DNS rewrites outputting invalid addresses (manually having to use rewrites to bypass issue) #3815
Comments
|
It looks like your Windows machine is configured (probably by your network's DHCP server) to have nslookup pfsense.(N.B. the dot at the end.) |
|
Yes, that is correct, but previously this worked without the "." as I had had a DNS forwarder entry to the pfSense local resolver as followed. I didn't quite see the need for rewrites up until now: Interestingly enough though, I did your suggestion and it's done the reverse now |
|
I see. Can you please provide the following information:
@EugeneOne1, please investigate if we have broken any of the ordering when implementing #2499. |
|
1. No, I use DHCP via pfSense (mainly because I don't think this worked between subnets - correct me if I am wrong on that thinking sorry).
2. I use PTR from Local host/Private IP DNS records ticked. That among the above DNS forwarder specific rule for kiwilad.nz (which I presumed was the way this was to work as all kiwilad.nz requests weren't forwarded to other DNS servers.
Rewrites page is what I am using to currently circumvent the problem although it appears it still has a another problem in doing that from the testing I carried out for you (the problem but reversed if that makes sense).
Cheers.
|
|
|
|
|
|
|
|
Just thought I would pop in to say, I think this is a pretty bad problem, it's now caused me other issues where drive shares wouldn't work unless there was a manual rewrite added. Shouldn't I be able to simply use [/kiwilad.nz/]127.0.0.1:5335 as previously done? |
ainar-g
added
bug
P3: Medium
and removed
waiting for data
Merge in DNS/adguard-home from 3815-weird-rewrites to master Updates #3815. Squashed commit of the following: commit d217db9 Merge: 006b67b 9c8e087 Author: Eugene Burkov <E.Burkov@AdGuard.COM> Date: Tue Nov 16 16:08:41 2021 +0300 Merge branch 'master' into 3815-weird-rewrites commit 006b67b Author: Eugene Burkov <E.Burkov@AdGuard.COM> Date: Tue Nov 16 15:49:50 2021 +0300 filtering: fix doc commit 7ffafce Author: Eugene Burkov <E.Burkov@AdGuard.COM> Date: Tue Nov 16 14:17:41 2021 +0300 all: imp hosts container more commit b60dedd Author: Eugene Burkov <E.Burkov@AdGuard.COM> Date: Sun Nov 14 19:06:16 2021 +0300 all: log changes commit 37c76f4 Author: Eugene Burkov <E.Burkov@AdGuard.COM> Date: Sun Nov 14 18:14:21 2021 +0300 aghnet: imp hosts container commit 187251c Author: Eugene Burkov <E.Burkov@AdGuard.COM> Date: Sun Nov 14 16:16:41 2021 +0300 all: merge hosts container more
|
@kiwilad-nz, hello again. The latest build in the edge channel should fix the issue. Could you please install it and check if it works properly? |
|
Hi there @EugeneOne1 - It's working as it was now with no added rewrite rules! |
|
@kiwilad-nz, thanks for testing! |
