Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Google DNS Refused AAAA queries from IPv6 clients #3887

Closed
7cio opened this issue Nov 27, 2021 · 12 comments
Closed

Google DNS Refused AAAA queries from IPv6 clients #3887

7cio opened this issue Nov 27, 2021 · 12 comments
Assignees
@EugeneOne1
Labels
bug external libs Issues that require changes in external libraries. P3: Medium
Milestone
v0.107.0

Comments

@7cio
Copy link

7cio commented Nov 27, 2021

Hello,

I'm running AdGuardHome version: v0.106.3

While AAAA queries work for IPv6 clients if using Quad 9, Cloudflare as upstream DNS. It doesn't work with Google DNS

image

Anyone has the same problems? Is there any workaround to get it works?

Thanks.
@ainar-g
Copy link
Contributor

ainar-g commented Nov 29, 2021
edited
Loading

Hello. At first sight, this looks like either a GoogleDNS issue or an ISP issue, to be honest. Can you check if making such requests from these machines also results in a REFUSED response? For example:

dig 'fpc.msedge.net' '8.8.8.8'

And:

dig +dnssec 'fpc.msedge.net' '8.8.8.8'

@ainar-g ainar-g added the waiting for data Waiting for users to provide more data. label Nov 29, 2021
@7cio
Copy link
Author

7cio commented Nov 29, 2021

both commands work well on AdguardHome server and the clients

image
image

I've tested another AdguardHome install, and on a different network. It has the same problems.

@ainar-g
Copy link
Contributor

ainar-g commented Nov 29, 2021

I see. What if you explicitly request the AAAA responses?

dig +dnssec @'8.8.8.8' 'fpc.msedge.net' AAAA IN

@7cio
Copy link
Author

7cio commented Nov 29, 2021

It works too

Adguard Home server
image

One of the clients
image

@ainar-g
Copy link
Contributor

ainar-g commented Nov 29, 2021

You could also try one of the v0.107 betas to see if that improves the situation, but other than that we don't have any other ideas, unfortunately. I'll leave the issue open with the “help needed” label, and perhaps someone who solved a similar issue could shed some light.

@ainar-g ainar-g added help wanted and removed waiting for data Waiting for users to provide more data. labels Nov 29, 2021
@7cio
Copy link
Author

7cio commented Dec 2, 2021

I found out that Google DNS process AAAA queries from IPv4 clients
image

And refuse if the queries from IPv6 clients
image

The same thing happens with Google DNS6
2001:4860:4860::8888
2001:4860:4860::8844

If I set the Google DNS directly on IPv6 clients, it works.

I've tested 3 different Adguard Home instances on 3 different countries. And they have the same problem with Google DNS and IPv6 clients.

I believe the dev team can reproduce the problem. So please check.

@ainar-g
Copy link
Contributor

ainar-g commented Dec 2, 2021

@vNa3006, thank you for the tests! We have a theory. Do you have the “Enable EDNS client subnet” option on? Does the problem still persist if you disable it?

@7cio
Copy link
Author

7cio commented Dec 2, 2021

@ainar-g, yes I have the “Enable EDNS client subnet” option on.
If I disable the option, the problem doesn't occur.

@ainar-g
Copy link
Contributor

ainar-g commented Dec 2, 2021

I see. It's probably a bug in one of our libraries then.

@EugeneOne1, please investigate.

@ainar-g ainar-g added bug external libs Issues that require changes in external libraries. P3: Medium and removed help wanted labels Dec 2, 2021
@ainar-g ainar-g added this to the v0.107.0 milestone Dec 2, 2021
adguard pushed a commit to AdguardTeam/dnsproxy that referenced this issue Dec 14, 2021
@EugeneOne1
Pull request: 3887 fix ecs length
2910012 
Merge in DNS/dnsproxy from 3887-fix-edns to master

Updates AdguardTeam/AdGuardHome#3887.

Squashed commit of the following:

commit b4d5393
Author: Eugene Burkov <E.Burkov@AdGuard.COM>
Date:   Tue Dec 14 13:12:29 2021 +0300

    proxy: imp docs

commit f25b898
Author: Eugene Burkov <E.Burkov@AdGuard.COM>
Date:   Mon Dec 13 16:45:58 2021 +0300

    proxy: fix ecs length
adguard pushed a commit that referenced this issue Dec 14, 2021
@EugeneOne1
Pull request: 3887 upd dnsproxy
8b0d974 
Merge in DNS/adguard-home from 3887-ecs-length to master

Updates #3887.

Squashed commit of the following:

commit cfd454f
Author: Eugene Burkov <E.Burkov@AdGuard.COM>
Date:   Tue Dec 14 13:23:42 2021 +0300

    all: upd dnsproxy
@EugeneOne1
Copy link
Member

EugeneOne1 commented Dec 14, 2021
edited
Loading

@vNa3006, hello again. This should be fixed as of latest edge build. Could you please install it and check if IPv6 clients now getting their responses?

@7cio
Copy link
Author

7cio commented Dec 14, 2021

@EugeneOne1 It's working on the edge version. Thanks.

@EugeneOne1
Copy link
Member

@vNa3006, I'll close the issue for now. Thanks for testing!

heyxkhoa pushed a commit to heyxkhoa/AdGuardHome that referenced this issue Mar 20, 2023
@EugeneOne1 @heyxkhoa
Pull request: 3887 upd dnsproxy
b279176 
Merge in DNS/adguard-home from 3887-ecs-length to master

Updates AdguardTeam#3887.

Squashed commit of the following:

commit cfd454f
Author: Eugene Burkov <E.Burkov@AdGuard.COM>
Date:   Tue Dec 14 13:23:42 2021 +0300

    all: upd dnsproxy
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@EugeneOne1 EugeneOne1

Labels
bug external libs Issues that require changes in external libraries. P3: Medium
Projects
None yet
Milestone
v0.107.0
Development

No branches or pull requests
3 participants
@ainar-g @EugeneOne1 @7cio