Computers, homelab, troubleshooting

Why wont you connect!? My Journey to a Harmonious Home Network

Leave a comment

There’s nothing quite like the satisfaction of building your own little corner of the internet right in your home. My lab, humming quietly in the corner, hosts all sorts of wonderful things – from my personal productivity dashboard (Vikunja keeps my life in order!) to my burgeoning photo archive. The dream is a unified, seamless digital experience, protected by the watchful eye of AdGuard Home.

But, as many a home lab enthusiast will tell you, the road to network nirvana is often paved with… well, timeouts and cryptic error messages. And so began my own saga, a tale of head-scratching, late-night log-diving, and a particularly stubborn BT Hub.

It all started subtly. Things felt a little sluggish. My usual snappy DNS resolution was replaced by an unsettling pause. A quick peek into the AdGuard Home logs revealed a chilling sight: a deluge of “exchange failed” errors, specifically pointing to my router’s IP address. It was as if AdGuard Home was shouting, “Hey, I need to know where example.com is!” and my router was replying with a blank stare, or worse, just dropping the call entirely. This was a classic DNS loop, where my router was somehow forwarding DNS queries back to AdGuard Home, which then tried to forward them back to the router, and so on. A digital Ouroboros, consuming its own tail!

My first move was to untangle this loop. My brain, however, was stubbornly stuck on one question: why were all these messages going to my router for DNS? I had configured AdGuard Home correctly, hadn’t I? The answer hit me like a ton of bricks as I was reviewing my mental checklist of the setup process. I remembered the Proxmox CT creation dialogue, specifically the two separate tabs for networking. First, the Network tab, where I’d set the IP and gateway. But then, there was a second tab, DNS. And I distinctly recalled its default setting: “use host settings.” A lightning bulb went off in my head.

Of course! The containers, by default, weren’t talking to AdGuard Home directly; they were talking to the Proxmox host! I immediately dove into the host’s network settings, and there it was, staring me in the face: DNS server 1: 192.168.1.254. The host itself was using the router for DNS! This one discovery explained everything. The containers were asking the host for DNS, the host was asking the router, and the router was—unbeknownst to me—sending the query right back into the loop.

A quick adjustment to the host’s DNS settings, a change to my AdGuard Home IP, and a restart. My heart pounded as I pulled up the logs. Silence. Blissful silence. The specific “exchange failed” messages targeting my router’s IP vanished. I felt a surge of triumph. The Ouroboros was decapitated!

But the network gods, it seemed, weren’t quite done with me. The silence in the logs was replaced by a new, more insidious foe: “context deadline exceeded” and “i/o timeout” messages. These weren’t aimed at my router anymore; they were aimed squarely at the open internet – at Quad9, Cloudflare, any public DNS server AdGuard Home tried to reach. My server, with its shiny new DNS settings, was now attempting to phone home, but something out there was hanging up before it even connected.

This was a classic “DNS proxy” problem, a sneaky feature often found in ISP-provided routers like my BT Hub. Even with the router’s main firewall explicitly turned off, these devices often have a hidden mechanism that intercepts all DNS traffic, forcing it through the ISP’s own servers. It’s like having a helpful (but ultimately controlling) assistant who insists on making all your calls for you, even if you know the number perfectly well.

I tried everything. Switching AdGuard Home from DNS-over-HTTPS to standard DNS-over-UDP on port 53? Nope, same timeouts. Trying a different DoH provider, like LibreDNS? Still blocked. Even attempting DNS-over-TLS on the less common port 853 with Cloudflare? The router just scoffed, “dial tcp: i/o timeout.” It was a universal blockade. Whether I used encrypted channels (essential for privacy and to bypass ISP snooping) or plain old UDP, nothing was getting through. My Vikunja instance, while running locally, couldn’t resolve external links, and my Immich server was not behaving! I’d drop in a new photo, and the server would just hang, unable to get any rich data. The application wasn’t the problem — the logs showed it was trying to do its job. It was the network. My AdGuard Home was getting the request but couldn’t get it out to the internet, and the application’s request would eventually just time out and fail. It’s a good reminder that your network foundation is the most critical part of your home lab. If the pipes are broken, it doesn’t matter how great the faucet is.

My network, though internally harmonious, was an island in the vast digital ocean.

The solution, it turns out, lay not in my lab, but deep within the labyrinthine settings of my BT online account. It struck me then: those seemingly innocuous “security features” my ISP was so proud of – things like “BT Web Protect” or “BT Parental Controls” – often operate at a network level, overriding local router settings. With a glimmer of hope, I logged into My BT, navigated to the security section, and there it was: “BT Parental Controls.” The only “service” being active! A single “Switch off” button.

I clicked it, held my breath, and watched a small progress bar inch its way forward. “This can take up to a minute,” it warned. That minute felt like an eternity.

Once the confirmation appeared, I sprinted back to my router and gave it a hard reboot, a ritualistic cleansing to banish the lingering specters of blocked DNS. As it came back online, I logged into AdGuard Home, heart pounding, and clicked the “Test Upstreams” button.

“Your DNS servers are working fine!” it declared. A joyous melody rang in my ears. The only “errors” remaining in my logs were the occasional, perfectly normal “i/o timeout” messages from my Tailscale DNS resolver, which, by design, isn’t meant to resolve public internet addresses.

It was a journey from baffling loops to universal timeouts, culminating in the satisfying click of a “Switch off” button hidden deep within an online portal. My home network was finally free, responsive, and operating with the privacy and control I had always envisioned. And as I watched those clean logs scroll by, I knew that sometimes, the biggest network battles are won not with complex configurations, but with a keen eye for the obvious – or, in this case, the subtly hidden

               

Leave a Reply

Your email address will not be published. Required fields are marked *

recaptcha placeholder image
 

This site uses Akismet to reduce spam. Learn how your comment data is processed.