Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Ability to disable private PTRs completely #3184

Closed
ainar-g opened this issue May 24, 2021 · 3 comments
Closed

Ability to disable private PTRs completely #3184

ainar-g opened this issue May 24, 2021 · 3 comments
Assignees
@IldarKamalov @EugeneOne1
Labels
documentation feature request P2: High UI
Milestone
v0.107.0

Comments

@ainar-g
Copy link
Contributor

ainar-g commented May 24, 2021

A lot of people seem to be under the impression that the “Enable reverse resolving of clients' IP addresses” checkmark is supposed to disable private PTR requests, which it doesn't. It's probably because of the UI design flaw: since it's close to the Private DNS servers input, people think that it's related. We should:

  1. Add an actual checkmark to disable private PTR requests and make them return NXDOMAIN.
  2. Make it clearer in the UI that the current checkmark has more to do with clients than it is to upstreams. It will probably disappear or become a different input either way in Make it possible to disable certain client sources #3020.

This should be solved early in the v0.107 cycle, so that we have it in early betas. There seems to be decent demand for this.
@ainar-g ainar-g added this to the v0.107.0 milestone May 24, 2021
@DandelionSprout
Copy link
Member

||192.168.$important,dnstype=PTR should be able to do this already.

adguard pushed a commit that referenced this issue May 26, 2021
@EugeneOne1
Pull request: 3184 disable private ptr
557bbcb 
Merge in DNS/adguard-home from 3184-disable-ptr to master

Updates #3184.

Squashed commit of the following:

commit b78ac2e
Author: Eugene Burkov <e.burkov@adguard.com>
Date:   Wed May 26 17:20:34 2021 +0300

    all: rename dns config field

commit 3651213
Author: Ildar Kamalov <ik@adguard.com>
Date:   Wed May 26 15:55:44 2021 +0300

    client: handle local ips rdns

commit 9a69183
Author: Eugene Burkov <e.burkov@adguard.com>
Date:   Wed May 26 14:43:13 2021 +0300

    all: imp naming

commit 771b7a3
Author: Eugene Burkov <e.burkov@adguard.com>
Date:   Wed May 26 14:24:38 2021 +0300

    all: imp docs, code

commit be96089
Author: Eugene Burkov <e.burkov@adguard.com>
Date:   Wed May 26 13:23:56 2021 +0300

    all: imp docs & log changes

commit 4e645a5
Author: Eugene Burkov <e.burkov@adguard.com>
Date:   Wed May 26 12:49:44 2021 +0300

    all: add the field into structs

commit 22b5b61
Author: Eugene Burkov <e.burkov@adguard.com>
Date:   Tue May 25 15:10:31 2021 +0300

    dnsforward: entitle lock, imp code
@ainar-g
Copy link
Contributor Author

ainar-g commented May 26, 2021

@DandelionSprout, thanks, but that wouldn't be an optimal solution for several reasons:

  1. It's not exactly the best user experience.
  2. As far as I know, this only blocks the 192.168.x.y queries, while we have a whole bunch of networks we consider private…
  3. … which will probably become configurable in the future (Ability to manually set locally served and private networks #3142).

Eugene has already pushed the feature to the main branch, and it should arrive in one of the next edge builds, so I'll close this.

@ainar-g ainar-g closed this as completed May 26, 2021
@Omoeba
Copy link

Omoeba commented Jun 11, 2021
edited

I currently have the following rules to handle PTR queries:

||168.192.in-addr.arpa^$important,dnstype=PTR,dnsrewrite=NXDOMAIN;;
||254.169.in-addr.arpa^$important,dnstype=PTR,dnsrewrite=NXDOMAIN;;
||10.in-addr.arpa^$important,dnstype=PTR,dnsrewrite=NXDOMAIN;;
/((3[0-1])|(2[0-9])|(1[6-9]))\.172\.in-addr\.arpa$/$important,dnstype=PTR,dnsrewrite=NXDOMAIN;;
||127.in-addr.arpa^$important,dnstype=PTR,dnsrewrite=NOERROR;PTR;localhost
||0.8.e.f.ip6.arpa^$important,dnstype=PTR,dnsrewrite=NXDOMAIN;;
||d.f.ip6.arpa^$important,dnstype=PTR,dnsrewrite=NXDOMAIN;;

Link-local and private addresses return NXDOMAIN and 127.0.0.1/8 returns localhost.

heyxkhoa pushed a commit to heyxkhoa/AdGuardHome that referenced this issue Mar 20, 2023
@EugeneOne1 @heyxkhoa
Pull request: 3184 disable private ptr
18d3e30 
Merge in DNS/adguard-home from 3184-disable-ptr to master

Updates AdguardTeam#3184.

Squashed commit of the following:

commit b78ac2e
Author: Eugene Burkov <e.burkov@adguard.com>
Date:   Wed May 26 17:20:34 2021 +0300

    all: rename dns config field

commit 3651213
Author: Ildar Kamalov <ik@adguard.com>
Date:   Wed May 26 15:55:44 2021 +0300

    client: handle local ips rdns

commit 9a69183
Author: Eugene Burkov <e.burkov@adguard.com>
Date:   Wed May 26 14:43:13 2021 +0300

    all: imp naming

commit 771b7a3
Author: Eugene Burkov <e.burkov@adguard.com>
Date:   Wed May 26 14:24:38 2021 +0300

    all: imp docs, code

commit be96089
Author: Eugene Burkov <e.burkov@adguard.com>
Date:   Wed May 26 13:23:56 2021 +0300

    all: imp docs & log changes

commit 4e645a5
Author: Eugene Burkov <e.burkov@adguard.com>
Date:   Wed May 26 12:49:44 2021 +0300

    all: add the field into structs

commit 22b5b61
Author: Eugene Burkov <e.burkov@adguard.com>
Date:   Tue May 25 15:10:31 2021 +0300

    dnsforward: entitle lock, imp code
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@IldarKamalov IldarKamalov

@EugeneOne1 EugeneOne1

Labels
documentation feature request P2: High UI
Projects
None yet
Milestone
v0.107.0
Development

No branches or pull requests
5 participants
@IldarKamalov @ainar-g @DandelionSprout @EugeneOne1 @Omoeba