DOT Identifier not working in ipv6

[ssrahul96]

Prerequisites

• I have checked the Wiki and Discussions and found no answer

• I have searched other issues and found no duplicates

• I want to report a bug and not ask a question

Operating system type

Other (please mention in the description)

CPU architecture

AMD64

Installation

Docker

Setup

On one machine

AdGuard Home version

v0.108.0-b.15, even tried in v0.107.13

Description

What did you do?

DOH Identifier is not working as expected on ipv6.

I ve setup Adguard home on a VPC, which has both ipv4 and ipv6 public addresses,

I ve private dns in Android and specified the device identifier as below

rahul-mobile.ag.example.com

When my mobile is on ipv4 network (Broadband Connection), the Identifier is working as expected,

But when my mobile is on ipv6 network (Mobile Data), the identifier is not working, and its pointing to docker proxy address 172.18.0.1

Expected result

DOH should work in ipv6

Screenshots (if applicable)

Additional information

docker-compose.yaml

  adguard:
    image: adguard/adguardhome:beta
    container_name: adguard
    ports:
      - 8443:443
      - 853:853
      - 53:53/tcp
      - 53:53/udp
    environment:
      - TZ=${TZ}
    restart: unless-stopped
    volumes:
      - /etc/localtime:/etc/localtime:ro
      - ${DOCKERCONFDIR}/adguard/work:/opt/adguardhome/work
      - ${DOCKERCONFDIR}/adguard/conf:/opt/adguardhome/conf

[ainar-g]

Hello. This seems like either container or DNS misconfiguration. Please make sure that:

1. The domain name rahul-mobile.ag.example.com is resolved to the correct IP addresses in both networks using both A and AAAA queries.

2. That the IPv6 address is not behind some kind of proxy that can remove ClientHello information.

3. You've mentioned both DoT and DoH in your report. Does using a DoH URL with the AdGuard Home ClientID in the URL path work properly?

4. Try enabling --network=host.

5. In any case, you can enable verbose logs and see if there is any useful hints there, for example something about certificates.

[ssrahul96]

@ainar-g ,

1,2,3 are configured correctly,

I tried with --network=host in docker-compose, then it started to listen on ipv6 only

At this point in time, only connection over ipv6 was working

Found few helpful links

https://stackoverflow.com/questions/29957143/make-docker-use-ipv4-for-port-binding
https://stackoverflow.com/questions/52179746/ipv4-https-request-not-forwarded-to-docker-container
moby/moby#2174

flushing iptables after deploying the container seems to be working, Not sure whether it has to fixed in docker or OS,

[ainar-g]

Listening on :: should be fine, since Go prefers to listen on AF_INET6 with IPv4 mapped to IPv6. See here.

At this point in time, only connection over ipv6 was working

Does this mean that IPv4 isn't working? What address do you have in the configuration file for dns.bind_hosts? Having 0.0.0.0 works for me.

[ssrahul96]

dns:
  bind_hosts:
    - 0.0.0.0

i didnt change anything on the bind_hosts it seems to be default

after flushing the iptables it has worked.

[ainar-g]

I see, thanks. If this works now, I'm going to close the issue. Feel free to reopen if this happens again.