Trouble Passing Real Client IPs from Dnsmasq to AdGuard Home → NextDNS

Arnaldo · June 14, 2025, 3:07pm

Hi everyone,
I'm running a layered DNS setup at home for better control and visibility:
Device: GL-MT6000 Flint2 - OpenWrt 21.02-SNAPSHOT
Kernel: 5.4.238

LAN client → Dnsmasq (handles DHCP & DNS) → AdGuard Home (ad-blocking) → NextDNS (DoH resolver)

Dnsmasq is handling DHCP and DNS.
AdGuard Home is running on my GL.iNet Flint 2 router.
NextDNS is configured in AdGuard Home as the upstream resolver via DoH.
On NextDNS, I do see the real client IPs (great!).
But in AdGuard Home, all clients appear as 127.0.0.1 or the router IP, not the actual LAN device IPs.

I already tried:

Setting add-mac, add-subnet=32,128 in dnsmasq.
Enabling EDNS Client Subnet (ECS) support in AdGuard Home.
Testing with and without strict-order , bogus-priv, no-resolv options.
Verified DHCP leases are assigning correctly and contain MAC info.

Still, AdGuard Home doesn’t log the real LAN client IPs, which makes per-device filtering and stats useless.

What I want:
See real LAN client IPs inside AdGuard Home, not just on NextDNS.

My Questions:

Is there a known method or config combination that allows dnsmasq to pass real client IPs to AdGuard Home running on the router?
Does AdGuard Home need to run on a separate device to capture LAN IPs properly?
Would changing the chain (e.g, clients → AdGuard → dnsmasq → NextDNS) help resolve the IP logging issue?
Any advice or insight would be appreciated. Happy to share more config details if helpful.

Thanks in advance!
Arnold

Arnaldo · June 15, 2025, 12:34am

Hi everyone!!
Anyone who has the same setup or technical expertise to provide a guidance?

Appreciate.

bruce · June 16, 2025, 3:28am

Hello,

Is the MT6000 installed firmware version v4.7.7?
Is VPN client disabled?
Is the "AdGuard Home Handle Client Requests" enabled?

Arnaldo · June 16, 2025, 9:45am

Hey Bruce, tks for your time.

Version ok V7
No VPN, I'm using Tailscale instead.
Clinet Request. I don't know what is this option. However, only to make it clear, this is my setup: clients → AdGuard → dnsmasq → NextDNS Therefore, dnsmasq is handle clients and Adguard is the ad blocker.

I fill like I'm missing something.
File etc/dnsmasq I've included:
no-resolv
bogus-priv
strict-order
server=127.0.0.1#3053

And have tried many diffent way testin flaging and unflagging AdGuard options. Nothing make it works.

Maybe my setup is not appropriate one.

Tks again.

bruce · June 20, 2025, 6:46am

Hello,

May I know if this option is enabled?

Arnaldo · June 22, 2025, 8:58am

Hey, tks for you question. Nope... I didn't enable because I'm using dnsmasq as my DNS. The Idea is to use Aduard only as ad blocker.

Cheers.

Arnaldo · June 22, 2025, 9:08am

And the only reason that I'm using AdGuard is because Flint 2 has it already integrated. Otherwise, I would prefer Pi-Hole. But, for it will be required an extra container or vm, and I don't wanna at least for now extra stuff to manager.
cheers

bruce · June 25, 2025, 11:10am

The reason is the dnsmasq already handle all DNS requests, ADG can only display localhost. I think this is not an issue in router firmware.

If you require the ADG statistics list to display client IP, may enable the "AdGuard Home Handle Client Requests".

Whatsamattr1 · August 8, 2025, 1:44am

I had the same problem with my pihole.

Was seeing all forwarded DNS lookups as coming from the LAN IP of the router. I just enabled EDNS on dnsmasq.
SSH into the router, go to /etc/dnsmasq.conf added 2 lines
add-mac
add-subnet=32

Original client IP comes through to Pihole now.

bruce · August 8, 2025, 7:53am

Hi, does the pihole ADG work fine now?