-
Notifications
You must be signed in to change notification settings - Fork 1.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
local_domain_name: when set lost rewrites: from that domain #2983
Comments
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions. |
Reproducible in v0.106.3 |
I also got this issue with v0.106.3 As soon as I add lan.mydomain.net as local_domain_name I cannot resolve any local domains anymore. |
Sorry to somewhat hijack this.. How does AGH know which domains to that are private.. What is the difference between the two sections? and within my config file:
AdGuard Home, version v0.107.0-b.11 ptr resolution works as expected. But I forget the reasoning that things went in the bottom and not the top section.. to avoid queries to AG services? For the local recursion/speed? Is everything in the top section sent to AG services for 'checking', if the choice is made to do so? github dnsproxy has no other documentation about the local_domain_section.. so assuming that is a AGH 'thing' and not a dnsproxy setting.. Thanks in advance.. |
@bcookatpcsd, AdGuard Home uses registries from RFC-6303 to consider the address being private. The upstream servers from Private reverse DNS servers field are used only to resolve the PTR requests for these addresses.
Since the screenshot tells that default local resolvers couldn't be determined, I can assume, that the problem may be caused by this domain-specific configuration for Private reverse DNS servers. Could you please try to leave it with only a single upstream |
In my case I use the same single IP that I use for my "Upstream DNS Server".
Why should an $ dig foo.lan
; <<>> DiG 9.10.6 <<>> foo.lan
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 21899
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;foo.lan. IN A
;; AUTHORITY SECTION:
foo.lan. 10 IN SOA fake-for-negative-caching.adguard.com. hostmaster.foo.lan. 100500 1800 900 604800 86400
;; Query time: 50 msec
;; SERVER: 192.168.0.2#53(192.168.0.2)
;; WHEN: Mon Oct 11 08:56:22 CEST 2021
;; MSG SIZE rcvd: 123 |
@agross, as you said:
I afraid, in this case all the requests from your local devices for local addresses are sent to the specified upstream so if it's an external server (not in your local network) then some sensible information may be exposed (See #2704).
My colleague answered not quite accurate. These requests are intended to be resolved within built-in DHCP server as I mentioned before. Since domains with |
Hello @EugeneOne1 ,
The question is what is considered to be a "local" address. As I run DHCP I would expect that all DHCP leases are considered to be local. But these names are not resolved when I only pass the hostname without the default
The DHCP server has leases for the addresses in question. $ dig poco-x3-alex
; <<>> DiG 9.10.6 <<>> poco-x3-alex
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 28092
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;poco-x3-alex. IN A
;; Query time: 308 msec
;; SERVER: 192.168.0.2#53(192.168.0.2)
;; WHEN: Mon Oct 11 15:06:04 CEST 2021
;; MSG SIZE rcvd: 41
$ dig poco-x3-alex.lan
; <<>> DiG 9.10.6 <<>> poco-x3-alex.lan
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 18636
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;poco-x3-alex.lan. IN A
;; ANSWER SECTION:
poco-x3-alex.lan. 10 IN A 192.168.0.12
;; Query time: 45 msec
;; SERVER: 192.168.0.2#53(192.168.0.2)
;; WHEN: Mon Oct 11 15:06:07 CEST 2021
;; MSG SIZE rcvd: 50 It seems like unqualified hostnames are always forwarded to the upstream resolver. Another example, based on another screenshot (not sure which setting matters): $ dig nwa210ax
; <<>> DiG 9.10.6 <<>> nwa210ax
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 19074
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;nwa210ax. IN A
;; Query time: 45 msec
;; SERVER: 192.168.0.2#53(192.168.0.2)
;; WHEN: Mon Oct 11 15:16:41 CEST 2021
;; MSG SIZE rcvd: 37
$ dig nwa210ax.lan
; <<>> DiG 9.10.6 <<>> nwa210ax.lan
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 59052
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;nwa210ax.lan. IN A
;; ANSWER SECTION:
nwa210ax.lan. 10 IN A 192.168.0.13
;; Query time: 44 msec
;; SERVER: 192.168.0.2#53(192.168.0.2)
;; WHEN: Mon Oct 11 15:16:44 CEST 2021
;; MSG SIZE rcvd: 46 |
in the config file:
Not sure if this helps.. |
As I also mentioned, the address is considered "local" if it's contained in one of RFC-6303's registries. To distinct those from DHCP's ones let's call it "private".
Forwarding unqualified domains to the upstream is an expected behaviour since there is no simple way to determine if the client meant the DHCP-leased domain name or some global one. The distinction between the two is the main purpose of However, the screenshot of your Clients section tells that the address for |
my dhcp server is dnsmasq, at 192.168.10.105 and dns for that is running on 531.. |
@bcookatpcsd, as far as I can see all the clients are resolved with reverse DNS. Isn't that is what you wanted to achieve? And again, all the addresses from local_ptr_upstreams:
- '192.168.10.105:531' Please note that |
OK, so my DHCP addresses are in the 192.168.0.0/24 subnet. Which should make them "private" according to RFC-6306. Did I understand that correctly?
I'm using v0.106.3 from docker hub. Likely not one of the builds you mention as |
Correction, I can't. What I am basically looking for is something like dnsmasq's
Does AdGuard support something like this? |
These addresses are considered "private" by RFC-6303, but not in context of the conversation. When you request the address of hostnames leased by AGH's DHCP server, you actually send a
AGH parses the default hosts file of the system. You may simply add there the entries you need. |
I have no problem with my AGH.. I was showing working examples of what does work.. In hopes of helping figure out the problem. Not sure if his dnsmasq is setup correctly.. /var/lib/misc/dnsmasq.leases (standard location) or man dnsmasq FILES.. Or the dhcp-leasefile directive.. |
@bcookatpcsd Could you please clarify what's exactly goes wrong? |
I tried putting AGH as upstream and I tried it without any private reverse DNS servers as well. E.g. when DHCP is enabled device A registers as |
I have the exact same problem, did anyboby find a solution for this ? |
No solution, I switched back to PiHole. |
I use dnsmasq in front of AdGuard. Custom DNS is much more versatile with it. |
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions. |
local defined dns record:
answer: 10.20.0.30
Also:
local_ptr_upstream not filled in.
these entries did not get me PTR entries with local_domain_name filled in. When I changed local_domain_name: back to lan and restarted.. I had static entries and ptr working again..
I also changed:
log_compress: true
log_localtime: true
The text was updated successfully, but these errors were encountered: