguardhome

Not sure what other info is needed to help moderately new to this Thanks

  • myogg@lemmy.world
    link
    fedilink
    English
    arrow-up
    3
    ·
    10 months ago

    Your adguard config looks strange. The examples shown list different DNS providers but you have pointed it back at itself for its DNS. I don’t understand why you would do that.

    • Blxter@lemmy.zipOP
      link
      fedilink
      English
      arrow-up
      2
      ·
      10 months ago

      not sure what you mean… I tried to follow the bottom of this guide but it looks like I did not append but instead change it.

      • myogg@lemmy.world
        link
        fedilink
        English
        arrow-up
        2
        ·
        edit-2
        10 months ago

        Sorry I misread your post. You shouldn’t need the 172 address in your DNS config, stick to the 127 address only.

        In regard to the issue itself. Do your devices show their DNS server as the adguard server?

        • Blxter@lemmy.zipOP
          link
          fedilink
          English
          arrow-up
          1
          ·
          10 months ago

          Yes every device I have looked at have the first DNS set to the IP of server and then a back up of 1.1.1.1 just in case

          • myogg@lemmy.world
            link
            fedilink
            English
            arrow-up
            3
            ·
            10 months ago

            That might explain the problem. Assuming adguard returns an nxdomain for blocked sites then the devices will try with their secondary DNS server and get to the blocked site

            • Blxter@lemmy.zipOP
              link
              fedilink
              English
              arrow-up
              3
              ·
              10 months ago

              Yes this was the problem. I had it set up this way originally but added it as a back up in case things broke. I guess I can not do that. Thanks again

  • Responsabilidade@lemmy.eco.br
    link
    fedilink
    English
    arrow-up
    1
    ·
    10 months ago

    Did you configure your router to use and broadcast the adguard ip addr as DNS server?

    You must configure your adguard ip as DNS server

    • Blxter@lemmy.zipOP
      link
      fedilink
      English
      arrow-up
      1
      ·
      edit-2
      10 months ago

      Yes the main dns server for my router is the IP of the computer. adguard works for devices on my tailscale network only

    • Blxter@lemmy.zipOP
      link
      fedilink
      English
      arrow-up
      1
      ·
      edit-2
      10 months ago

      I believe it is https://www.reddit.com/r/Adguard/comments/nfe86r/is_it_possible_to_reconfigure_listenning/ top of the AdGuardHome.yaml file

      Edit: formatting is a little off

      http:
        pprof:
          port: 6060
          enabled: false
        address: 0.0.0.0:80
        session_ttl: 720h
      users:
        
        name: Blxter
        password: 
      auth_attempts: 5
      block_auth_min: 15
      http_proxy: ""
      language: ""
      theme: auto
      dns:
        bind_hosts:0.0.0.0
      port: 53
      anonymize_client_ip: false
      ratelimit: 20
      ratelimit_subnet_len_ipv4: 24
      ratelimit_subnet_len_ipv6: 56
      ratelimit_whitelist: []
      refuse_any: true