Which DNS Server?

SandLake · Jul 29, 2022, 5:02 PM

My x85 PfSense router is 192.168.1.1 and my Synology NAS is 192.168.1.100, they both have Adguard Home running on them.

On the PfSense dashboard my DNS Servers are listed as
127.0.0.1
192.168.1.1
192.168.1.100

In the DNS Server Setting, the DNS Resolution Behavoiur is set to 'Use local DNS (127.0.0.1), fall back to remote DNS Servers (Default)

I assume 127.0.0.1 is actually 192.168.1.1?

SteveITS · Jul 29, 2022, 5:10 PM

127.0.0.1 is "localhost" meaning "myself." Technically that is a different address than 192.168.1.1 as DNS (or any other service) can be configured to listen on one and not the other.

the other · Jul 29, 2022, 5:11 PM

hey there,
yeah, it's the localhost adress of your machine.

How did you install adguard? Did not see that in available packets list?

My personal choice would be to let everything infrastructure related work on your router (dns, dhcp, vpn, etc). These days many NAS can do all that too, but imho a NAS is...well...a NAS. Why send all kinda stuff thru your precious NAS, home to your valuable (?) files and music and pictures and such?
But, as mentioned, thats jm2c
:)

SandLake · Jul 29, 2022, 5:22 PM

I followed this guide

https://broadbandforum.co/threads/installing-adguard-home-on-pfsense.205884/

There was some funny behaviour around the 'Listen Port' but it is working.

I don't understand the details of DNS, my NAS is listed as the 2nd DNS Server so does it actually get used? Is it not a backup in case the 1st DNS Server is not available - so not a significant usage?

the other · Jul 29, 2022, 5:40 PM

@sandlake
hey there,
as mentioned...considering home usage it most often ends up with personal choice, imho.

Sure, you could use your NAS DNS Server as a backup in case pfsense breaks...but then, in case pfsense breaks you might have a whole bunch of other problems as well (routing, vlan, dhcp, door to internet services etc).

So, since I am a rather lazy guy and have a life besides sitting in my lab at home, checking, measuring and yet again configure my IT stuff, I vote for good old KISS.

Or short: if you wonder about "do i need that second dns server on my nas?", you probably don't.
:)

edit: considering adguard....thanx for the link.
I just use pfblocker_ng after long years with pihole and unbound on a raspberry. The former run well, then I decided to switch to pfblocker_ng dev and after some time staring at each other it works just fine for my needs. Plus: a very much alive crowd of users here and it is supported.

NogBadTheBad · Jul 29, 2022, 6:03 PM

This post is deleted!

stephenw10 · Jul 29, 2022, 8:07 PM

If you have pfSense set to 'use local, fall back to remote' then the firewall itself will always try to use Unbound locally first. What that uses depends on how it's configured. What hosts behind pfSense use could also be different.
Is there something failing here?

Steve

SandLake · Jul 29, 2022, 8:58 PM

I appear to have stumbled into something (the use of Unbound), for which I am going to have to do some research, looks like a local instance of a DNS Server somehow.
I see now that DNS Server 1 (192.168.1.1 - PfSense Router) is not receiving any DNS Queries so something isn't right - or maybe it is being handled by Unbound!

stephenw10 · Jul 29, 2022, 9:06 PM

Where are you seeing that? What are you seeing?

There is only one instance of Unbound it just listens on all local interface IPs. By default clients on LAN are passed the LAN interface address (192.168.1.1) to use for DNS. So unless you have set a different server to use in DHCP or manually on the clients I'd expect to see queries on 192.168.1.1.

Steve

SandLake · Jul 29, 2022, 9:30 PM

I have changed DNS Resolution Behavior to - Use remote DNS Servers, ignore local DNS (screenshot attached)

The Dashboard is now showing

DNS server(s)
192.168.1.1
192.168.1.100
(screenshot attached)

The Adguard Home Dashboard on 192.168.1.1 is showing no queries (screenshot attached)

Services/DHCP Server/LAN has no DNS Server set (screenshot attached)

FWIW ipconfig is showing DNS Server as 192.168.1.1

Something is resolving DNS - it's now a problem for tomorrow!!

stephenw10 · Jul 29, 2022, 9:42 PM

I've never run Adguard so I have no idea if it works.

The DNS setting in System > General setup applies only to queries from the firewall itself. It does not affect queries from LAN side clients.

Steve

the other · Jul 29, 2022, 11:27 PM

@sandlake
Hey there,
There might be no queries and localhost has vansihed from listed dns servers, because you changed system global settings from
"Use local dns, fall back to..." to now "Use remote dns servers, ignore local"
...so no more localhost.
:)