slate ax 4.0.1 beta 2
I have noticed that the even when I have a wireguard tunnel and adguard enabled the routers own dns traffic gets routed to the repeaters dns, meaning no adblock and no encryption.
Please comment, does not seem right to me.
ADGuard Home is set by default to work only for client devices and is not used for requests from the router itself.
However, if WireGuard client is connected, requests from the router should be forwarded through the WireGuard tunnel. We will review this issue.
so it is not possible then to use encrypted dns requests from router when adguard home is enabled?
the regular dns settings are disabled when adguard home is used. Why are not adguards dns settings used for router requests?
“AdGuard Home is enabled, the router must use the DNS server provided by AdGuard Home, you can’t customize DNS servers.”
from what I can see the routers dns requests are not forwarded through the wg tunnel.
Sorry, my bad. ADGuard Home is work for requests from the router itself.
I just tested it with ADGuard Home only, WireGuard only, and both ADGuard Home and WireGuard on, and nslookup shows that 127.0.0.1#53 is used in all three cases.
Which WireGuard provider’s configuration file are you using?
Sorry, I can’t reproduce your question about Adguard Home.
I guess this may be caused by your Adguard Home settings, maybe you reset the device or upgrade beta3 without keeping the settings and try again?
About WireGuard, please check whether the WireGuard configuration file provides DNS.
my concern is not the adblocking funcionality, I just dont want the router to send unencrypted dns requests to the repeater wifi unless I’ve choosen it. seems to me there is a problem when rebooting with adblock is enabled.
I have no special configuration in adblock, only filters and (encrypted) dns upstream configuration.
I will try with a clean install of beta3 when it is released since the issue has not been reproduced.
Okay, understood. And I can confirm in FW 4.0.1 beta2, WAN over WLAN, LAN over cable.
Adguard enabled → reboot Router
dnsmasq is bind to 127.0.0.1:53, /etc/resolv.conf is set to nameserver 192.168.xxx.53 (local DNS)
Disable Adguard → nameserver 127.0.0.1 in /etc/resolv.conf
Enable Adguard → nameserver 127.0.0.1 in /etc/resolv.conf
in netstat -tulpen |grep \:53 it seemes dnsmasq takes the whole configuration after boot and adguardhome got permission only after manual stop/start.
But does dnsmasq also handles the dhcp-client part for the SlateAX System? I think I missing something.
Can’t find any hints in the logs, now.
Edit: 192.168.xxx.53 is also the DNS in my wireguard configuration. cat /etc/config/resolv.conf.wg → nameserver 192.168.xxx.53 cat /etc/config/resolv.conf.d/resolv.conf.auto → nameserver 192.168.xxx.53 \n search [mylocaldomain].net, same content as in /etc/resolv.conf
The content in /etc/config/resolv.[wg|.d/resolv.conf.auto] is not altered by stop/start AdGuard.
Why is dnsmasq even bound to 192.168.xxx.193:53 (WWAN port)? (Just a reminder for another analysis).
Yeah, it works and it’s absolutely stable on any situation, at least on my setup. In fact I’ve been using my Slate AX with this “trick” since I am testing it and I’ve no problem at all (I am always using Adguard).