avatarLife-is-short--so--enjoy-it

Summary

The article discusses methods for adding local DNS entries in AdGuard, comparing "DNS Rewrite" and "Custom filtering rules" for managing local domain name resolution on a Raspberry Pi 4 setup.

Abstract

The author has been utilizing AdGuard on a Raspberry Pi 4 for several weeks, finding it stable and reliable. The article explores two methods for adding local DNS entries to AdGuard: custom filtering rules and DNS Rewrite. Initially, the author used custom filtering rules to resolve local server names to human-friendly domain names instead of IP addresses and found that while the method worked, the AdGuard logs misleadingly marked these entries as "Blocked." Subsequently, the author discovered that using DNS Rewrite provided a clearer distinction in the logs, marking rewritten entries as "Rewritten" instead of "Blocked," and also offered additional benefits such as wildcard domain support and a more intuitive understanding of the DNS activity. The article concludes with a preference for DNS Rewrite over custom filtering rules for local DNS management, and it directs readers to additional posts about securing DNS requests and setting up AdGuard on Raspberry Pi with Flatcar Container Linux.

Opinions

  • The author initially preferred not to modify the /etc/hosts file for local DNS entries and instead used AdGuard's custom filtering rules, which worked but led to confusion due to the "Blocked" status in the logs.
  • The author found that the "Blocked" status in AdGuard could misleadingly refer to either the IP configured in "Custom filtering rules" or an unresolvable domain (0.0.0.0).
  • After experimenting with unblocking a domain, the author noticed that AdGuard added an override rule and marked the DNS request as "Allowed," but the lookup still failed because it was a local entry.
  • The author favors the "DNS Rewrite" method over "Custom filtering rules" for adding local DNS entries because it allows for wildcard domain entries and provides a clearer "Rewritten" status in the logs, which is less confusing.
  • The author sees minor advantages in using "DNS Rewrite" for local DNS management beyond the improved logging and wildcard support, indicating that these benefits are from a management perspective.
  • The article suggests that readers might be interested in other related posts by the author, which cover securing DNS requests to upstream servers and the necessity of encryption settings in AdGuard.

HomeLab: AdGuard: Adding Local DNS Entries —DNS Rewrite vs. Customer Filtering Rules

How to add the local DNS entries? DNS Rewrite vs. Customer Filtering Rules?

HomeLab: AdGuard: Adding Local DNS Entries — DN S Rewrite vs. Customer Filtering Rules

Intro

I’ve been running AdGuard on Raspberry Pi 4 for a few weeks. And, it has been stable without any issues so far.

Add Local DNS Entries — custom filtering rules

The local DNS entries can be added into AdGuard. By doing so, the local home servers can be reached out with the human friendly domain names 😐 rather its IP ( e.g. 1.2.3.4 )

Since I was super new to AdGuard, I googled around to find how to add the Local DNS Entries into AdGuard. ( I don’t prefer to add entries into /etc/hosts )

The post I found showed that the Local DNS entries can be added through “custom filtering rules”. And, it was how I did.

AdGuard: Add Local DNS entries into Custom filtering rules

And, it worked as I expected. The requested domain name was resolved with the configured IP.

In the AdGuard log, the Response showed that the DNS requests are blocked although it wasn’t blocked.

AdGuard: Add Local DNS entries into Custom filtering rules — it works

What does it mean by Blocked in AdGuard?

So, what does it mean by Blocked in AdGuard.

I already noticed that the DNS Lookup worked as I expected. ( getting the IP I set. )

In AdGuard, it can mean

  • The requested DNS is responded with the IP that is configured in “Custom filtering rules”
  • OR, The requested DNS is responded with the IP ( 0.0.0.0 ).

For example, here is a blocked domain by AdGuard. As you can see, in the Log, it’s marked as Blocked. And also, from the domain lookup, you can see that the resolved IP 0.0.0.0

AdGuard: The blocked domain got 0.0.0.0

What if it’s Unblocked?

I got curious what could happen if I unblock the blocked domain.

  • First, I noticed that a new rule was added by AdGuard. The syntax ( @@|| … )means to unblock the given domain name. ( It overrides the existing block rule. )
  • And, in the Log, it’s marked as Allowed.
  • When it’s allowed, the requested DNS was tried to be resolved by the configured DNS servers. ( although it failed since it’s Local DNS entries )
AdGuard: unblock domain
Adguard: unblocked domain lookup is marked allowed
Adguard: unblocked domain lookup is resolved by the configured DNS server

Add Local DNS Entries — DNS Rewrite

Recently, I found out that the Local DNS entries can be added and managed through “DNS Rewrite” as well in AdGuard.

Basically, in terms of resolving the local DNS entries, both “custom filtering rules” and “DNS Rewrite” worked.

I saw little positive things on “DNS Rewrite”

  • wildcard can be used in the domain name like *.example.com. ( “customer filter rules” doesn’t handle that way — one domain name and one ip ). This can help if there is a reverse proxy that re-route the traffic for the *.example.com
  • The log is not marked as Rewritten instead Blocked. The “Blocked” in Log made me confused. Therefore, the blue color with Rewritten made more sense to me.

I can see little more advantages, but they are minor things for the Local DNS entries management perspective.

AdGuard: Add Local DNS Entries — DNS Rewrite
AdGuard: Add Local DNS Entries — Marked as Rewritten

Summary

Both “DNS Rewrite” and “Custom filtering rules” will work for Local DNS entries.

If I have to pick one, I would go with the “DNS Rewrite” for now.

NEXT Posts

You might want to read other posts I wrote about AdGuard as well.

Or, if you’re interested in Raspberry Pi, you can try to setup AdGuard on Raspberry Pi and Flatcar Container Linux. It’s pretty light.

Homelab
Adguard
DNS
Recommended from ReadMedium
avatarArcy Caparros
Setting Home Lab via PfSense Part II

Now that we have our PfSense FW VM installed, what’s next? How do we access our PfSense FW?

4 min read
avatarMr.PlanB
How to Perform Offsite Backups of Your Proxmox Backup Server (PBS): A Guide

Proxmox Backup Server (PBS) is an essential tool for anyone running a Proxmox Virtual Environment (PVE). It allows for seamless backups of…

5 min read
avatarMark Tinderholt
Setting up HashiCorp Packer with Proxmox Part 2: Build a Baseline Patch Virtual Machine Image…

In the Part One, I walked through how to use Packer with Proxmox to set up an Ubuntu 22.04 VM image, leveraging the proxmox-iso builder to…

4 min read
avatarKristjan Hiis
Terraforming VMs in Proxmox: Automating Your Home Lab

Streamline Your Infrastructure with Code: A Step-by-Step Guide to Automating VM Creation in Proxmox Using Terraform

7 min read
avatarHarendra
How I Am Using a Lifetime 100% Free Server

Get a server with 24 GB RAM + 4 CPU + 200 GB Storage + Always Free

3 min read
avatarBoqiang & Henry
Self-Hosting VPN Solutions: Comprehensive Comparison

For those looking to take control of their privacy and network security, self-hosting a VPN server provides complete autonomy over your…

4 min read