AdGuard Home, dnsmasq and query reporting

  • ATTENTION! As of November 1, 2020, you are not able to reply to threads 6 months after the thread is opened if there are more than 500 posts in the thread.
    Threads will not be locked, so posts may still be edited by their authors.
    Just start a new thread on the topic to post if you get an error message when trying to reply to a thread.

Ian Macdonald

Occasional Visitor
I've got Adguard Home running on an RT-AX88U and it performs very well, but my query log is full of requests from localhost.

The issue is that AdGuard sees the router as its sole client, because dnsmasq receives queries from the LAN on the usual port 53 and then forwards them to AdGuard on port 2153.

Is there some way of circumventing (or postponing) the masquerading that occurs before AdGuard receives the query?
 

ColinTaylor

Part of the Furniture
It's not masquerading (in the iptables sense), AdGuard sees the requests as coming from dnsmasq because they are coming from dnsmasq.

You could try adding the "add-subnet" option to dnsmasq if AdGuard supports it. But consider a situation where 10 clients all issue a DNS query for "google.com" in a short space of time, only the first of those queries would be forward to AdGuard.
 

Ian Macdonald

Occasional Visitor
It's not masquerading (in the iptables sense), AdGuard sees the requests as coming from dnsmasq because they are coming from dnsmasq.

You could try adding the "add-subnet" option to dnsmasq if AdGuard supports it. But consider a situation where 10 clients all issue a DNS query for "google.com" in a short space of time, only the first of those queries would be forward to AdGuard.

No, I know it's not masquerading in the NAT sense. I just meant that the original client is hidden from AdGuard, because dnsmasq is proxying the request.

I tried adding the --add-subnet option in a couple of different forms, but Adguard evidently doesn't care, as it makes no difference to the query logging.
 

Ian Macdonald

Occasional Visitor

Ah, so there's hope on the horizon. My travels hadn't brought me there yet.

I've added my support for the feature to the issue.

Thanks for bringing it to my attention.
 

juched

Senior Member
I've got Adguard Home running on an RT-AX88U and it performs very well, but my query log is full of requests from localhost.

The issue is that AdGuard sees the router as its sole client, because dnsmasq receives queries from the LAN on the usual port 53 and then forwards them to AdGuard on port 2153.

Is there some way of circumventing (or postponing) the masquerading that occurs before AdGuard receives the query?

So this means Adguard home can run directly on the router? DId you have to install any entware tools to get this working? (ie. I see it runs "id -u" to check for root user priv).

Edit: Did you run the all in one script previously posted here? The one which asks your router username and password?


If you are running Adguard, then why not let it be the DHCP server and stop using dnsmasq altogether?

Another idea could be to change the port of the dnsmasq DNS side (ie. set "port=0" in the dnsmasq.conf file) and then you can use port 53 directly and then you will see the clients directly.\
Thanks for sharing.
 
Last edited:

Ian Macdonald

Occasional Visitor
So this means Adguard home can run directly on the router? DId you have to install any entware tools to get this working? (ie. I see it runs "id -u" to check for root user priv).

Edit: Did you run the all in one script previously posted here? The one which asks your router username and password?


If you are running Adguard, then why not let it be the DHCP server and stop using dnsmasq altogether?

Another idea could be to change the port of the dnsmasq DNS side (ie. set "port=0" in the dnsmasq.conf file) and then you can use port 53 directly and then you will see the clients directly.\
Thanks for sharing.

Yes, AdGuard Home runs directly on the router.

And yes, I ran the one-click installer after auditing the entire thing to ensure that the credentials were not being sent off-site. It installs Entware, plus a few other dependencies needed by AdGuard Home..

The main reason not to use AdGuard Home as the DHCP server is that dnsmasq, which is part of the standard ASUS router firmware, is already working very nicely and is a critical part of my infrastructure. I don't want to jeopardise that stability for a mere nice-to-have like hostname logging in AdGuard Home, particularly as subnet logging is reportedly coming in the very next release of AdGuard Home, to make the product more practical and attractive as a third-party cloud offering.

If I change the port that dnsmasq runs on, that will have consequences for other parts of the system, such as the VPNs. dnsmasq is quite tightly woven with the system.

All in all, I think I just need to have a little patience and the issue will eventually right itself.
 

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top