I installed adguard via nspwan on OS 3.x and everything is up and running like expected.
When i connect to the pod/container via machinectl shell adguard and try DNS resolution of the configured private dns overrides

dig @127.0.0.1 sub.my-private.tld

i get the expected result

doing the same with the external ip of the pod from the vlan5 bridge (in my case 10.10.20.3) .. running from the UDM of from a network client

dig @10.10.20.3 sub.my-private.tld

it does not return my private DNS entry or in other words, something else is answering, not adguard.

It becomes clear when checking on the UDM

netstat -tulpn | grep '10.10.20.1:53 '
tcp        0      0 10.10.20.1:53           0.0.0.0:*               LISTEN      2628/dnsmasq        
udp        0      0 10.10.20.1:53           0.0.0.0:*                           2628/dnsmasq   

So UDM runs dnsmasq on the port i expect adguard to run. I configured my vlan5 / container network without DHCP

What could case dnsmasq to listen on that interface (or is that the default on os 3.x) and/or how can i deactivate it

FYI:

• using the updated variant of the onboot script installation via #523 (comment)
• using stable and not unstable debian
• rather new to the UDM game, coming form opnsense

Found the issue, it seems not to be dnsmasq related, but rather what rules dnsmasq will use. And me bright light activate Adblock in security, which will redirect all DNS queries in UDM internally. So be sure to disable

/network/default/settings/security -> Ad Blocking (needs to be off)

I would close this ticket, not sure about the policies in here though