DNSFilter goes insane on XT12

[Wonko]

Greetings, all...

I updated my XT12 router and node to Merlin mainly to be able to use DNSFilter to force all DNS traffic to my Adguard Home DNS server and stop hardcoded DNS usage.

When I enable DNSFilter, my XT12 goes crazy and hits my AGH with thousands of requests per second. It seems to pick whatever DNS request was first in the queue and hammers it. In the last try at enabling, time.apple.com was the chosen one.

Based on my understanding of Merlin, you can enable it in "Router" mode and it should just work. I've tried also specifying my AGH IP in "Custom (user-defined) DNS 1" and "...2", but neither of those options make a difference. Whenever I turn on DNSFilter, the router tries to kill my AGH.

Either I am doing something stupid (most likely), or things aren't working as expected? Relevant details below, if there is anything that I'm doing wrong? Thank you for any pointers...

Router (gateway and DHCP): 192.168.1.1
AGH: 192.168.1.153

AGH DNS Settings

Private reverse DNS servers: 192.168.1.1
Use private reverse DNS resolvers: Enabled
Enable reverse resolving of clients IP addresses: Enabled
Blocking mode: REFUSED
Upstream DNS servers: (various external services)

Router Settings:

LAN DHCP: DNS Server 1: 192.168.1.153
LAN DHCP: DNS Server 2: Empty
Advertise router's IP in addition to user-specified DNS: No

WAN: DNS Server: 192.168.1.153, 192.168.1.153
WAN: Forward local domain queries to upstream DNS: No
WAN: Enable DNS Rebind protection: Yes

 

[SomeWhereOverTheRainBow]

Greetings, all...

I updated my XT12 router and node to Merlin mainly to be able to use DNSFilter to force all DNS traffic to my Adguard Home DNS server and stop hardcoded DNS usage.

When I enable DNSFilter, my XT12 goes crazy and hits my AGH with thousands of requests per second. It seems to pick whatever DNS request was first in the queue and hammers it. In the last try at enabling, time.apple.com was the chosen one.

Based on my understanding of Merlin, you can enable it in "Router" mode and it should just work. I've tried also specifying my AGH IP in "Custom (user-defined) DNS 1" and "...2", but neither of those options make a difference. Whenever I turn on DNSFilter, the router tries to kill my AGH.

Either I am doing something stupid (most likely), or things aren't working as expected? Relevant details below, if there is anything that I'm doing wrong? Thank you for any pointers...

Router (gateway and DHCP): 192.168.1.1
AGH: 192.168.1.153

AGH DNS Settings

Private reverse DNS servers: 192.168.1.1
Use private reverse DNS resolvers: Enabled
Enable reverse resolving of clients IP addresses: Enabled
Blocking mode: REFUSED
Upstream DNS servers: (various external services)

Router Settings:

LAN DHCP: DNS Server 1: 192.168.1.153
LAN DHCP: DNS Server 2: Empty
Advertise router's IP in addition to user-specified DNS: No

WAN: DNS Server: 192.168.1.153, 192.168.1.153
WAN: Forward local domain queries to upstream DNS: No
WAN: Enable DNS Rebind protection: Yes

Leave WAN DNS set to automatic.

Only set your LAN DNS 1 to AdGuardHome.

Make sure advertise router IP for DNS is set to NO.

Make sure DNSFILTER's Global Rule is set to "ROUTER".

Add a custom rule to the DNSFILTER custom rule list that ensures AdGuardHome IP is set to "NO-FILTER".

The specific traffic that is "Hammering" your AdGuardHome, is the router itself traffic from setting "WAN" DNS to your AdGuardHome.

WAN DNS is the DNS used by the router and by extension, the routers services. Clients don't use WAN DNS, unless you have them pointed at the ROUTER in LAN DNS. However, this is not the case since you have "Advertise Router's IP in addition to Userspecified DNS set to NO".

 

[Wonko]

Leave WAN DNS set to automatic.

Only set your LAN DNS 1 to AdGuardHome.

Make sure advertise router IP for DNS is set to NO.

Make sure DNSFILTER is set to "ROUTER".

Add a custom rule to the DNSFILTER custom rule list that ensures AdGuardHome IP is set to "NO-FILTER".

The specific traffic that is "Hammering" your AdGuardHome, is the router itself traffic from setting "WAN" DNS to your AdGuardHome.

WAN DNS is the DNS used by the router and by extension, the routers services. Clients don't use WAN DNS, unless you have them pointed at the ROUTER in LAN DNS. However, this is not the case since you have "Advertise Router's IP in addition to Userspecified DNS set to NO".

THANK YOU! Works perfectly now... your name shall be cheered far and wide, at least in my home.

 

[SomeWhereOverTheRainBow]

Greetings, all...

I updated my XT12 router and node to Merlin mainly to be able to use DNSFilter to force all DNS traffic to my Adguard Home DNS server and stop hardcoded DNS usage.

When I enable DNSFilter, my XT12 goes crazy and hits my AGH with thousands of requests per second. It seems to pick whatever DNS request was first in the queue and hammers it. In the last try at enabling, time.apple.com was the chosen one.

Based on my understanding of Merlin, you can enable it in "Router" mode and it should just work. I've tried also specifying my AGH IP in "Custom (user-defined) DNS 1" and "...2", but neither of those options make a difference. Whenever I turn on DNSFilter, the router tries to kill my AGH.

Either I am doing something stupid (most likely), or things aren't working as expected? Relevant details below, if there is anything that I'm doing wrong? Thank you for any pointers...

Router (gateway and DHCP): 192.168.1.1
AGH: 192.168.1.153

AGH DNS Settings

Private reverse DNS servers: 192.168.1.1
Use private reverse DNS resolvers: Enabled
Enable reverse resolving of clients IP addresses: Enabled
Blocking mode: REFUSED
Upstream DNS servers: (various external services)

Router Settings:

LAN DHCP: DNS Server 1: 192.168.1.153
LAN DHCP: DNS Server 2: Empty
Advertise router's IP in addition to user-specified DNS: No

WAN: DNS Server: 192.168.1.153, 192.168.1.153
WAN: Forward local domain queries to upstream DNS: No
WAN: Enable DNS Rebind protection: Yes

Keep in mind you could also just use my script to run adguardhome on the router itself.

AdGuardHome - [RELEASE] Asuswrt-Merlin-AdGuardHome-Installer (AMAGHI)

Asuswrt-Merlin-AdGuardHome-Installer The Official Installer of AdGuardHome for Asuswrt-Merlin Requirements: ARM based ASUS routers (not bridges or access points) that use Asuswrt-Merlin Firmware JFFS support and enabled REQUIRES ENTWARE(!) for package management, and a separate USB drive for...

www.snbforums.com

 

[Wonko]

The XT12 does not have a USB port, unfortunately, so can't do any external file systems. Seems like a bit of a miss on a piece of kit that costs this much, but I am sure Asus had their reasons.

 

[SomeWhereOverTheRainBow]

The XT12 does not have a USB port, unfortunately, so can't do any external file systems. Seems like a bit of a miss on a piece of kit that costs this much, but I am sure Asus had their reasons.

That is sad to hear. I am glad you have something that is working. You are still free share or use adguardhome configuration tips with us over in the addon's section. Your advice may prove to be invaluable to other users. Either way I am glad I could provide a helping hand. I hope you continue to share your experiences with the forum.