Blocking mode does not seem to work correctly (NX Domain)

[kungpao42]

Prerequisites

Please answer the following questions for yourself before submitting an issue. YOU MAY DELETE THE PREREQUISITES SECTION.

• I am running the latest version
• I checked the documentation and found no answer
• I checked to make sure that this issue has not already been filed

Issue Details

• Version of AdGuard Home server:
  0.100.5 *
• How did you setup DNS configuration:
  IoT *
• If it's a router or IoT, please write device model:
  Raspberry Pi *
• Operating system and version:
  Dietpi 6.26.3 *

Expected Behavior

In NX Domain mode, I would expect all answers from Adguard Home (matching hostnames/domains) to respond with NX Domain.

In Null IP mode, I would expect to see the response in the form of an A/AAAA record as 0.0.0.0.

Actual Behavior

In selecting blocking mode under DNS Settings, I would expect the following behavior:

What I notice happens in actuality is this.

In NX Domain mode AGH will respond with NX Domain if the blocklist source for that match does not have an IP associated with it on the same line. If the blocklist source does have an IP address, then AGH will respond with that IP with a TTL of 10. Thus theip specified in the blocklist is passed onward (ie 0.0.0.0 or 127.0.0.1) in most cases.

Obviously, this should probably not be the case. I have not tested this behavior in Null IP mode, to see whether or not all IP addresses are standarized to 0.0.0.0.

Screenshots

Screenshot:

Additional Information

[megaschatzi]

Same here

[ameshkov]

Yeah, that's the default behavior AGH was using from the very beginning. The setting name is simply wrong, though.

We should have called it "Default" and add a different option that will force NXDOMAIN for all types of rules.

[szolin]

We should have called it "Default"

Why do we need this behaviour?
If someone wants to set a custom IP for a host name - he should use Rewrites instead.
What's the use case here?

[ameshkov]

@szolin the problem is #919, using custom hosts files is the only viable solution at the moment.

[ameshkov]

@szolin here is the final list:

* Default - Respond with NXDOMAIN when blocked by Adblock-style rules and with the IP addresses specified in the rule for /etc/hosts-style blocklists;
* NXDOMAIN – Respond with NXDOMAIN code;
* Null IP – Respond with zero IP address (0.0.0.0 for A; :: for AAAA);
* Custom IP - Respond with a manually set IP address.

[kungpao42]

Is this targeted for a particular release to get fixed?

[ameshkov]

@kungpao42 yep, it's assigned to v0.101 and it's the next major update.