I recently purchased a Beryl AX (GL-MT-3000). It functions fine as a router or a repeater testing on my home network with no features enabled. However, when I enable Adguard Home, the Beryl AX cannot access the internet and cannot resolve DNS requests.
I have tested it in both router and repeater mode. I have disabled all DNS filters in Adguard Home, so it’s not blocking anything. I have set the Upstream DNS servers to common Cloudflare, Google, and Quad9 addresses.
I tried all of this with the vanilla firmware, and I also tried all of this again after upgrading to OpenWRT 4.8.3.
Same result in all tests: I can access webpages with Adguard Home turned off, but when I enable Adguard Home, the router cannot resolve webpages.
I have setup and configured other GL-iNet routers (Flint 2 and Slate 7) to use Adguard Home, so I am generally familiar with the interface and which settings work.
Does anyone know how to fix this? My goal is to use the Beryl AX as a travel router, which means it needs to function as a repeater, run Adguard Home, and a VPN. Based on numerous reviews, I should be able to do this, albeit with the limitation of needing minimal DNS lists.
Could you please try to just use nslookup gl-inet.com to see if your client can talk to the DNS server on your router and it's not some issue with the browser itself?
I tested nslookup gl-inet.com connected to the Beryl AX in router mode.
Results:
With Adguard Home turned off:
Server: [Beryl AX IP]
Address: [Beryl AX IP]#53
Non-authoritative answer:
Name: gl-inet. com
Address: 3.0.226.225
With Adguard Home enabled:
Server: [Beryl AX IP]
Address: [Beryl AX IP]#53
** server can't find gl-inet. com: SERVFAIL
I am fully capable of browsing the internet on a device connected to the Beryl AX with Adguard Home disabled. I am able to connect that same device to a Flint 2 with Adguard Home enabled and browse the internet with DNS services provided by ADH. I have tested other devices and observed the same results. It is not the client device or the browser.
There are also log entries that indicate that AGH cannot connect out to update it’s lists. The basic functionality of AGH is for client DNS traffic to be redirected to AGH. It seems like the issue is that AGH on the Beryl AX cannot connect out.
Looks to me like your AdGuard Home can't reach any upstream DNS servers.
So the question is: Why?
Is your router behind another one? Are you trying to use plain DNS, but maybe you are using VPN and it's forbidden by this? Do you have any settings that are "non default"?
And I am a bit confused that you want to talk to 9.9.9.10 - because there is no DNS server, afaik.
The 2nd one for Quad9 is 149.112.112.112
The results that I previously posted were run with the Beryl AX connected to my Flint 2, either via LAN, or as a repeater. I repeated the tests with AGH both on and off on the upstream router. I have not tested using a VPN on either unit…. yet.
To test whether being behind the upstream router was affecting things, I connected the Beryl AX WAN directly to the modem and enabled Adguard Home. I am able to browse the internet in this configuration, indicating that you are on the right track - it is something to do with the communication between AGH on the Beryl AX and the upstream router.
The setting on the Beryl AX are default. 9.9.9.10 and 149.112.112.112 are both Bootstrap servers default loaded into AGH. As I understand things, AGH does communicate with bootstrap servers in plain DNS.
There is no VPN active, but the settings on the Flint 2 are highly configured. None of my other devices behind the Flint 2 have issues getting their DNS resolved. I will have to poke around to see if I can figure out which setting is causing this, but if the Beryl AX is going to serve as a travel router, it is going to have to exist behind other routers in hotels, airbnbs, etc.
Ok, I think I figured out the cause…but not the solution.
I have a firewall rule setup to block devices with hardcoded DNS policies from bypassing AGH on the Flint2 (see below). I suppose it can be blamed for preventing the Beryl AX AGH from being able to reach upstream DNS servers directly, although I am a bit confused why the Beryl AGH DNS requests don’t just get re-directed through the Flint 2 DNS resolvers like all the other devices.
Not sure why this happens, but I assume that AdGuard might check the response and isn't happy when the DNS request is redirected. You could set the Upstream DNS in AGH to your upstream router - this should solve it as long as your main router is sitting in front of your Beryl.
Or just disable AGH while someone else is doing it already.
@admon I came to a similar conclusion. While I would really like to find a way to configure the Beryl AX -AGH to be functional while traveling and connecting to other networks with unknown DNS policies, I suppose that having an understanding of the fact that AGH blocks DNS resolution when it is unable to access public DNS servers, regardless of whether the public DNS server address is entered as plain text or an IP address---can be used as a warning indicator that an upstream network is affected by policies that impact DNS resolution. Instead of trying to figure out how to configure AGH to bypass network level DNS restrictions, probably best to turn on the VPN.
Although now I need to figure out how to create an exemption to my firewall rule for my guest network.