Merge in DNS/adguard-home from 3815-weird-rewrites to master Updates AdguardTeam#3815. Squashed commit of the following: commit d217db9 Merge: 006b67b 9c8e087 Author: Eugene Burkov <E.Burkov@AdGuard.COM> Date: Tue Nov 16 16:08:41 2021 +0300 Merge branch 'master' into 3815-weird-rewrites commit 006b67b Author: Eugene Burkov <E.Burkov@AdGuard.COM> Date: Tue Nov 16 15:49:50 2021 +0300 filtering: fix doc commit 7ffafce Author: Eugene Burkov <E.Burkov@AdGuard.COM> Date: Tue Nov 16 14:17:41 2021 +0300 all: imp hosts container more commit b60dedd Author: Eugene Burkov <E.Burkov@AdGuard.COM> Date: Sun Nov 14 19:06:16 2021 +0300 all: log changes commit 37c76f4 Author: Eugene Burkov <E.Burkov@AdGuard.COM> Date: Sun Nov 14 18:14:21 2021 +0300 aghnet: imp hosts container commit 187251c Author: Eugene Burkov <E.Burkov@AdGuard.COM> Date: Sun Nov 14 16:16:41 2021 +0300 all: merge hosts container more
Issue Details
Version of AdGuard Home server:
[2.5.2-RELEASE][admin@pfSense.kiwilad.nz]/opt/AdGuardHome: ./AdGuardHome -v --version
AdGuard Home
Version: v0.107.0-b.14
Channel: beta
Go version: go1.16.9
Build time: 2021-11-03T11:57:53Z+0000
GOOS: freebsd
GOARCH: amd64
Race: false
Dependencies:
github.com/AdguardTeam/dnsproxy@v0.39.9 (sum: h1:lH4lKA7KHKFJZgzlij1YAVX6v7eIQpUFpYh9qV+WfGw=)
github.com/AdguardTeam/golibs@v0.10.2 (sum: h1:TAwnS4Y49sSUa4UX1yz/MWNGbIlXHqafrWr9MxdIh9A=)
github.com/AdguardTeam/urlfilter@v0.14.6 (sum: h1:emqoKZElooHACYehRBYENeKVN1a/rspxiqTIMYLuoIo=)
github.com/NYTimes/gziphandler@v1.1.1 (sum: h1:ZUDjpQae29j0ryrS0u/B8HZfJBtBQHjqw2rQ2cqUQ3I=)
github.com/aead/chacha20@v0.0.0-20180709150244-8b13a72661da (sum: h1:KjTM2ks9d14ZYCvmHS9iAKVt9AyzRSqNU1qabPih5BY=)
github.com/aead/poly1305@v0.0.0-20180717145839-3fee0db0b635 (sum: h1:52m0LGchQBBVqJRyYYufQuIbVqRawmubW3OFGqK1ekw=)
github.com/ameshkov/dnscrypt/v2@v2.2.2 (sum: h1:lxtS1iSA2EjTOMToSi+2+rwspNA+b/wG5/JpccvE9CU=)
github.com/ameshkov/dnsstamps@v1.0.3 (sum: h1:Srzik+J9mivH1alRACTbys2xOxs0lRH9qnTA7Y1OYVo=)
github.com/beefsack/go-rate@v0.0.0-20200827232406-6cde80facd47 (sum: h1:M57m0xQqZIhx7CEJgeLSvRFKEK1RjzRuIXiA3HfYU7g=)
github.com/cheekybits/genny@v1.0.0 (sum: h1:uGGa4nei+j20rOSeDeP5Of12XVm7TGUd4dJA9RDitfE=)
github.com/fsnotify/fsnotify@v1.4.9 (sum: h1:hsms1Qyu0jgnwNXIxa+/V/PDsU6CfLf6CNO8H7IWoS4=)
github.com/go-ping/ping@v0.0.0-20210506233800-ff8be3320020 (sum: h1:mdi6AbCEoKCA1xKCmp7UtRB5fvGFlP92PvlhxgdvXEw=)
github.com/google/go-cmp@v0.5.5 (sum: h1:Khx7svrCpmxxtHBq5j2mp/xVjsi8hQMfNLvJFAlrGgU=)
github.com/google/gopacket@v1.1.19 (sum: h1:ves8RnFZPGiFnTS0uPQStjwru6uO6h+nlr9j6fL7kF8=)
github.com/google/renameio@v1.0.1 (sum: h1:Lh/jXZmvZxb0BBeSY5VKEfidcbcbenKjZFzM/q0fSeU=)
github.com/AdguardTeam/dhcp@v0.0.0-20210519141215-51808c73c0bf (sum: h1:gc042VRSIRSUzZ+Px6xQCRWNJZTaPkomisDfUZmoFNk=)
github.com/joomcode/errorx@v1.0.3 (sum: h1:3e1mi0u7/HTPNdg6d6DYyKGBhA5l9XpsfuVE29NxnWw=)
github.com/kardianos/service@v1.2.0 (sum: h1:bGuZ/epo3vrt8IPC7mnKQolqFeYJb7Cs8Rk4PSOBB/g=)
github.com/lucas-clemente/quic-go@v0.21.1 (sum: h1:uuhCcu885TE9u/piPYMChI/yqA1lXfaLUEx8uCMxf8w=)
github.com/marten-seemann/qtls-go1-16@v0.1.3 (sum: h1:XEZ1xGorVy9u+lJq+WXNE+hiqRYLNvJGYmwfwKQN2gU=)
github.com/mdlayher/ethernet@v0.0.0-20190606142754-0394541c37b7 (sum: h1:lez6TS6aAau+8wXUP3G9I3TGlmPFEq2CTxBaRqY6AGE=)
github.com/mdlayher/raw@v0.0.0-20210412142147-51b895745faf (sum: h1:InctQoB89TIkmgIFQeIL4KXNvWc1iebQXdZggqPSwL8=)
github.com/miekg/dns@v1.1.43 (sum: h1:JKfpVSCB84vrAmHzyrsxB5NAr5kLoMXZArPSw7Qlgyg=)
