From a3a9b5837745f79476d8d3fd4656fa4b754e57d1 Mon Sep 17 00:00:00 2001 From: XTRM-Unraid Date: Sun, 25 Jan 2026 13:35:03 +0200 Subject: [PATCH] Update incident: Fixed NAT redirect to correct AdGuard IP/port --- ...outbound-blocked-after-mikrotik-restart.md | 35 +++++++++++++++++++ 1 file changed, 35 insertions(+) diff --git a/docs/incidents/2026-01-25-dns-outbound-blocked-after-mikrotik-restart.md b/docs/incidents/2026-01-25-dns-outbound-blocked-after-mikrotik-restart.md index 8e7b5b1..8fc3c57 100644 --- a/docs/incidents/2026-01-25-dns-outbound-blocked-after-mikrotik-restart.md +++ b/docs/incidents/2026-01-25-dns-outbound-blocked-after-mikrotik-restart.md @@ -125,3 +125,38 @@ Devices need to renew DHCP lease to get new DNS: - Wait for lease expiry (default 10 min) - Reconnect to WiFi - Reboot device + +--- + +## Additional Issue: NAT Redirect Wrong IP/Port (13:35) + +### Symptom +- TV showing DNS 192.168.31.1 but no internet +- DNS queries to MikroTik timing out + +### Root Cause +NAT rules were redirecting DNS to wrong destination: + +**Before (WRONG):** +``` +to-addresses=172.17.0.5 to-ports=5355 +``` + +But AdGuard: +- Is on macvlan IP: 192.168.31.4 (NOT 172.17.0.5) +- Listens on port: 53 (NOT 5355) + +### Fix +```bash +/ip firewall nat set [find comment="Force DNS to AdGuard Home"] to-addresses=192.168.31.4 to-ports=53 +/ip firewall nat set [find comment="Force DNS to AdGuard Home TCP"] to-addresses=192.168.31.4 to-ports=53 +``` + +**After (CORRECT):** +``` +to-addresses=192.168.31.4 to-ports=53 +``` + +### Verification +- AdGuard container querying 192.168.31.1 → SUCCESS +- MikroTik resolve command → SUCCESS