Hi there, I’m trying to set up AdGuard home and it doesn’t seem to work properly. Maybe I’m getting it wrong on how it’s supposed to work, but I’m kinda confused right now and it seems to me than Win11 is lying to me about my DNS entries …

Here’s my setup: as I have a VPS server already, I wanted to try and use it for Adguard as well. Installation there was straightforward enough and I have it up running and it has a static IP that I would use now as a DNS server, routing my traffic through it.

Now, all tutorials say that one should set the DNS entries on the router that connects to the Internet, but this option is not enabled on my router (more about this later on).

I thought, no worries, I will deal with the router situation later and just see how Adguard works with a single computer. So I went into network settings of my Win11 machine and configured my IP settings manually. Gave me a fixed IP in my home network and used the static IP from my adguard server for DNS entries. But this didn’t seem to do anything. Still got ad’s everywhere although my Adguard dashboard showed a lot of blocked domains (clearly identifiable as ad-servers by their name).

Ok, I went to troubleshooting and here’s the first weird thing I noticed: When I sutdown Adguard (as in stopping the docker container it’s running in on my server), I still can connect to the internet on my Windows machine. This shouldn’t be happening, no? I set both DNS entries (main and fallback) to the same IP, where no DNS server should be running and I still got to browse the web?

So, is Windows lying to me and has a secret fallback DNS somewhere that get’s used when the entries don’t work? Do I not understand how this all should work?

Or - and here my specific router/modem comes into play - my hardware get’s around DNS entries. I do have a “hybrid modem” which connects to the internet using both fiber DSL and LTE at the same time to get extra bandwith and speed. The customer support forum of my ISP revealed that due to the nature of this “dual line internet connection” DNS entries are fixed on the router and cannot be changed by the user.

I still think the settings in Windows should take precedence, but admittedly I have no real understanding how this is all supposed to work in detail.

So, question: how could I get Adguard to work on a VPS without being able to set DNS entries on my router? Would using a second router get around this (i.e. using the router of my ISP just as a modem and do my home network/wifi from this second router)? And why would Win11 still connect to the internet with supposedly broken DNS entries?

  • dud3@feddit.de
    link
    fedilink
    English
    arrow-up
    7
    ·
    1 year ago

    You should never expose a DNS server publicly. Connect to your VPS through a VPN like Wireguard.

    Do you have a second DNS server configured in Windows which it could use as a fallback?

    • Solvena@lemmy.worldOP
      link
      fedilink
      English
      arrow-up
      1
      ·
      edit-2
      1 year ago

      Yes, the final setup would be to run Adguard on a docker container and have this container be in a VPN. I’m not sure yet, how I would do that without messing up the other things already running on that VPS. Maybe I will go for Raspberry to run adguard at home.

      Edit: I have set the second DNS in Windows to the same IP, so it shouldn’t have a fallback.

  • emhl@feddit.de
    link
    fedilink
    English
    arrow-up
    5
    ·
    1 year ago

    You should probably run Adguard home inside your home network. And can you disable your routers DHCP server? Then you can use Adguard home for that. The DHCP server assigns every computer inside the network it’s IP address and DNS server

  • z3bra@lemmy.sdf.org
    link
    fedilink
    English
    arrow-up
    4
    ·
    1 year ago

    Windows does DNS cache by default, so it could be that many domains are still in your local cache. First change your DNS settings, then clear the cache with ipconfig /flushdns.

  • mspencer712@lemmy.fmhy.ml
    link
    fedilink
    English
    arrow-up
    5
    arrow-down
    1
    ·
    1 year ago

    Some browsers have an option for DNS over https, and might be skipping your system DNS settings. Other advice is right too: run this locally and don’t expose it to public internet queries.

  • Molecular0079@lemmy.world
    link
    fedilink
    English
    arrow-up
    2
    ·
    edit-2
    1 year ago

    Gave me a fixed IP in my home network

    You don’t need to have a fixed IP for your client machines.

    What does ipconfig /all list as your DNS servers? Also, double check your browser’s DNS Over HTTPS setting. Depending on what it is set to, you might be accidentally bypassing your configured DNS server.

    To verify which DNS you’re actually contacting, you can go to ipleak.net to check.

  • mvee@lemmy.ml
    link
    fedilink
    English
    arrow-up
    1
    ·
    1 year ago

    Interesting, I would start with a Wireshark capture of the dns traffic to get a better idea of what’s going on.