AdGuard Home on Proxmox with EdgeRouter X-SFP: DNS, Ad Blocking, and Reverse DNS
The Problem My homelab has multiple VLANs, a Tailscale overlay network, and no ad blocking. DNS was handled entirely by the EdgeRouter X-SFP forwarding to Cloudflare. I wanted: Network-wide ad blocking without per-device configuration Conditional DNS forwarding so LAN clients can resolve Tailscale hostnames Non-Tailscale devices (Rokus, smart TVs) able to reach Tailscale services like Jellyfin Client names on the DNS dashboard instead of raw IPs The Architecture 1 2 3 4 5 6 7 8 9 10 11 12 13 LAN Clients (10.150.10.0/24) │ ├─ DNS ──→ dns01 (AdGuard Home, 10.150.60.11) │ ├─ Upstream: Cloudflare DoH, Google DoH │ ├─ Conditional: *.<tailnet>.ts.net → 100.100.100.100 │ └─ Reverse DNS: PTR queries → EdgeRouter (10.150.10.1) │ ├─ DHCP ──→ EdgeRouter X-SFP (dnsmasq) │ ├─ Primary DNS: 10.150.60.11 (AdGuard) │ ├─ Secondary DNS: 10.150.10.1 (router fallback) │ └─ Search domain: <tailnet>.ts.net │ └─ 100.x.x.x traffic ──→ static route → dns01 → MASQUERADE → tailscale0 dns01 is an LXC container on pve01 running AdGuard Home and acting as a Tailscale subnet router advertising all four LAN subnets. ...