Am I reading this right that you can set up wireguard to filter all DNS queries from adguardhome? I know you can use wireguard to browse and whatever using adguard recursively with argo tunnel. If it is possible to point adguard at a wiregaurd network, I would love to know how. Many thanks!
@dankkster said:
Am I reading this right that you can set up wireguard to filter all DNS queries from adguardhome? I know you can use wireguard to browse and whatever using adguard recursively with argo tunnel. If it is possible to point adguard at a wiregaurd network, I would love to know how. Many thanks!
install wireguard, use Nyr/wireguard-install, write down your host IP (like 10.7.0.1)
install adguard, make sure to listen at there -> 10.7.0.1
change your wireguard conf file to use DNS at 10.7.0.1
Anti-DNS amplification features
ratelimit — DDoS protection, specifies in how many packets per second a client should receive. Anything above that is silently dropped. To disable set 0, default is 20. Safe to disable if DNS server is not available from internet.
ratelimit_whitelist — If you want exclude some IP addresses from ratelimiting but keep ratelimiting on for others, put them here.
Fuck this 24/7 internet spew of trivia and celebrity bullshit.
@Encoders said:
this way, as long as wireguard is connected, it'll tell the connection to send dns request to 10.7.0.1, or where your adguard installation at
Perfect! I already had wireguard installed and I checked that it is indeed with the script from Nyr. So it looks like a simple matter of changing the config file to the proper dns IP. And I guess making wireguard run as a service?
Also I have it set up recursive, so adguard is pointing to 127.0.0.1 currently.
127.0.0.1:5335 127.0.0.1:5053 127.0.0.1:8053
The wg0.conf interface address is already 10.7.0.1/24. So I also add the interface DNS address as 10.7.0.1? Here is my current config. I may need to redo. Just let me know.
Lastly - Would using cloudflared with this hinder/help? I have a guide that I used to get recursive DNS going with adguardhome/unbound/stubby with cloudflared. The wireguard install was also part of the guide, but did not (to my knowledge) include having queries sent through it.
@dankkster said: So it looks like a simple matter of changing the config file to the proper dns IP. And I guess making wireguard run as a service?
iirc by using the install script, your wireguard server is run as service by default
@dankkster said: The wg0.conf interface address is already 10.7.0.1/24. So I also add the interface DNS address as 10.7.0.1?
yeah like that. inside AdGuardHome.yaml you'll see the bind_host config, make sure your 10.7.0.1 is at there so AdGuard will also listen into DNS traffic at there
dns:
bind_hosts:
- 10.7.0.1
- some other IP
@dankkster said: Here is my current config. I may need to redo. Just let me know.
You don't change the wireguard server config at all. in fact, don't change it lol. what you need to modify is the installer script itself
in your opinion, would using cloudflared with this hinder/help? I have a guide that I used to get recursive DNS going with adguardhome/unbound/stubby with cloudflared. The wireguard install was also part of the guide, but did not (to my knowledge) include having queries sent through it.
Just want to know if I need to nix the CF tunnel since I will basically be using... a tunnel lol
in your opinion, would using cloudflared with this hinder/help? I have a guide that I used to get recursive DNS going with adguardhome/unbound/stubby with cloudflared. The wireguard install was also part of the guide, but did not (to my knowledge) include having queries sent through it.
Just want to know if I need to nix the CF tunnel since I will basically be using... a tunnel lol
cloudflared probably only useful to manage the web access. IIRC from the documentation cloudflare only proxy traffic that comes to port 80 or 443, never heard / read documentation about it where they also accept DNS/port53 traffic
Fuck this 24/7 internet spew of trivia and celebrity bullshit.
@Encoders said:
cloudflared probably only useful to manage the web access. IIRC from the documentation cloudflare only proxy traffic that comes to port 80 or 443, never heard / read documentation about it where they also accept DNS/port53 traffic
Ok, thanks. I have removed the tunnel for now and will try the wireguard option again. It did not work last try.
Comments
Am I reading this right that you can set up wireguard to filter all DNS queries from adguardhome? I know you can use wireguard to browse and whatever using adguard recursively with argo tunnel. If it is possible to point adguard at a wiregaurd network, I would love to know how. Many thanks!
your config file will looks like this
this way, as long as wireguard is connected, it'll tell the connection to send dns request to 10.7.0.1, or where your adguard installation at
Fuck this 24/7 internet spew of trivia and celebrity bullshit.
speaking of amplification this just hapens to me recently
surprised this doesn't mentioned in first page
https://github.com/AdguardTeam/AdGuardHome/wiki/Configuration
Fuck this 24/7 internet spew of trivia and celebrity bullshit.
Perfect! I already had wireguard installed and I checked that it is indeed with the script from Nyr. So it looks like a simple matter of changing the config file to the proper dns IP. And I guess making wireguard run as a service?
Also I have it set up recursive, so adguard is pointing to 127.0.0.1 currently.
127.0.0.1:5335 127.0.0.1:5053 127.0.0.1:8053
The wg0.conf interface address is already 10.7.0.1/24. So I also add the interface DNS address as 10.7.0.1? Here is my current config. I may need to redo. Just let me know.
`# Do not alter the commented lines
They are used by wireguard-install
ENDPOINT - WAN-IP
[Interface]
Address = 10.7.0.1/24
PrivateKey = Private Key
ListenPort = Port
BEGIN_PEER
[Peer]
PublicKey = Public Key
PresharedKey = Preshared Key
AllowedIPs = 10.7.0.2/32
END_PEER`
Lastly - Would using cloudflared with this hinder/help? I have a guide that I used to get recursive DNS going with adguardhome/unbound/stubby with cloudflared. The wireguard install was also part of the guide, but did not (to my knowledge) include having queries sent through it.
ran out of time to edit and fix the large font - apologies
iirc by using the install script, your wireguard server is run as service by default
yeah like that. inside AdGuardHome.yaml you'll see the bind_host config, make sure your 10.7.0.1 is at there so AdGuard will also listen into DNS traffic at there
You don't change the wireguard server config at all. in fact, don't change it lol. what you need to modify is the installer script itself
In this line wireguard-install.sh#L102
Change that to "AdGuard Self-Host" or something
then in this line wireguard-install.sh#L134
change
dns="94.140.14.14, 94.140.15.15"
to
dns="10.7.0.1"
so the next time you re-run to add the new client, you'll automatically get DNS with 10.7.0.1 by using option 6 that you just modify
Fuck this 24/7 internet spew of trivia and celebrity bullshit.
awesome. I will do that asap!
in your opinion, would using cloudflared with this hinder/help? I have a guide that I used to get recursive DNS going with adguardhome/unbound/stubby with cloudflared. The wireguard install was also part of the guide, but did not (to my knowledge) include having queries sent through it.
Just want to know if I need to nix the CF tunnel since I will basically be using... a tunnel lol
cloudflared probably only useful to manage the web access. IIRC from the documentation cloudflare only proxy traffic that comes to port 80 or 443, never heard / read documentation about it where they also accept DNS/port53 traffic
Fuck this 24/7 internet spew of trivia and celebrity bullshit.
Ok, thanks. I have removed the tunnel for now and will try the wireguard option again. It did not work last try.