search

AdguardTeam / AdGuardHome

Network-wide ads & trackers blocking DNS server
https://adguard.com/adguard-home/overview.html
GNU General Public License v3.0
25.58k stars 1.84k forks source link

ERR_NAME_NOT_RESOLVED on my.tabnine.com in DNS over TLS on Android #3562

Open LagSeeN opened 3 years ago

LagSeeN commented 3 years ago

Prerequisites

Issue Details

Step

  1. setting DNS over TLS on Android (important)
  2. goto browser and go to https://my.tabnine.com/
  3. you will see ERR_NAME_NOT_RESOLVED

I try to change DNS to google it can access this website (DNS over TLS) I try to use DNS over HTTPS client on my android phone it can access this website I try to use plaintext DNS on my android phone it can access this website I try to use DNS over TLS on another android phone it can't access this website show ERR_NAME_NOT_RESOLVED

My Setting

Upstream DNS servers : https://dns.google/dns-query Bootstrap DNS servers : 8.8.8.8 , 8.8.4.4

Screenshot: ![](https://i.imgur.com/xLh0iACl.jpg)
ainar-g commented 3 years ago

Hello and thank you for your report. We have a couple of questions:

  1. Are you using ClientIDs in DoT? That is, do you set it to yourdomain.local or to client-123.yourdomain.local?

  2. Same with DoH (which, as far as I could tell, still works?). Do you set the DNS address to https://yourdomain.local/dns-query or to https://yourdomain.local/dns-query/client-123?

  3. Can you see the queries in the query log?

  4. Are any other websites affected?

Thanks!

LagSeeN commented 3 years ago
  1. client-123.yourdomain.local but I try yourdomain.local it same result
  2. https://yourdomain.local/dns-query/client-123 it work can access this website
  3. yes I see and record have A, CNAME
  4. now I see the problem only my.tabnine.com
ainar-g commented 3 years ago

Sorry for the long time between responses. Are you sure that there aren't any additional DNS filters on your Android phone that could interfere here?

If there aren't any, please configure your AdGuard Home to collect logs by setting verbose to true, reproduce the issue (that is, make a request to the website from your Android phone), and send the logs to us at devteam@adguard.com. Please add the words “AdGuard Home Issue 3562” to the subject line. Thanks!

LagSeeN commented 3 years ago

Sending logs has been completed.

I checked my phone and it's set to only use DNS over TLS, and there's no block in the query log in AdGuard Home.

ainar-g commented 3 years ago

Thanks! We have received the logs, but unfortunately we don't see anything wrong there. We will keep trying to reproduce it, but at this point I doubt that this is an AGH issue, to be honest.

LagSeeN commented 3 years ago

Thanks I found one website that had a problem. domain acs.cimbthai.com and I found that if I disable IPv6 address resolving, the site can still be accessed. However, my network supports IPv6, so this is not the best practice. Now I configured DNS rewrites IPv6 to ::1 to disable IPv6 answer for only the site that had a problem.

but my.tabnine.com and acs.cimbthai.com had only A record idk why my phone wait AAAA record but with dns.google no problem