This is to modify dnsmasq you could also elect to not use DNSmasq and that would solve the problem. Could also use static assigned ip address and manual add clients into the adguard home GUI.
I have more than 60 devices connected (including all the lights of the house). I don’t see how that can be better option.
I’ll wait til the dev team improves this.
Were you previously running Pi-hole on a router (like Adguard Home on a GL.iNet router), or on a separate device (like Raspberry Pi)?
I do not work for and I am not directly associated with GL.iNet
I had it on a separate device (which makes it more difficult to handle, more space, cables, potential issues…).
It’s not a big deal to non have the info “by device”, or at least is better than having two different devices, but I used to take a look at the stats before, and more info about clients (and their attempt to reach some websites).
I hope this can be fixed somehow anytime in the future, it’s one of the reasons I bought the router (and as I bought the Slate AX for traveling too, I wish I could see that info too when I travel as well).
This solution ended up working for me.
You can achieve the same ‘fix’ without having to touch the dnmasq or adguard configs, just go into Luci and add a port forwarding rule that forwards all tcp & udp traffic from ‘lan’ to ‘this device’ on port 53 to ‘lan’ port 3053. This will bypass dnsmasq instead of having it forward the request. Arguably the router should probably add this rule automatically when you turn on adguard
2 Likes
that sound like an awesome solution
can you explain a bit more ?
in luci is it in the menu firewall and then the tab port forwards ?
do you have screenshots for this setup as a working example ?
thanks
My understanding is that LAN-to-LAN port forwarding will not work because the traffic does not go through the firewall. Can users confirm that it is working?
I do not work for and I am not directly associated with GL.iNet
You can port forward when the destination is the firewall/router itself. It works fine for me otherwise I wouldn’t have suggested it.
luci should describe the match rule as ‘Incoming IPV4 From “lan” to “this device”, port 53’ and the action as ‘Forward to “lan” port 3053’. Basically it’s saying “anything received from lan to router-lan-ip:53 rewrite to go to router-lan-ip:3053”
1 Like
Network :: Firewall :: Port Forwards
Protocol: TCP & UDP
Source zone: lan
External port: 53
Destination zone: lan
Internal IP address: any
Internal port: 3053
5 Likes
Finally. this is all i have to say. FINALLLYYYYY!!!
The port forwarding works well, however it breaks vpn policies based on “Target Domain or IP”.
If you use that port forwarding AND vpn policies based on domain/IP, the policies doesn’t work after a while (or a reboot).
Seems that a perfect solution doesn’t exist… Too bad, using different DNS for clients inside Adguard Home is just too useful in some cases.
1 Like
Try this method that disables DNS server n dnsmasq and makes AdGuardHome the native DNS server on port 53:
Maybe it works with VPN policies.
I do not work for and I do not have formal association with GL.iNet
1 Like
No, cuz dnsmasq uses ipset under the hood (domain name routing based on vpn policy), so the dnsmasq bypass solution breaks the policy
Only the DNS server function of dnsmasq would be disabled and the rest of the functions would be running, not bypassed. It should work like a separate DNS server at a different IP address.
1 Like
portforward bypasses dnsmasq, the other solution disables dnsmasq.
if the dns query schema does not include dnsmasq, then the vpn policies will not work
In any case, both solutions presented break the vpn policies (name based)
1 Like
Thanks, that actually was the first method I tried, but it also breaks VPN policies.
Well, it looks like another person has tried unsuccessfully before also, using an RPi AdGuardHome server … that’s too bad 
1 Like