#DHCP/DNS issues

Why does it use 127.0.0.53? It should use your adguard ip.

I'd rather not test this on a phone with a weird environment I don't trust to behave as expected but try this

dhclient -r; dhclient -v
cat /etc/resolv.conf
nslookup google.com
ip a

alexis@fedora:~$ dhclient -r; dhclient -v
cat /etc/resolv.conf
nslookup google.com
ip a
Can't create /var/run/dhclient.pid: Permission denied
Can't create /var/run/dhclient.pid: Permission denied
Internet Systems Consortium DHCP Client 4.4.3-P1
Copyright 2004-2022 Internet Systems Consortium.
All rights reserved.
For info, please visit https://www.isc.org/software/dhcp/

can't create /var/lib/dhclient/dhclient.leases: Permission denied
grep: /etc/sysconfig/network-scripts/ifcfg-: No such file or directory
grep: /etc/sysconfig/network-scripts/ifcfg-: No such file or directory
grep: /etc/sysconfig/network-scripts/ifcfg-*: No such file or directory
RTNETLINK answers: Operation not permitted
Open a socket for LPF: Operation not permitted

This version of ISC DHCP is based on the release available
on ftp.isc.org. Features have been added and other changes
have been made to the base software release in order to make
it work better with this distribution.

Please report issues with this software via:
https://github.com/fedora-silverblue/issue-tracker/issues

Please use code blocks.

Or this.

Yeah use a real linux on a real PC. This is not useful to troubleshoot.

https://dpaste.org/04vAL

With my distrobox :
https://dpaste.org/1Lyn4

Operation not permitted
I really want to see what it says though.

Seems like that OS uses systemd-resolved. Check resolvectl status.

alexis@fedora:~$ resolvectl status
Global
Protocols: LLMNR=resolve -mDNS -DNSOverTLS DNSSEC=no/unsupported
resolv.conf mode: stub

Link 2 (enp4s0)
Current Scopes: DNS LLMNR/IPv4 LLMNR/IPv6
Protocols: +DefaultRoute LLMNR=resolve -mDNS -DNSOverTLS DNSSEC=no/unsupported
Current DNS Server: 192.168.1.101
DNS Servers: 192.168.1.101
alexis@fedora:~$

Looks right. See if you can install nslookup and run it again.

Or try dig google.com.

alexis@fedora:~$ dig google.com

; <<>> DiG 9.18.26 <<>> google.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 34571
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 65494
;; QUESTION SECTION:
;google.com. IN A

;; ANSWER SECTION:
google.com. 61 IN A 142.250.179.110

;; Query time: 11 msec
;; SERVER: 127.0.0.53#53(127.0.0.53) (UDP)
;; WHEN: Wed Jun 05 01:24:54 CEST 2024
;; MSG SIZE rcvd: 55

alexis@fedora:~$

That works like it should?

You should see that query in adguard.

oops wait I do remove my secondary dns

DHCP/DNS issues

alexis@fedora:~$ dig google.com

; <<>> DiG 9.18.26 <<>> google.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 57725
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 65494
;; QUESTION SECTION:
;google.com. IN A

;; Query time: 0 msec
;; SERVER: 127.0.0.53#53(127.0.0.53) (UDP)
;; WHEN: Wed Jun 05 01:26:09 CEST 2024
;; MSG SIZE rcvd: 39

alexis@fedora:~$ nslookup google.com
;; communications error to 127.0.0.53#53: timed out
;; communications error to 127.0.0.53#53: timed out
;; Got SERVFAIL reply from 127.0.0.53
Server: 127.0.0.53
Address: 127.0.0.53#53

** server can't find google.com: SERVFAIL

alexis@fedora:~$

Please check resolvectl status again.

alexis@fedora:~$ resolvectl status
Global
Protocols: LLMNR=resolve -mDNS -DNSOverTLS DNSSEC=no/unsupported
resolv.conf mode: stub

Link 2 (enp4s0)
Current Scopes: DNS LLMNR/IPv4 LLMNR/IPv6
Protocols: +DefaultRoute LLMNR=resolve -mDNS -DNSOverTLS DNSSEC=no/unsupported
Current DNS Server: 192.168.1.101
DNS Servers: 192.168.1.101
alexis@fedora:~$

You can also try dig @192.168.1.101 google.com to force that server to be used.

alexis@fedora:~$ dig @192.168.1.101 google.com
;; communications error to 192.168.1.101#53: connection refused
;; communications error to 192.168.1.101#53: connection refused
;; communications error to 192.168.1.101#53: connection refused

; <<>> DiG 9.18.26 <<>> @192.168.1.101 google.com
; (1 server found)
;; global options: +cmd
;; no servers could be reached

alexis@fedora:~$

connection refused 🧐

🤷

What does ip route, ip a and traceroute 192.168.1.101 say?

https://dpaste.org/iOqJ0

That looks okay to me. Try nc -w5 -vz 192.168.1.101 53.

