What's new

DNSFilter goes insane on XT12

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Wonko

New Around Here
Greetings, all...

I updated my XT12 router and node to Merlin mainly to be able to use DNSFilter to force all DNS traffic to my Adguard Home DNS server and stop hardcoded DNS usage.

When I enable DNSFilter, my XT12 goes crazy and hits my AGH with thousands of requests per second. It seems to pick whatever DNS request was first in the queue and hammers it. In the last try at enabling, time.apple.com was the chosen one.

Based on my understanding of Merlin, you can enable it in "Router" mode and it should just work. I've tried also specifying my AGH IP in "Custom (user-defined) DNS 1" and "...2", but neither of those options make a difference. Whenever I turn on DNSFilter, the router tries to kill my AGH.

Either I am doing something stupid (most likely), or things aren't working as expected? Relevant details below, if there is anything that I'm doing wrong? Thank you for any pointers...

Router (gateway and DHCP): 192.168.1.1
AGH: 192.168.1.153

AGH DNS Settings

Private reverse DNS servers: 192.168.1.1
Use private reverse DNS resolvers: Enabled
Enable reverse resolving of clients IP addresses: Enabled
Blocking mode: REFUSED
Upstream DNS servers: (various external services)

Router Settings:

LAN DHCP: DNS Server 1: 192.168.1.153
LAN DHCP: DNS Server 2: Empty
Advertise router's IP in addition to user-specified DNS: No

WAN: DNS Server: 192.168.1.153, 192.168.1.153
WAN: Forward local domain queries to upstream DNS: No
WAN: Enable DNS Rebind protection: Yes
 

Attachments

  • Screen Shot 2022-10-30 at 17.45.15.png
    Screen Shot 2022-10-30 at 17.45.15.png
    205.7 KB · Views: 61
  • Screen Shot 2022-10-30 at 17.45.31.png
    Screen Shot 2022-10-30 at 17.45.31.png
    159.3 KB · Views: 68
  • Screen Shot 2022-10-30 at 17.45.55.png
    Screen Shot 2022-10-30 at 17.45.55.png
    94.3 KB · Views: 60
  • Screen Shot 2022-10-30 at 17.46.12.png
    Screen Shot 2022-10-30 at 17.46.12.png
    103.1 KB · Views: 57
Greetings, all...

I updated my XT12 router and node to Merlin mainly to be able to use DNSFilter to force all DNS traffic to my Adguard Home DNS server and stop hardcoded DNS usage.

When I enable DNSFilter, my XT12 goes crazy and hits my AGH with thousands of requests per second. It seems to pick whatever DNS request was first in the queue and hammers it. In the last try at enabling, time.apple.com was the chosen one.

Based on my understanding of Merlin, you can enable it in "Router" mode and it should just work. I've tried also specifying my AGH IP in "Custom (user-defined) DNS 1" and "...2", but neither of those options make a difference. Whenever I turn on DNSFilter, the router tries to kill my AGH.

Either I am doing something stupid (most likely), or things aren't working as expected? Relevant details below, if there is anything that I'm doing wrong? Thank you for any pointers...

Router (gateway and DHCP): 192.168.1.1
AGH: 192.168.1.153

AGH DNS Settings

Private reverse DNS servers: 192.168.1.1
Use private reverse DNS resolvers: Enabled
Enable reverse resolving of clients IP addresses: Enabled
Blocking mode: REFUSED
Upstream DNS servers: (various external services)

Router Settings:

LAN DHCP: DNS Server 1: 192.168.1.153
LAN DHCP: DNS Server 2: Empty
Advertise router's IP in addition to user-specified DNS: No

WAN: DNS Server: 192.168.1.153, 192.168.1.153
WAN: Forward local domain queries to upstream DNS: No
WAN: Enable DNS Rebind protection: Yes
Leave WAN DNS set to automatic.

Only set your LAN DNS 1 to AdGuardHome.

Make sure advertise router IP for DNS is set to NO.

Make sure DNSFILTER's Global Rule is set to "ROUTER".

Add a custom rule to the DNSFILTER custom rule list that ensures AdGuardHome IP is set to "NO-FILTER".

The specific traffic that is "Hammering" your AdGuardHome, is the router itself traffic from setting "WAN" DNS to your AdGuardHome.

WAN DNS is the DNS used by the router and by extension, the routers services. Clients don't use WAN DNS, unless you have them pointed at the ROUTER in LAN DNS. However, this is not the case since you have "Advertise Router's IP in addition to Userspecified DNS set to NO".
 
Last edited:
Leave WAN DNS set to automatic.

Only set your LAN DNS 1 to AdGuardHome.

Make sure advertise router IP for DNS is set to NO.

Make sure DNSFILTER is set to "ROUTER".

Add a custom rule to the DNSFILTER custom rule list that ensures AdGuardHome IP is set to "NO-FILTER".

The specific traffic that is "Hammering" your AdGuardHome, is the router itself traffic from setting "WAN" DNS to your AdGuardHome.

WAN DNS is the DNS used by the router and by extension, the routers services. Clients don't use WAN DNS, unless you have them pointed at the ROUTER in LAN DNS. However, this is not the case since you have "Advertise Router's IP in addition to Userspecified DNS set to NO".

THANK YOU! Works perfectly now... your name shall be cheered far and wide, at least in my home.
 
Greetings, all...

I updated my XT12 router and node to Merlin mainly to be able to use DNSFilter to force all DNS traffic to my Adguard Home DNS server and stop hardcoded DNS usage.

When I enable DNSFilter, my XT12 goes crazy and hits my AGH with thousands of requests per second. It seems to pick whatever DNS request was first in the queue and hammers it. In the last try at enabling, time.apple.com was the chosen one.

Based on my understanding of Merlin, you can enable it in "Router" mode and it should just work. I've tried also specifying my AGH IP in "Custom (user-defined) DNS 1" and "...2", but neither of those options make a difference. Whenever I turn on DNSFilter, the router tries to kill my AGH.

Either I am doing something stupid (most likely), or things aren't working as expected? Relevant details below, if there is anything that I'm doing wrong? Thank you for any pointers...

Router (gateway and DHCP): 192.168.1.1
AGH: 192.168.1.153

AGH DNS Settings

Private reverse DNS servers: 192.168.1.1
Use private reverse DNS resolvers: Enabled
Enable reverse resolving of clients IP addresses: Enabled
Blocking mode: REFUSED
Upstream DNS servers: (various external services)

Router Settings:

LAN DHCP: DNS Server 1: 192.168.1.153
LAN DHCP: DNS Server 2: Empty
Advertise router's IP in addition to user-specified DNS: No

WAN: DNS Server: 192.168.1.153, 192.168.1.153
WAN: Forward local domain queries to upstream DNS: No
WAN: Enable DNS Rebind protection: Yes
Keep in mind you could also just use my script to run adguardhome on the router itself.

 
The XT12 does not have a USB port, unfortunately, so can't do any external file systems. Seems like a bit of a miss on a piece of kit that costs this much, but I am sure Asus had their reasons.
 
The XT12 does not have a USB port, unfortunately, so can't do any external file systems. Seems like a bit of a miss on a piece of kit that costs this much, but I am sure Asus had their reasons.
That is sad to hear. I am glad you have something that is working. You are still free share or use adguardhome configuration tips with us over in the addon's section. Your advice may prove to be invaluable to other users. :) Either way I am glad I could provide a helping hand. I hope you continue to share your experiences with the forum.
 

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top