AdGuard Home running in pfSense
-
I get the basic setup
Public DNS > unbound (pfsense) > AdGuard server > client
I setup AdGuard home on my unraid server and it worked just fine. Until I had a power outage and my server was shutdown and I tried shouting off my NVR and had no DNS facepalm lol.
Anyways I want to put AdGuard on my appliance so it's an all-in-one solution/box (protectli) boots all together and 'just works'.
I know I could use pfBlockerNG but I really like the AdGuard GUI and such.
I'm following this guide
https://bobcares.com/blog/adguard-pfsense/I want to understand what is going on better.
My question is I understand the big picture, but not the interconnections.
Would someone like to walk me through some of the reasoning in that guide?
- Why are we pointing unbound to loopback?
- Why can't I just set AdGuard to listen on all interfaces for DNS requests, why set it to loopback?
- Why wouldn't I just leave admin interface at port 3000?
- Why set DHCP registration & static DNS in the resolver?
- There's a whole section to make AdGuard boot on start. The AdGuard install script says its already setup to start.
- Etc. Etc.
I read through this thread and didn't find it super helpful. (I was able to setup AdGuard as a separate server/IP)
https://forum.netgate.com/topic/178239/ad-guard-with-pfsenseWhat id like to do is just set in DHCP server my AdGuard IP and be done.
I'm still slightly confused why unbound is necessary.
-
@lightingman117 It feels like asking for trouble if you install unsupported packages inside pfsense... I am running pfsense as a VM under Proxmox which has worked fine for a few years now. With such a setup you can run any number of additional "packages" as separate VM's on the same machine, all booting up and working in unison.
Such a setup should work perfectly fine on a Protectly machine...I then have AdGuard Home running as a VM and simply set all DHCP clients in pfsense so that their DNS is the AdGuard IP. AdGuard is not a DNS resolver, just a blocker/filtering service so it needs to point to a DNS service. You don't need to use pfsense resolver (unbound) but you can if you like, simply by setting the IP as the upstream DNS in AdGuard.
Then if you find it useful you can use pfBlockerNG to do additional filtering, like GeoBlocking.