github.com/patrickmn/go-cache@v2.1.0+incompatible (sum: h1:HRMgzkcYKYpi3C8ajMPV8OFXaaRUnok+kx1WdO15EQc=)
github.com/satori/go.uuid@v1.2.0 (sum: h1:0uYX9dsZ2yD7q2RtLRtPSdGDWzjeM3TbMJP9utgA0ww=)
github.com/u-root/u-root@v7.0.0+incompatible (sum: h1:u+KSS04pSxJGI5E7WE4Bs9+Zd75QjFv+REkjy/aoAc8=)
go.etcd.io/bbolt@v1.3.6 (sum: h1:/ecaJf0sk1l4l6V4awd65v2C3ILy7MSj+s/x1ADCIMU=)
golang.org/x/crypto@v0.0.0-20210817164053-32db794688a5 (sum: h1:HWj/xjIHfjYU5nVXpTM0s39J9CbLn7Cc5a7IC5rwsMQ=)
golang.org/x/net@v0.0.0-20210929193557-e81a3d93ecf6 (sum: h1:Z04ewVs7JhXaYkmDhBERPi41gnltfQpMWDnTnQbaCqk=)
golang.org/x/sync@v0.0.0-20210220032951-036812b2e83c (sum: h1:5KslGYwFpkhGh+Q16bwMP3cOontH8FOep7tGV86Y7SQ=)
golang.org/x/sys@v0.0.0-20210831042530-f4d43177bf5e (sum: h1:XMgFehsDnnLGtjvjOfqWSUzt0alpTR1RSEuznObga2c=)
golang.org/x/text@v0.3.7 (sum: h1:olpwvP2KacW1ZWvsR7uQhoyTYvKAupfQrRGBFM352Gk=)
gopkg.in/natefinch/lumberjack.v2@v2.0.0 (sum: h1:1Lc07Kr7qY4U2YPouBjpCLxpiyxIVoxqXgkXLknAOE8=)
gopkg.in/yaml.v2@v2.4.0 (sum: h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY=)
howett.net/plist@v0.0.0-20201203080718-1454fab16a06 (sum: h1:QDxUo/w2COstK1wIBYpzQlHX/NqaQTcf9jyz347nI58=)
How did you install AdGuard Home:
How did you setup DNS configuration:
If it's a router or IoT, please write device model:
CPU architecture:
Operating system and version:
Expected Behavior
Expect correct IPs to be resolved (IPv4 and IPv6)
Actual Behavior
When querying localhost domains (pfSense + local host overrides) the resolved IP's include invalid addresses that I can't explain.
Additional Information
Previously DNS rewrites appeared to function correctly before updating to latest release (may have broken from a previous however).
Suspect issue could be related to updated fix/change:
$dnsrewrite rules and other DNS rewrites will now be applied even when the protection is disabled (#1558).
The issue appears with host overrides that include IPv6 entries from my findings. Removing the IPv6 host override within pfsense appears to isolate the issue (or using a manual rewrite from AdguardHome).
Have checked the localhost file from pfSense and the invalid entries below are not there.
Under the query log, the queries that appear invalid include a "A: ttl=10 " as a result.
Without rewrite:
C:\Users\strut>nslookup pfsense
Server: LAN.kiwilad.nz
Address: 192.168.2.1
Non-authoritative answer:
Name: pfsense.kiwilad.nz
Addresses: ::ffff:192.168.1.1
2406:e001:2:9801::1
192.168.1.1
0.0.0.0 <-----------------
C:\Users\strut>nslookup lan
Server: LAN.kiwilad.nz
Address: 192.168.2.1
Non-authoritative answer:
Name: lan.kiwilad.nz
Addresses: ::ffff:192.168.2.1
2406:e001:2:9802::1
192.168.2.1
249.127.0.0 <-----------------
With manual rewrite:
C:\Users\strut>nslookup pfsense
Server: LAN.kiwilad.nz
Address: 192.168.2.1
Non-authoritative answer:
Name: pfsense.kiwilad.nz
Addresses: ::ffff:192.168.1.1
2406:e001:2:9801::1
192.168.1.1
C:\Users\strut>nslookup lan
Server: LAN.kiwilad.nz
Address: 192.168.2.1
Non-authoritative answer:
Name: lan.kiwilad.nz
Addresses: ::ffff:192.168.2.1
2406:e001:2:9802::1
192.168.2.1
The text was updated successfully, but these errors were encountered: