AdGuardHome NTP rules at boot

johndoe85

Regular Contributor
I don't know how to formulate this, but i'l try anyway.

There seems to be a need to change the rules for when NTP starts alongside with unbound and AdGuard Home.
When running unbound on the router and using AdGuard Home with the option to force all DNS request through adguard home the unbound refuses to start due to NTP is not running, or rather, it can't do lookups.
And NTP can't make lookups due to unbound is not started. And AdGuard Home can't start untill NTP is in order.


The workaround i have is to set NTP server to IP but that is not really a solution for this issue, it's just a workaround.
 

SomeWhereOverTheRainBow

Part of the Furniture
I don't know how to formulate this, but i'l try anyway.

There seems to be a need to change the rules for when NTP starts alongside with unbound and AdGuard Home.
When running unbound on the router and using AdGuard Home with the option to force all DNS request through adguard home the unbound refuses to start due to NTP is not running, or rather, it can't do lookups.
And NTP can't make lookups due to unbound is not started. And AdGuard Home can't start untill NTP is in order.


The workaround i have is to set NTP server to IP but that is not really a solution for this issue, it's just a workaround.
Yep, just ran a test myself. NTP appears to be working fine on reboots with both unbound and adguardhome running together on my setup. I am not sure how to reproduce the issue you are experiencing ( the only way I could experience it is by clearing WAN DNS 1 and WAN DNS 2 on the wan page and switching it away from automatic like in the image below.)

1650249039425.png


For me, unbound shouldn't attempt to start until your ntp is in order otherwise it will always have a fail to resolve when checking if a domain is secure or not which it will with dnssec in Unbound. As far as I am concern, there is not much I can do in regards to AdGuardHome since it is not the chief cause of NTP not getting set because it does not make any modifications to your original setup (a.k.a. dnsmasq and resolv.conf ) until ntp is in order. This may just be an issue specific to your setup. I am glad you found a workaround.
 

SomeWhereOverTheRainBow

Part of the Furniture
I don't know how to formulate this, but i'l try anyway.

There seems to be a need to change the rules for when NTP starts alongside with unbound and AdGuard Home.
When running unbound on the router and using AdGuard Home with the option to force all DNS request through adguard home the unbound refuses to start due to NTP is not running, or rather, it can't do lookups.
And NTP can't make lookups due to unbound is not started. And AdGuard Home can't start untill NTP is in order.


The workaround i have is to set NTP server to IP but that is not really a solution for this issue, it's just a workaround.
I have created a test for you to try to see if it resolves your issues, I left it on development branch though. To access it run:

Code:
curl -L -s -k -O https://raw.githubusercontent.com/jumpsmm7/Asuswrt-Merlin-AdGuardHome-Installer/master/installer && sh installer dev

Let me know if it resolves your issue. If it does then I will complete add it to the main. Other wise to switch back to the main, run:

Code:
curl -L -s -k -O https://raw.githubusercontent.com/jumpsmm7/Asuswrt-Merlin-AdGuardHome-Installer/master/installer && sh installer master

Let me know what the results are either way. This is the best I could come up with at the time being.
 

johndoe85

Regular Contributor
I have created a test for you to try to see if it resolves your issues, I left it on development branch though. To access it run:

Code:
curl -L -s -k -O https://raw.githubusercontent.com/jumpsmm7/Asuswrt-Merlin-AdGuardHome-Installer/master/installer && sh installer dev

Let me know if it resolves your issue. If it does then I will complete add it to the main. Other wise to switch back to the main, run:

Code:
curl -L -s -k -O https://raw.githubusercontent.com/jumpsmm7/Asuswrt-Merlin-AdGuardHome-Installer/master/installer && sh installer master

Let me know what the results are either way. This is the best I could come up with at the time being.
Okey i will test this.
These are my settings,
 

johndoe85

Regular Contributor
The changing of branch did not solve anything. Though i ran the script and in the install ibjust went default with all settings. Redigering all traffic throught adguard, no to custom dns and kept the build version to stable, maybe this was the wrong choice?
 

SomeWhereOverTheRainBow

Part of the Furniture
The changing of branch did not solve anything. Though i ran the script and in the install ibjust went default with all settings. Redigering all traffic throught adguard, no to custom dns and kept the build version to stable, maybe this was the wrong choice?
Yea, I am not sure myself. As we can both tell solving this delimma for you is like hunting a needle in a hay stack. All though I am honestly not sure why you have private ip address listed as you wan dns 1 and have no DNS server defined for wan dns 2. Seems very suspect to being the cause of the delay of your ntp delimma. Especially if that address is not readily available to service dns of the router himself right after a reboot.
 
Last edited:

SomeWhereOverTheRainBow

Part of the Furniture
The changing of branch did not solve anything. Though i ran the script and in the install ibjust went default with all settings. Redigering all traffic throught adguard, no to custom dns and kept the build version to stable, maybe this was the wrong choice?
However, putting something like 1.1.1.1 in your wandns2 slot and adding strict-order to your dnsmasq.conf.add script may solve your delimma as far as the router ntp is concerned. (You may have to experiment changing wan dns 1 and 2 around depending on your preference.) In theory, Dnsmasq will try one when the other is unavailable which should speed up your ntp time sync. Strict order means that the router will use them in specific order until one fails.
 

SomeWhereOverTheRainBow

Part of the Furniture
The changing of branch did not solve anything. Though i ran the script and in the install ibjust went default with all settings. Redigering all traffic throught adguard, no to custom dns and kept the build version to stable, maybe this was the wrong choice?
Another solution to your delimma may be to add a custom exception to dnsfilter client list for the private ip address you are using in wan dns 1 (obviously you need to know the mac address of the device though.). Set a custom rule saying no filter for that specific ip address meaning you won't try to attempt to force dns of that specific client, to use the router for dns since you are expect it to act as the routers dns at boot. Basically you having that ip address listed in wan dns1 and no rule for it under dnsfilter page, you are creating a dns loop that leaves the router having no dns at boot. You need to add a nofilter rule for it to your dnsfilter client list.
 
Last edited:

SomeWhereOverTheRainBow

Part of the Furniture
I don't know how to formulate this, but i'l try anyway.

There seems to be a need to change the rules for when NTP starts alongside with unbound and AdGuard Home.
When running unbound on the router and using AdGuard Home with the option to force all DNS request through adguard home the unbound refuses to start due to NTP is not running, or rather, it can't do lookups.
And NTP can't make lookups due to unbound is not started. And AdGuard Home can't start untill NTP is in order.


The workaround i have is to set NTP server to IP but that is not really a solution for this issue, it's just a workaround.
If you feel like testing one more time, I added a new modification to the dev branch you are welcome to try the dev installer link to try it out. Run option 1 to allow the installer to update any files.
 

johndoe85

Regular Contributor
However, putting something like 1.1.1.1 in your wandns2 slot and adding strict-order to your dnsmasq.conf.add script may solve your delimma as far as the router ntp is concerned. (You may have to experiment changing wan dns 1 and 2 around depending on your preference.) In theory, Dnsmasq will try one when the other is unavailable which should speed up your ntp time sync. Strict order means that the router will use them in specific order until one fails.
Wouldnt that create dns leaks?
Strict order could be a solution. But the reason i want to use my own dns is to prevent snooping from isp or other company.

For situations like this i think it would be handy if you could edit settings to dnsmaq.conf from the GUI.

Since NTP is such an important part of a computer there should be some hard coded ip specific servers in case of failure.
Or that unbound wouldnt be so dramatic about NTP running or not.
 

johndoe85

Regular Contributor
If you feel like testing one more time, I added a new modification to the dev branch you are welcome to try the dev installer link to try it out. Run option 1 to allow the installer to update any files.
Do you want me to test it as my settings are now, or with suggested changes to dnsmasq.conf with 2nd external dns server?
 

johndoe85

Regular Contributor
I tested with the settings as is, with yes to both options in adguard home install except changing the build, and i changed the NTP server to se.pool.ntp.org and then rebooted the router. And it seems to be working. So whatever you did, i think it fixed it. I've never managed to get unbound to be started before with se.pool.ntp.org as NTP server only and router as DNS server.

However, i will keep you posted if anything changes.
Thanks!
 

dave14305

Part of the Furniture
You can’t really expect the router to behave normally on boot with no valid external WAN DNS servers and 2 DNS addons.
 

johndoe85

Regular Contributor
You can’t really expect the router to behave normally on boot with no valid external WAN DNS servers and 2 DNS addons.
Ok understood.
Do you know how to increase these two?

AdGuardHome[10190]: 2022/04/18 10:48:31.608855 failed to sufficiently increase receive buffer size (was: 512 kiB, wanted: 2048 kiB, got: 1024 kiB). See https://github.com/lucas-clemente/quic-go/wiki/UDP-Receive-Buffer-Size for details.

AdGuardHome[5660]: 2022/04/18 17:54:26.620027 [error] unpacking udp packet: dns: buffer size too small

I'm guessing the last one is Cache size under Settings -> DNS Settings, but since i don't know what file it uses i can't check the size of that file.
 

SomeWhereOverTheRainBow

Part of the Furniture
Ok understood.
Do you know how to increase these two?

AdGuardHome[10190]: 2022/04/18 10:48:31.608855 failed to sufficiently increase receive buffer size (was: 512 kiB, wanted: 2048 kiB, got: 1024 kiB). See https://github.com/lucas-clemente/quic-go/wiki/UDP-Receive-Buffer-Size for details.

AdGuardHome[5660]: 2022/04/18 17:54:26.620027 [error] unpacking udp packet: dns: buffer size too small

I'm guessing the last one is Cache size under Settings -> DNS Settings, but since i don't know what file it uses i can't check the size of that file.
You need to add a udp and a tcp listen address for unbound to your adguardhome upstream, otherwise you will not be able to process packets that are too large over udp. Therefore you need a tcp listen address as well.

Eg.
Both are required-
127.0.0.1:53535 <----UDP
tcp://127.0.0.1:53535 <----TCP (for handling request packets bigger than UDP can handle).

Also: you may want to consider adding

UDP receive buffer set to 2.5M (
Code:
echo 2500000 > /proc/sys/net/core/rmem_max
) to /jffs/scripts/init-start
 
Last edited:

johndoe85

Regular Contributor
You need to add a udp and a tcp listen address for unbound to your adguardhome upstream, otherwise you will not be able to process packets that are too large over udp. Therefore you need a tcp listen address as well.

Eg.
Both are required-
127.0.0.1:53535 <----UDP
tcp://127.0.0.1:53535 <----TCP (for handling request packets bigger than UDP can handle).

Also: you may want to consider adding

UDP receive buffer set to 2.5M (
Code:
echo 2500000 > /proc/sys/net/core/rmem_max
) to /jffs/scripts/init-start
Thank you :)
 

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top