What's new

AdGuard Home, dnsmasq and query reporting

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Ian Macdonald

Occasional Visitor
I've got Adguard Home running on an RT-AX88U and it performs very well, but my query log is full of requests from localhost.

The issue is that AdGuard sees the router as its sole client, because dnsmasq receives queries from the LAN on the usual port 53 and then forwards them to AdGuard on port 2153.

Is there some way of circumventing (or postponing) the masquerading that occurs before AdGuard receives the query?
 
It's not masquerading (in the iptables sense), AdGuard sees the requests as coming from dnsmasq because they are coming from dnsmasq.

You could try adding the "add-subnet" option to dnsmasq if AdGuard supports it. But consider a situation where 10 clients all issue a DNS query for "google.com" in a short space of time, only the first of those queries would be forward to AdGuard.
 
It's not masquerading (in the iptables sense), AdGuard sees the requests as coming from dnsmasq because they are coming from dnsmasq.

You could try adding the "add-subnet" option to dnsmasq if AdGuard supports it. But consider a situation where 10 clients all issue a DNS query for "google.com" in a short space of time, only the first of those queries would be forward to AdGuard.

No, I know it's not masquerading in the NAT sense. I just meant that the original client is hidden from AdGuard, because dnsmasq is proxying the request.

I tried adding the --add-subnet option in a couple of different forms, but Adguard evidently doesn't care, as it makes no difference to the query logging.
 

Ah, so there's hope on the horizon. My travels hadn't brought me there yet.

I've added my support for the feature to the issue.

Thanks for bringing it to my attention.
 
I've got Adguard Home running on an RT-AX88U and it performs very well, but my query log is full of requests from localhost.

The issue is that AdGuard sees the router as its sole client, because dnsmasq receives queries from the LAN on the usual port 53 and then forwards them to AdGuard on port 2153.

Is there some way of circumventing (or postponing) the masquerading that occurs before AdGuard receives the query?

So this means Adguard home can run directly on the router? DId you have to install any entware tools to get this working? (ie. I see it runs "id -u" to check for root user priv).

Edit: Did you run the all in one script previously posted here? The one which asks your router username and password?


If you are running Adguard, then why not let it be the DHCP server and stop using dnsmasq altogether?

Another idea could be to change the port of the dnsmasq DNS side (ie. set "port=0" in the dnsmasq.conf file) and then you can use port 53 directly and then you will see the clients directly.\
Thanks for sharing.
 
Last edited:
So this means Adguard home can run directly on the router? DId you have to install any entware tools to get this working? (ie. I see it runs "id -u" to check for root user priv).

Edit: Did you run the all in one script previously posted here? The one which asks your router username and password?


If you are running Adguard, then why not let it be the DHCP server and stop using dnsmasq altogether?

Another idea could be to change the port of the dnsmasq DNS side (ie. set "port=0" in the dnsmasq.conf file) and then you can use port 53 directly and then you will see the clients directly.\
Thanks for sharing.

Yes, AdGuard Home runs directly on the router.

And yes, I ran the one-click installer after auditing the entire thing to ensure that the credentials were not being sent off-site. It installs Entware, plus a few other dependencies needed by AdGuard Home..

The main reason not to use AdGuard Home as the DHCP server is that dnsmasq, which is part of the standard ASUS router firmware, is already working very nicely and is a critical part of my infrastructure. I don't want to jeopardise that stability for a mere nice-to-have like hostname logging in AdGuard Home, particularly as subnet logging is reportedly coming in the very next release of AdGuard Home, to make the product more practical and attractive as a third-party cloud offering.

If I change the port that dnsmasq runs on, that will have consequences for other parts of the system, such as the VPNs. dnsmasq is quite tightly woven with the system.

All in all, I think I just need to have a little patience and the issue will eventually right itself.
 

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top