DoH(DNS-over-https) is not available through the IP of bind_host in DNS settings.

[sudo-gecko]

Problem Description

DoH(DNS-over-https) is not available through the IP of bind_host in DNS settings.

bind_host: IP-1
bind_port: 80

~~(Omit)~~

dns:
  bind_host: IP-2

~~(Omit)~~

tls:
  enabled: true
  server_name: A Record Domain (point to IP-2)
  force_https: false
  port_https: 443
  port_dns_over_tls: 853
  port_dns_over_quic: 784

In the case of the above configuration, DoH cannot be used through the domain because the DoH port has not been opened for the domain pointing to IP-2, so DoH can only be used if the domain points to IP-1.

Proposed Solution

The DoH server should also be opened with the bind_host IP in DNS settings.

Additional Information

If you leave a comment for the lack of explanation, I will respond quickly.

[sudo-gecko]

[ainar-g]

Thanks for the report.

@ameshkov, if I recall correctly, we already plan to split DoH address from the HTTP interface address in the next API version?

[ameshkov]

Yep, that's right.

@ainar-g let's discuss this one internally, I am just thinking we could use dns.bind_host instead without any IP changes?

[DavidOsipov]

Same problem here. With 0.0.0.0 dns_hosts Adguard home haven't listed on multiple interfaces, so I specifically configured it to listen to multiple. After that Adguard started to listen on ports 53, 784, 853 on all interfaces I included in dns_hosts. But the funny thing is that it hasn't worked for DoH on port 443, it is still listening to one interface only.

I have Adguard Home beta v0.106.0-b.1

P.S. ребят, спасибо за вашу работу!

[ainar-g]

@DavidOsipov, спасибо!

And yes, we do plan on separating HTTP setting and DoH settings at much as possible in one of the future releases.

[stale[bot]]

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.