search

AdguardTeam / AdGuardHome

Network-wide ads & trackers blocking DNS server
https://adguard.com/adguard-home.html
GNU General Public License v3.0
25.48k stars 1.83k forks source link

TP-Link's Network Connection Status Inspect (NCSI) does not like AdGuard DNS #244

Closed ghost closed 6 years ago

ghost commented 6 years ago

Seems to be a ping issue or however method TP-Link is checking the status of the Internet connection and the DNS servers.

Because of this, I am unable to use any TP-Link Cloud features on the device, as it thinks the device is offline, even though it isn't... I'm using it now to post this.

I would remove AdGuard DNS from the WAN settings as a workaround, however it is the only way for TP-Link to assign AdGuard DNS IPv6 addresses via RADVD, as there are no LAN settings for IPv6 DNS, only IPv4, which is annoying.

However, if I put my ISP's DNS or Google's DNS, the settings pass and the issue disappears. Only occurring with AdGuard DNS so far.

Steps to reproduce

  1. Configure the WAN to use AdGuard DNS for IPv4 and IPv6, under "Use the Following DNS Addresses" and "Use the Following IPv6 DNS Addresses" in Advanced Settings.
  2. Let it connect successfully, exit the web interface and use the Internet for a short period of time.
  3. Click on the "Basic" tab and "Network Map" for TP-Link to detect the status of the Internet connection.
  4. See the problem areas in the web GUI. Screenshots are provided in the problem areas.

Expected behavior

TP-Link should say that the Internet is Connected, and you are able to use TP-Link Cloud features.

Actual behavior

TP-Link reports that the Internet is Disconnected, and gives an error to "Please configure your DNS manually.". The Internet is working perfectly fine, however, so it is an issue related to how TP-Link is testing AdGuard DNS.

Screenshots: dns_settings network_map_disconnected tp-link_cloud_offline ncsi_test_fail

Your environment

Description Value
DNS server in use: AdGuard Default, both IPv4 and IPv6 addresses
How did you setup DNS configuration: TP-Link Gateway
Device model: Archer VR400 v2
ameshkov commented 6 years ago

Any idea on how exactly TP-Link's NCSI actually works? I've done some googling but nothing useful so far:(

Btw, do you have this issue when IPv6 server is not specified?

ghost commented 6 years ago

Any idea on how exactly TP-Link's NCSI actually works? I've done some googling but nothing useful so far:(

Not exactly, I also couldn't find anything about how it works online.

Btw, do you have this issue when IPv6 server is not specified?

Yes, I have tried it with just a IPv4 setup, and the same issue occurs.

ForkedLightning commented 6 years ago

While I don't know how it works on your model, older TP-Link routers check internet connectivity by looking up a.root-servers.net (and tp-link.com in some products) every few seconds which fills DNS lookup logs with spam. Very annoying.

ameshkov commented 6 years ago

@ForkedLightning does it care about the response for that lookups?

AG DNS responds with some IP addresses for both a.root-servers.net and tp-link.com so it should've not been a problem unless the routers verify the IP address somehow.

ghost commented 6 years ago

@ameshkov it seems to be behaving quite erratically. If I leave it alone with AdGuard DNS settings saved and reboot the device, the automatic tests seems to pass. As soon as I manually run diagnostics or want to visit the TP-Link Cloud, it seems to check again (perhaps more thoroughly) and the DNS error persists no matter how many times I try to test it again.

Is there a way to record and see how the device is trying to communicate with AdGuard DNS?

ameshkov commented 6 years ago

Is there a way to record and see how the device is trying to communicate with AdGuard DNS?

@planet0 not on the server side, unfortunately. I wonder if there is any debug logging on the router?

ghost commented 6 years ago

I wonder if there is any debug logging on the router?

There is a Debug level System Log available, however it seems that it isn't as comprehensive as expected, as reproducing the tests don't show up in the log.

ghost commented 6 years ago

@ameshkov I just spoke with TP-Link support and they are going to consult with the senior engineers about this. They have a link to this GitHub issue as well.

As soon as I get a response via email I'll let you know, perhaps I could forward it to you?

ameshkov commented 6 years ago

Either way is okay, thank you!

ghost commented 6 years ago

@ameshkov An update, they have remotely connected to my network and captured the data packets to analyse the issue faced with using AdGuard DNS on their TP-Link device.

As it seems to be more specific with the device handling AdGuard DNS rather than an issue with AdGuard itself, there might not be anything required on AdGuard's side to resolve. However, I'm more than happy to provide updates about this on here until there is a fix in place, as the cause is not yet 100% known.

ameshkov commented 6 years ago

Let's close this issue then and reopen if there's anything we can do on our side.

ghost commented 6 years ago

@ameshkov, an update from TP-Link:

I have information from our developer. According to their words, it is just a little problem on the DNS resolv progress of this router and it will have no influence your LAN clients and wireless clients. They have found the reason of your problem and will update the code in their SVN/Git system.

So all is well, AdGuard DNS and TP-Link are going to be fine in the next firmware update release.

ameshkov commented 6 years ago

Awesome, thank you!