DNS Leak in Adguard Home

Jounouchi · September 13, 2025, 9:11am

Hi team, I am using VPN with Policy Mode, I realized in AdGuard Home, there is native DNS being query, and it is towards my ISP DNS server.

May I know why does it happened? I didn’t put ISP DNS in the fallback server as well.

Screenshot as below, the port 53 is the ISP DNS.

Below is some strange log:

Sat Sep 13 16:21:52 2025 user.notice AdGuardHome[16006]: 2025/09/13 16:21:52.820483 ERROR response received addr=202.ISP.DNS.IP:53 proto=udp status="exchanging with 202.ISP.DNS.IP:53 over udp: read udp 10.136.216.3:48468->202.ISP.DNS.IP:53: i/o timeout"
Sat Sep 13 16:21:52 2025 user.notice AdGuardHome[16006]: 2025/09/13 16:21:52.820556 ERROR response received addr=ISP.DNS.IP.ADDR:53 proto=udp status="exchanging with ISP.DNS.IP.ADDR:53 over udp: read udp 10.136.216.3:33337->ISP.DNS.IP.ADDR:53: i/o timeout"
Sat Sep 13 16:21:52 2025 user.notice AdGuardHome[16006]: 2025/09/13 16:21:52.820469 ERROR response received addr=202.ISP.DNS.IP:53 proto=udp status="exchanging with 202.ISP.DNS.IP:53 over udp: read udp 10.136.216.3:47109->202.ISP.DNS.IP:53: i/o timeout"
Sat Sep 13 16:21:52 2025 user.notice AdGuardHome[16006]: 2025/09/13 16:21:52.820469 ERROR response received addr=ISP.DNS.IP.ADDR:53 proto=udp status="exchanging with ISP.DNS.IP.ADDR:53 over udp: read udp 10.136.216.3:37098->ISP.DNS.IP.ADDR:53: i/o timeout"
Sat Sep 13 16:21:52 2025 user.notice AdGuardHome[16006]: 2025/09/13 16:21:52.820469 ERROR response received addr=202.ISP.DNS.IP:53 proto=udp status="exchanging with 202.ISP.DNS.IP:53 over udp: read udp 10.136.216.3:40288->202.ISP.DNS.IP:53: i/o timeout"
Sat Sep 13 16:21:52 2025 user.notice AdGuardHome[16006]: 2025/09/13 16:21:52.820555 ERROR response received addr=ISP.DNS.IP.ADDR:53 proto=udp status="exchanging with ISP.DNS.IP.ADDR:53 over udp: read udp 10.136.216.3:47348->ISP.DNS.IP.ADDR:53: i/o timeout"
Sat Sep 13 16:21:53 2025 user.notice AdGuardHome[16006]: 2025/09/13 16:21:53.828365 ERROR response received addr=202.ISP.DNS.IP:53 proto=udp status="exchanging with 202.ISP.DNS.IP:53 over udp: read udp 10.136.216.3:58295->202.ISP.DNS.IP:53: i/o timeout"
Sat Sep 13 16:21:53 2025 user.notice AdGuardHome[16006]: 2025/09/13 16:21:53.828365 ERROR response received addr=ISP.DNS.IP.ADDR:53 proto=udp status="exchanging with ISP.DNS.IP.ADDR:53 over udp: read udp 10.136.216.3:56619->ISP.DNS.IP.ADDR:53: i/o timeout"
Sat Sep 13 16:21:53 2025 user.notice AdGuardHome[16006]: 2025/09/13 16:21:53.828365 ERROR response received addr=202.ISP.DNS.IP:53 proto=udp status="exchanging with 202.ISP.DNS.IP:53 over udp: read udp 10.136.216.3:54678->202.ISP.DNS.IP:53: i/o timeout"
Sat Sep 13 16:21:53 2025 user.notice AdGuardHome[16006]: 2025/09/13 16:21:53.828365 ERROR response received addr=202.ISP.DNS.IP:53 proto=udp status="exchanging with 202.ISP.DNS.IP:53 over udp: read udp 10.136.216.3:57947->202.ISP.DNS.IP:53: i/o timeout"
Sat Sep 13 16:21:53 2025 user.notice AdGuardHome[16006]: 2025/09/13 16:21:53.828440 ERROR response received addr=ISP.DNS.IP.ADDR:53 proto=udp status="exchanging with ISP.DNS.IP.ADDR:53 over udp: read udp 10.136.216.3:42585->ISP.DNS.IP.ADDR:53: i/o timeout"
Sat Sep 13 16:21:53 2025 user.notice AdGuardHome[16006]: 2025/09/13 16:21:53.828448 ERROR response received addr=ISP.DNS.IP.ADDR:53 proto=udp status="exchanging with ISP.DNS.IP.ADDR:53 over udp: read udp 10.136.216.3:34342->ISP.DNS.IP.ADDR:53: i/o timeout"
Sat Sep 13 16:25:21 2025 user.notice AdGuardHome[16006]: 2025/09/13 16:25:21.976725 ERROR response received addr=202.ISP.DNS.IP:53 proto=udp status="exchanging with 202.ISP.DNS.IP:53 over udp: read udp 10.136.216.3:52042->202.ISP.DNS.IP:53: i/o timeout"
Sat Sep 13 16:25:21 2025 user.notice AdGuardHome[16006]: 2025/09/13 16:25:21.976711 ERROR response received addr=ISP.DNS.IP.ADDR:53 proto=udp status="exchanging with ISP.DNS.IP.ADDR:53 over udp: read udp 10.136.216.3:60753->ISP.DNS.IP.ADDR:53: i/o timeout"

will.qiu · September 15, 2025, 9:47am

Hi

It looks like this behavior is coming from AdGuard Home rather than from the router.

Could you please review your AdGuard Home configuration?
In addition to the general DNS settings, check whether any specific DNS server has been assigned to individual devices under the Client settings.

Jounouchi · September 17, 2025, 8:20am

Hi @will.qiu , yes, I have specified Client Settings and specify some IPs to route to another DOH server. I don’t specify ISP DNS.

will.qiu · September 18, 2025, 7:25am

Please export the log according to the screenshot below.

Then send it to us via private message so we can check it further.

Jounouchi · September 18, 2025, 12:53pm

Log sent, kindly check.

will.qiu · September 19, 2025, 9:35am

Please verify that the following option is enabled.

When this option is enabled, AdGuard Home may, in specific scenarios, use the DNS from the WAN interface to resolve requests.
This behavior is typically related to internal network queries and does not result in a DNS leak where your ISP can see your browsing activity.
It only applies to requests for domain names that correspond to your Private IP address.

Jounouchi · September 19, 2025, 5:32pm

May I know if it is ok to disable?

RBzee · September 19, 2025, 11:42pm

I was experiencing the same thing. Thought it was ‘normal’ behavior.

A quick Google search says you can put your router's IP address in that field. It allows AGH to see the hostnames of your lan devices.