I have a Brume 2 (FW 4.5) and have enabled AdGuard + Tailscale. I’m not using any other VPN (Wireguard is off). I’ve setup Subnet routing and I can reach any device in my network when I’m connected to the Tailscale network. This works.
I’m now trying to use the AdGuard DNS when connected to Tailscale but for some reason this does not work. To keep it simple I disabled MagicDNS in Tailscale, and just added my Brume/AdGuard tailscape IP as global nameserver like below.
The Brume is has a Tailscale IP address of 100.x.x.75).
Whatever I try after setting custom nameservers in Tailscale 100.100.100.100 is acting as the main DNS (this could be because it falls back to 100.100 because my nameserver is not working?):
❯ scutil --dns
DNS configuration
resolver #1
search domain[0] : internal.home.net
nameserver[0] : 100.100.100.100
if_index : 19 (utun4)
flags : Supplemental, Request A records, Request AAAA records
reach : 0x00000003 (Reachable,Transient Connection)
order : 100200
The DNS ports are not blocked:
❯ nc -v -z 100.xx.xx.75 53
Connection to 100.xx.xx.75 port 53 [tcp/domain] succeeded!
❯ nc -v -z 100.xx.xx.75 3053
Connection to 100.xx.xx.75 port 3053 [tcp/dsom-server] succeeded!
~ ❯
But when trying to use the DNS with dig it fails:
❯ dig @100.xx.xx75 www.google.com
; <<>> DiG 9.10.6 <<>> @100.xx.xx.75 www.google.com
; (1 server found)
;; global options: +cmd
;; connection timed out; no servers could be reached
Is there anything I’m missing? There is some documentation on getting it to work with PiHole and Unbound but I can’t seems to find anything how to get it working with AdGuard/Glinet/OpenWRT.
There’s this guide that suggests adding --accept-dns=false and I tried this as well in the by ssh’ing into my brume and running talescale up --accept-dns=false + default params but it doesn’t seem to have a change.
Anyone that could point me in the right direction - would be great to have 1) resolve my internal hostnames and 2) have adblocking when connected to Tailscale VPN.
Hey, have the exact same issue with my synology NAS running Adguard well in my local net but being unavailable to make it work with tailscale. Everythink else tailscale-wise works perfectly. Did you find a solution?
If you enable the Tailscale custom domain (DNS), the traffic of the router will go through to the Taliscale server from port 53, and never back to the ADG (to port 3053). Seems these two functions are conflicted.
Testing routers: MT6000 and MT3000, Firmware: v4.7.0 and v4.6.9
It seems it is available to fulfill your request.
Long story short, you just need to add a port forwarding rule to redirect DNS queries arriving on the tailscale0 interface's port 53 to localhost's port 3053 where AdGuard Home is listening
Here are the specific steps for reference: 1. Enable Tailscale in the GL interface, and ensure that the router is successfully bound to your Tailscale account. 2. Go to the Tailscale Admin Console-->DNS-->Global nameservers, and choose Custom. Enter the AdGuardHome-running router's Tailscale virtual IP address(it should be 100.X.Y.Z) and enable Override local DNS(optional).
At the moment, you can notice that all DNS queries from devices in your Tailnet are being sent to this router's 53 port. However, AdGuard Home is listening on port 3053. Therefore, we need to configure a rule to redirect these DNS queries to the local host's 3053 port.
3. Go to the LuCI interface and add a new interface.
Set the Protocol to "Unmanaged" and the Device to tailscale0.
Note: Currently you might currently observe that Tailscale is rebooting itself, resulting in a repeated "up" and "down" cycle.
To address this, please click "Stop" when this button is available. This will allow Tailscale to have a break to reconnect and create the tailscale0 device, and then make this interface work again.