[alexis@archlinux-latest alexis]$ sudo pacman -S nc
error: target not found: nc
[alexis@archlinux-latest alexis]$ yay -S nc
bash: yay: command not found
[alexis@archlinux-latest alexis]$ nc -w5 -vz 192.168.1.101 53
bash: nc: command not found
[alexis@archlinux-latest alexis]$
🤷

ok its netcat

[alexis@archlinux-latest alexis]$ nc -w5 -vz 192.168.1.101 53
nc: connect to 192.168.1.101 port 53 (tcp) failed: Connection refused
[alexis@archlinux-latest alexis]$

AdGuard is well configured on port 53.

Why are you switching environments all the time? You're making it very hard to troubleshoot anything if you introduce lots of variables

The arch package is gnu-netcat.

I am using an immutable version of Fedora, and the packages take a long time to install.

Okay so the DNS server cannot be reached. Check the addon logs, I guess.

https://dpaste.org/rqUeU

I'd love to check dhclient -v too but I gotta go and you don't have an environment that allows that.

RTNETLINK answers: Operation not permitted
Open a socket for LPF: Operation not permitted

We need that to properly debug the DHCP process.

On my HASS :

https://dpaste.org/Mb4SU

[alexis@archlinux-latest alexis]$ sudo ip addr add 192.168.1.3/24 dev enp4s0
RTNETLINK answers: Operation not permitted
[alexis@archlinux-latest alexis]$
🤬

I will try tomorrow, I have a laptop with Ubuntu on it, thank you very much for your help even though it hasn't worked out so far.

I learned something tonight, "atomic" distributions are practical since they require no maintenance, but they aren't great for debugging.

SSH on HAOS is a container as well. You need a VM or real PC.

Real PC 😅

Thank you very much, I'll test it tomorrow on my laptop with Ubuntu 😉

And if we can't get it to work, it's not a big issue. In a few days, I'll be receiving a new router. I've ordered a Ubiquiti UDM Pro, and I'll be able to manually change the DNS settings inside.

Ah, but no, it won't change anything since it's the DNS resolution that's the problem... Otherwise, can we install Pi-hole with Home Assistant? Or do I need to configure it on another Raspberry Pi?

If you can find a pihole addon.

ubuntu@ubuntu-VirtualBox:~$ sudo dhclient -v
[sudo] Mot de passe de ubuntu :
Internet Systems Consortium DHCP Client 4.4.3-P1
Copyright 2004-2022 Internet Systems Consortium.
All rights reserved.
For info, please visit https://www.isc.org/software/dhcp/

Listening on LPF/enp0s3/08:00:27:b4:42:c0
Sending on LPF/enp0s3/08:00:27:b4:42:c0
Sending on Socket/fallback
xid: warning: no netdev with useable HWADDR found for seed's uniqueness enforcement
xid: rand init seed (0x661fcc7f) built using gethostid
DHCPREQUEST for 192.168.0.4 on enp0s3 to 255.255.255.255 port 67 (xid=0x1cc74229)
DHCPACK of 192.168.0.4 from 192.168.0.101 (xid=0x2942c71c)
Setting LLMNR support level "yes" for "2", but the global support level is "no".
bound to 192.168.0.4 -- renewal in 33977 seconds.
ubuntu@ubuntu-VirtualBox:~$

Do you notice the subnet difference?

I have my new router 😉

192.168.1 vs 192.168.0.

Ah.

but I have the same problem

I'm mobile right now but the tests are basically the same.

One thing I noticed is that stuff listens on 53 and 5353 but I haven't had time to test this myself.

I wanted to replicate this in my HAOS VM.

Ok thanks you

Now that I have my new router, I have disabled the DHCP server of AdGuard to activate by default the router's one but I have changed the DNS IP address of the router to point to AdGuard. I suspect the result, it does the same thing to me

https://community.home-assistant.io/t/adguard-listening-on-127-0-0-1-instead-of-the-hassio-ip/310137/9

I just tested this myself and it listens locally only. It can't even by reached by the SSH addon like this.

Try to run nslookup google.com 127.0.0.1 via developer SSH and you'll see.

And of course

# ss -ltnp | grep :53
LISTEN 0      0                                      127.0.0.1:53         0.0.0.0:*    users:(("AdGuardHome",pid=43436,fd=12))
                                                     ^^^^^^^^^

So how to fix?
Go here: https://my.home-assistant.io/redirect/supervisor_addon/?addon=a0d7b954_adguard
Go to the Configuration > Network tab. Remove 53, write 53 again, save and restart.

If you go to the Setup Guide in the Adguard GUI you should now also see more than just 127.0.0.1.
I hate addons...

Thank you !!!

It's work now 🙂

Yay 🎉

Before I had casaos with pihole it worked well but I couldn't connect all my home equipment because on casaos, homeassistant is a docker. I have adaway on my smartphone, ublock origin on my browser but for example for my android tv or my partner's iphone it's really useful. In any case, thank you very much for spending the time to help me 🙂

https://tenor.com/view/champagne-cheers-gif-19661069

No problem.