starred/AdGuardHome

Fork 0

mirror of https://github.com/AdguardTeam/AdGuardHome.git synced 2026-03-04 00:01:12 -05:00

DNS rewrite rules to the local ip via router are not working #1879

New issue

Closed

opened 2026-03-04 01:36:35 -05:00 by deekerman · 3 comments

deekerman commented

2026-03-04 01:36:35 -05:00

Owner

Originally created by @sandzhaj on GitHub (Aug 13, 2020).

Prerequisites

I am running the latest version
I checked the documentation and found no answer
I checked to make sure that this issue has not already been filed

Issue Details

Version of AdGuard Home server:
- v0.103.3 (docker)
How did you setup DNS configuration:
- Router
If it's a router or IoT, please write device model:
- Keenetic ultra kn-1810

My setup

centos pc (as a server) (with ip 192.168.1.101)
adguard docker container in bridge mode, but with 53:53 port forwarding
router (192.168.1.1) with disabled any other dns servers, except adguard (101)
client devices with dns point 192.168.1.1

The problem is

DNS rewrite rules to the local ip via router are not working

When I make a request for the real (with external ip), I get this ip. I can make request to my router or direct to the adguard (101) That works
I create DNS rewrite rule check -> 172.217.16.46.
Now if I make request through the router, i get a strange message. ** server can't find check: REFUSED

But, I don't care. I get the response IP and site opens
I want to create some rules with the local ip's. Lets make check -> 192.168.1.104
And I couldn't make it work through the router. I'll get the same error, but without a response

But i can see that request in querry log
Through the router:

Directly to the adguard server Look, we have to records in log for 1 request (via the router we have only one):

What will be great

I want to use default network configuration on my devices (which use router for the dns queries)
And i want to access my local resources with a name.
I don't want to configure all my devices to the adguard server, because in that case it is the similar as making some lines in /etc/hosts

I understand that it could be an issue from the router side, but at the same time - any other responses are working, so maybe it is a problem with an adguard responses

Originally created by @sandzhaj on GitHub (Aug 13, 2020).  ### Prerequisites - [x] I am running the latest version - [x] I checked the documentation and found no answer - [x] I checked to make sure that this issue has not already been filed ### Issue Details  * **Version of AdGuard Home server:** * v0.103.3 (docker) * **How did you setup DNS configuration:** * Router * **If it's a router or IoT, please write device model:** * Keenetic ultra kn-1810 ### My setup 1. centos pc (as a server) (with ip 192.168.1.101) 2. adguard docker container in bridge mode, but with 53:53 port forwarding 3. router (192.168.1.1) with disabled any other dns servers, except adguard (101) 4. client devices with dns point 192.168.1.1 ### The problem is **DNS rewrite rules to the local ip via router are not working** 1. When I make a request for the real (with external ip), I get this ip. I can make request to my router or direct to the adguard (101) That works ![image](https://user-images.githubusercontent.com/13132782/90189921-b8170180-ddc6-11ea-8a44-a352bad78056.png) 2. I create DNS rewrite rule `check -> 172.217.16.46`. Now if I make request through the router, i get a strange message. `** server can't find check: REFUSED` ![image](https://user-images.githubusercontent.com/13132782/90190234-4db29100-ddc7-11ea-843a-f12ca2f578b1.png) But, I don't care. I get the response IP and site opens 3. I want to create some rules with the local ip's. Lets make `check -> 192.168.1.104` And I couldn't make it work through the router. I'll get the same error, but without a response ![image](https://user-images.githubusercontent.com/13132782/90190477-bd288080-ddc7-11ea-91b6-0f60745f75a2.png) But i can see that request in querry log **Through the router**: ![image](https://user-images.githubusercontent.com/13132782/90190622-0b3d8400-ddc8-11ea-8a62-b94517f73ea6.png) **Directly to the adguard server** Look, we have to records in log for 1 request (via the router we have only one): ![image](https://user-images.githubusercontent.com/13132782/90190858-75562900-ddc8-11ea-8f31-2dd848d563cd.png) ### What will be great I want to use default network configuration on my devices (which use router for the dns queries) And i want to access my local resources with a name. I don't want to configure all my devices to the adguard server, because in that case it is the similar as making some lines in /etc/hosts I understand that it could be an issue from the router side, but at the same time - any other responses are working, so maybe it is a problem with an adguard responses

deekerman

2026-03-04 01:36:35 -05:00

closed this issue
added the
wontfix
label

deekerman commented

2026-03-04 01:36:44 -05:00

Author

Owner

@szolin commented on GitHub (Aug 14, 2020):

It seems like your router doesn't send AAAA request for check host name, but replies to you with REFUSED instead. This may be a router's configuration issue. You have to find our what causes your router to behave this way. AGH works fine and replies to AAAA request as it should - your screenshot proves that.

I only can suggest to try e.g. check.local or check.com instead of check.

@szolin commented on GitHub (Aug 14, 2020): It seems like your router doesn't send AAAA request for `check` host name, but replies to you with REFUSED instead. This may be a router's configuration issue. You have to find our what causes your router to behave this way. AGH works fine and replies to AAAA request as it should - your screenshot proves that. I only can suggest to try e.g. `check.local` or `check.com` instead of `check`.

deekerman commented

2026-03-04 01:36:44 -05:00

Author

Owner

@sandzhaj commented on GitHub (Aug 14, 2020):

This may be a router's configuration issue

But why router sends AAAA with any other domains that are not in rewrite rules? Like for google?
If in one case router sends, and in another case it doesn't, I supposed to think, that in that cases AGH responses differ

I only can suggest to try e.g. check.local or check.com instead of check.

I tried with mydomain.org, subdomain.mydomain.org

Even with google.com, if I create a rewrite (google.com -> 192.168.1.106), I'll get the strange behavior
Direct:

$ nslookup google.com 192.168.1.101
Server:		192.168.1.101
Address:	192.168.1.101#53

Non-authoritative answer:
Name:	google.com
Address: 192.168.1.106

Via router:

$ nslookup google.com 192.168.1.1  
Server:		192.168.1.1
Address:	192.168.1.1#53

Non-authoritative answer:
Name:	google.com
Address: 172.217.16.46
** server can't find google.com: REFUSED

@sandzhaj commented on GitHub (Aug 14, 2020): > This may be a router's configuration issue But why router sends AAAA with any other domains that are not in rewrite rules? Like for google? If in one case router sends, and in another case it doesn't, I supposed to think, that in that cases AGH responses differ > I only can suggest to try e.g. check.local or check.com instead of check. I tried with mydomain.org, subdomain.mydomain.org Even with google.com, if I create a rewrite (google.com -> 192.168.1.106), I'll get the strange behavior Direct: ``` $ nslookup google.com 192.168.1.101 Server: 192.168.1.101 Address: 192.168.1.101#53 Non-authoritative answer: Name: google.com Address: 192.168.1.106 ``` Via router: ``` $ nslookup google.com 192.168.1.1 Server: 192.168.1.1 Address: 192.168.1.1#53 Non-authoritative answer: Name: google.com Address: 172.217.16.46 ** server can't find google.com: REFUSED ```

deekerman commented

2026-03-04 01:36:44 -05:00

Author

Owner

@stale[bot] commented on GitHub (Oct 13, 2020):

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

@stale[bot] commented on GitHub (Oct 13, 2020): This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

No milestone

No project

No assignees

1 participant

Notifications

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

starred/AdGuardHome#1879

No description provided.

Rows
Columns