Bug in mobileconfig

[attinderdhillon]

1. If adguard is on a non-standard HTTPS port. The "iOS and macOS configuration" for DNS-over-HTTPS doesn't add the Port to the query URL.

2. For "DNS-over-TLS" If a client ID is specified it is prefixed to the URL.

In both cases, the URL is not reachable and DNS fail.

[EugeneOne1]

@attinderdhillon, the first point is definitely a bug. We're already working on fixing it.

The second point is an expected behavior. See "Clients" section of our wiki.

[attinderdhillon]

DNS-over-TLS

So I assume we need to add a DNS entry for this to work?

I believe many of us are using sub-domains for adguard (dns.example.com) , multi-level wildcards are not supported AFAIK.
client-id.dns.example.com will not work with wildcard SSL of *.example.com

Kindly look into the possibility of using hyphens ex. clientid-dns.example.com.

[EugeneOne1]

We have already discussed using hyphens and decided to reject the idea, since that would exclude hyphens from client IDs themselves. For example, in a-b-c.example.com, is the client ID a-b or a?

There is no such problem with DNS-over-HTTPS since client ID is used as part of URL there. So you may want to use that.

[EugeneOne1]

@attinderdhillon, hello! The fix for the issue is available in latest edge build. Could you please check if our solution work fine?

[attinderdhillon]

Still port missing from Doh config..

[EugeneOne1]

@attinderdhillon, a few questions to clarify:

1. How did you setup the latest edge build?
2. Could you please attach a screenshot of your Setup Guide → DNS Privacy settings?
3. What is the value of the tls.port_https field in AdGuardHome.yaml?

[attinderdhillon]

1. Stop, rename AdguardHome, pulled the latest edge build and start.

2. `DNS Privacy

DNS-over-TLS: Use tls://dns.domain.com:853 string.
DNS-over-HTTPS: Use https://dns.domain.com:444/dns-query string.

Here's a list of software you can use.`

3 tls: enabled: true server_name: dns.domain.com force_https: true port_https: 444 port_dns_over_tls: 853 port_dns_over_quic: 784 port_dnscrypt: 0

[EugeneOne1]

@attinderdhillon, as your "screenshot" says, the port is defined correctly and should be presented in the resulting URL. However, the fix only affected the bottom part of the page, where the button for downloading the *.mobileconfig file located:

Could you please show this part?

[attinderdhillon]

I don't have that option.

https://tinyurl.com/y3djyw9f

[EugeneOne1]

@attinderdhillon, well, your version of AdGuard Home is v0.107.0-b.1 which is the first beta of v0.107.0. The fix is only included into edge builds for now. You can find the instructions on how to get it here.

[attinderdhillon]

My Bad, Working fine in the edge built, Thank You.

[EugeneOne1]

It's okay. Thanks for testing. Will close the issue for now.