AdGuard can't connect to private reverse DNS servers that is my router

[k-matti]

Prerequisites

• I have checked the Wiki and Discussions and found no answer

• I have searched other issues and found no duplicates

• I want to report a bug and not ask a question or ask for help

• I have set up AdGuard Home correctly and configured clients to use it. (Use the Discussions for help with installing and configuring clients.)

Platform (OS and CPU architecture)

Linux, ARM64

Installation

Docker

Setup

On one machine

AdGuard Home version

v0.107.55

Action

I am trying to set up "Private reverse DNS servers" as my router option, but Test upstreams button gets me an error:

Error from adguard docker logs:

ERROR response received addr=192.168.0.1:53 proto=udp status="exchanging with 192.168.0.1:53 over udp: read udp 192.168.1.110:57546->192.168.0.1:53: i/o timeout"
2025/01/22 12:00:59.597353 [error] dnsproxy: exchange failed upstream=192.168.0.1:53 question=";b._dns-sd._udp.0.0.168.192.in-addr.arpa.\tIN\t PTR" duration=2.000459004s err="exchanging with 192.168.0.1:53 over udp: read udp 192.168.1.110:57546->192.168.0.1:53: i/o timeout"

Expected result

No error when setup private upstream server

Actual result

Error when setup private upstream server

Additional information and/or screenshots

No response

[he-pennypacker]

You are trying to get Adguard Home to use your router as a private reverse DNS? What is your router? Not all routers support this option. For example, TP-Link Deco does not.

[k-matti]

My router is UBIQUITI ER-X. I have a second Adguard with 192.168.0.110 IP and there is no error when I use my router IP (192.168.0.1). The problem I have with the Adguard with 192.168.1.110 IP, error as above when using the router IP.

[he-pennypacker]

Is the 192.168.0.1 (router) address routable from 192.168.1.110 (Adguard 2)? If you're running Adguard on Docker you can connect to the docker shell and ping 192.168.0.1 to see.

Edit: the last part of your log suggests it's not - 192.168.1.110:57546->192.168.0.1:53: i/o timeout

[k-matti]

Yes, I can ping router from 192.168.1.110 also blocking works fine for both AdGuard main on 192.168.0.110 and backup on 192.168.1.110

[he-pennypacker]

Hmmm, the last thing I can suggest is two items from this post: #6928

1. Second last post - host file messiness on the Unifi gateway
2. Last post - resolve_clients: true option in AdGuardHome.yaml

Good luck!

[mcarver]

Hello I'm troubleshooting a similar problem with my clients resolving and noticed that resolve_clients: true option in AdGuardHome.yaml doesn't exist at all, even though the box is checked in the UI.

To confirm this, I first looked for the setting and found it documented here: https://github.com/AdguardTeam/Adguardhome/wiki/Configuration#client-lookups

Then I performed these tests:

• I went into the UI and unchecked the box, saved. Result: nothing in the yaml file, no resolve_clients option either true or false.
• I went into the UI and checked the box, saved. Result: nothing in the yaml file, no resolve_clients option either true or false.
• Manually edited the yaml file and added resolve_clients: true, restarted AGH. Result: the resolve_clients: true line I added was removed by AGH on startup. Again the option doesn't exist in the file right after restarting.
• I installed Docker Desktop on a fresh Windows 11 machine, ran AGH latest and the option doesn't exist in the file on startup, but the box is checked in the UI.

Not sure if these tests are conclusive but I think there might be a problem with this configuration option.

EDIT: The option for the resolve_clients seems to be missing from this source file in AGH:

AdGuardHome/internal/home/config.go

Lines 218 to 242 in d3dea0f

	// PrivateNets is the set of IP networks for which the private reverse DNS
	// resolver should be used.
	PrivateNets []netutil.Prefix `yaml:"private_networks"`
	// UsePrivateRDNS enables resolving requests containing a private IP address
	// using private reverse DNS resolvers. See PrivateRDNSResolvers.
	//
	// TODO(e.burkov): Rename in YAML.
	UsePrivateRDNS bool `yaml:"use_private_ptr_resolvers"`
	// PrivateRDNSResolvers is the slice of addresses to be used as upstreams
	// for private requests. It's only used for PTR, SOA, and NS queries,
	// containing an ARPA subdomain, came from the the client with private
	// address. The address considered private according to PrivateNets.
	//
	// If empty, the OS-provided resolvers are used for private requests.
	PrivateRDNSResolvers []string `yaml:"local_ptr_upstreams"`
	// UseDNS64 defines if DNS64 should be used for incoming requests. Requests
	// of type PTR for addresses within the configured prefixes will be resolved
	// via [PrivateRDNSResolvers], so those should be valid and UsePrivateRDNS
	// be set to true.
	UseDNS64 bool `yaml:"use_dns64"`
	// DNS64Prefixes is the list of NAT64 prefixes to be used for DNS64.

. Looks like a bug OR possibly an unfinished "TODO".

[ainar-g]

@k-matti, ping uses ICMP, not UDP. Have you tried actually accessing the DNS server from the machine running AGH? That is:

dig @192.168.0.1 'example.com'

@mcarver, same thing. Please make sure that the address actually serves DNS on the address you're trying to use. There should be no need for any manual config editing for this to work.

[mcarver]

@ainar-g was the resolve_clients setting removed or deprecated? It never exists in the YAML file, no matter what you do in the UI. If you add it to the YAML file, it is removed when AGH starts.

EDIT: I'm using the latest Docker image and the UI shows AGH v0.107.56.

[ainar-g]

It was moved over two years ago, see https://github.com/AdguardTeam/AdGuardHome/blob/d3dea0f46cda81dadf9cc597969f459e016368b8/CHANGELOG.md#configuration-changes-10. The documentation on that page seems outdated, and I'll fix that. Thanks for reporting!

[mcarver]

@ainar-g makes sense to me. Thank you!