Hi there, I’m trying to set up AdGuard home and it doesn’t seem to work properly. Maybe I’m getting it wrong on how it’s supposed to work, but I’m kinda confused right now and it seems to me than Win11 is lying to me about my DNS entries …

Here’s my setup: as I have a VPS server already, I wanted to try and use it for Adguard as well. Installation there was straightforward enough and I have it up running and it has a static IP that I would use now as a DNS server, routing my traffic through it.

Now, all tutorials say that one should set the DNS entries on the router that connects to the Internet, but this option is not enabled on my router (more about this later on).

I thought, no worries, I will deal with the router situation later and just see how Adguard works with a single computer. So I went into network settings of my Win11 machine and configured my IP settings manually. Gave me a fixed IP in my home network and used the static IP from my adguard server for DNS entries. But this didn’t seem to do anything. Still got ad’s everywhere although my Adguard dashboard showed a lot of blocked domains (clearly identifiable as ad-servers by their name).

Ok, I went to troubleshooting and here’s the first weird thing I noticed: When I sutdown Adguard (as in stopping the docker container it’s running in on my server), I still can connect to the internet on my Windows machine. This shouldn’t be happening, no? I set both DNS entries (main and fallback) to the same IP, where no DNS server should be running and I still got to browse the web?

So, is Windows lying to me and has a secret fallback DNS somewhere that get’s used when the entries don’t work? Do I not understand how this all should work?

Or - and here my specific router/modem comes into play - my hardware get’s around DNS entries. I do have a “hybrid modem” which connects to the internet using both fiber DSL and LTE at the same time to get extra bandwith and speed. The customer support forum of my ISP revealed that due to the nature of this “dual line internet connection” DNS entries are fixed on the router and cannot be changed by the user.

I still think the settings in Windows should take precedence, but admittedly I have no real understanding how this is all supposed to work in detail.

So, question: how could I get Adguard to work on a VPS without being able to set DNS entries on my router? Would using a second router get around this (i.e. using the router of my ISP just as a modem and do my home network/wifi from this second router)? And why would Win11 still connect to the internet with supposedly broken DNS entries?

  • z3bra@lemmy.sdf.org
    link
    fedilink
    English
    arrow-up
    1
    ·
    1 year ago

    tl;dr: attackers use open recursive DNS resolvers to amplify DDoS attacks.

    Thanks for the link, I didn’t know about this technique. It only applies to recursive DNS though, not authoritative ones.