What's new

YazFi AdGuard Home on Raspberry Pi and YazFi

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Gary_Dexter

Senior Member
I've setup AGH on a Raspberry Pi - everything works well with the LAN DNS pointed to the IP Address of the RPi with AGH.

However, when I change my YazFi DNS to the IP of the RPi/AGH, the clients do not get any DNS connectivity and lose internet connection - this is to a range of IoT etc. devices (Ring Cameras, Ring Doorbell, Amazon Echo Device etc.) - they all lose internet connectivty until I point the DNS back to the routers IP (but then they are not going through AGH).

Any ideas on how to get this working?

Setup snippet below - 10.12.13.0 being the YazFi DHCP range, 10.12.12.12 being the Router IP.

Setting the DNS to 10.12.12.1 (the RPi IP) and everthing on the YazFi network stops working.

1676912463224.png
 
Is the Raspberry Pi/AdGuard Home configured to accept IP addresses outside the 10.12.12.x range?

When using Pi-Hole on a Raspberry Pi my YazFi Guest clients loose internet access (because they cannot resolve DNS) when Pi-Hole is configured to only respond to local requests that are one hop away. I have to change Pi-Hole to allow all responses on the interface so it will accept responses from IP addresses outside of the main LAN (i.e. the YazFi IP address ranges). See if there is a similar setting for AdGuard Home so it can respond to IP addresses/clients outside the main LAN IP address range.
Pi-Hole Example:
PiHoleExample.jpg
 
There’s no setting as such. It’s allowed to listen on all interfaces though.
There is a setting on the Adguardhome DNS settings page (the same as the upstream settings page) that allows for you to specify what networks (or subnets) are allowed to access adguardhome.

1676950501523.png


As @bennor mentions, you may have to configure your clients (or guest network subnet) here since they are mostly considered more than one hop away.
 
There is a setting on the Adguardhome DNS settings page (the same as the upstream settings page) that allows for you to specify what networks (or subnets) are allowed to access adguardhome.

View attachment 48094

As @bennor mentions, you may have to configure your clients (or guest network subnet) here since they are mostly considered more than one hop away.

OK some progress.. however all that happens now is the Query Log gets spammed with multiple NTP queries (and other queries) from devices and still no working internet for them.

5C9FF17C-2D73-4952-A220-B1FADF995203.png
 
There’s no setting as such. It’s allowed to listen on all interfaces though.
In addition to what @SomeWhereOverTheRainBow posted there is mention of the DNS bind_hosts entry in the configuration (AdGuardHome.yaml) file's dns — DNS configuration section that may be relevant.
https://github.com/AdguardTeam/AdGuardHome/wiki/Configuration
There are additional values such as Access settings section that has already been mentioned that is detailed in that Configuration Wiki page.
 
Last edited:
That is nice to know, but What about the allowed_clients?
I tried adding the subnet, and the results were per my post above..

 
I tried adding the subnet, and the results were per my post above..

What does your AdGuardHome Upstream DNS server section look like (try to get the rest of the settings page included in a screen shot please) , also what does your YazFi settings screenshot look like (the full settings) for this particular guest network? From your picture above, I am not sure what categories you have answered yes or no to on the guestnetwork webui because you do not include them in the screenshot. (the issue could simply be that you are not allowing the guest network to talk to the main network, which would be required for you to use a DNS server that is connected on the main network.)
 
I’m using Unbound on the RPi - but even using a different upstream DNS (Quad9, Cloudflare etc.) yields the same results.

Even wiping the RPi and starting from fresh using just AGH and no Unbound installed is the same as above.

I’ve tried doing 2-way to guest as well in YazFi and the results are the same.

Screenshots requested attached.
 

Attachments

  • 65EC9413-1E74-4882-98B0-A4F72836C335.jpeg
    65EC9413-1E74-4882-98B0-A4F72836C335.jpeg
    66.9 KB · Views: 43
  • Screenshot 2023-02-21 at 20.18.00.pdf.pdf
    106.1 KB · Views: 94
I’m using Unbound on the RPi - but even using a different upstream DNS (Quad9, Cloudflare etc.) yields the same results.

Even wiping the RPi and starting from fresh using just AGH and no Unbound installed is the same as above.

I’ve tried doing 2-way to guest as well in YazFi and the results are the same.

Screenshots requested attached.
so the next question would be is your unbound not setup correctly, because when you allowed the guest network using the "allowed clients" option, you started seeing requests coming in from those devices. However the "DNS" was not working on the clients. It sounds like your unbound might not be configured correctly, to confirm this try adding 1.1.1.1 to your AdGaurdHome upstream DNS. Then, readd the guest network back to the "allowed clients" section. See if DNS starts to work.
 
Echo what SomeWhereOverTheRainBow said. Post full screen shots of your settings (when they don't work) so others can see the full picture.

I run two Raspberry Pi's loaded Raspberry Pi OS Lite with Pi-Hole and Unbound on my main LAN and my YazFi clients can access them without issue provided I configure Pi-Hole to allow client access from beyond the first hop. Unless there is a misconfiguration somewhere within the router the issue would likely be a misconfiguration of either the Raspberry Pi or the AdGuard Home or Unbound running on the Raspberry Pi. In my example of YazFi settings below, the DNS Server fields are populated with my Pi-Hole IP addresses on the local main LAN (192.168.2.x). I also have my YazFi clients configured with reserved IP addresses as detailed in this post.
YazFi_1.jpg

YazFi_2.jpg

(Edit to add: Broke up image to make it more readable)
 
Last edited:
Yup. Well removed it altogether and saved changes.
you may have to give it a few minutes with the new settings applied. try disconnecting and reconnecting clients on the guest network. see if doing such fixes the "DNS" failurism. You have to remember, any client that has been connected to the guestnetwork with failing DNS, might not have a clean connection right away. You may have to disconnect and reconnect clients to get them to realize everything is working, especially since you are using the "force DNS" option.
 
Hmm ok. So just to test, I changed the YazFi network to a different IP subnet and it started working - I’m now using 192.168.12.0 and the Query Log is no longer being spammed with DNS queries and devices have internet again…

I changed it back to the previous IP subnet and it started spamming the Query Log again…

Something bizarre is going on it seems :)
 
Hmm ok. So just to test, I changed the YazFi network to a different IP subnet and it started working - I’m now using 192.168.12.0 and the Query Log is no longer being spammed with DNS queries and devices have internet again…

I changed it back to the previous IP subnet and it started spamming the Query Log again…

Something bizarre is going on it seems :)
sounds to me like maybe you are trying to give a guest network an ip range that your VPN provider is also issuing? (strange guess). Or another possibility would be adguardhome doesn't have that network range 10.0.0.0/8properly configured as a private network it services, but it does have 192.168.0.0/16 configured to be a private network range it services.

if adguardhome doesnt like 10.0.0.0/8 ranges, i would just stick with the 192.168.0.0/16 ranges since it works.
 
Last edited:

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top