AdguardTeam / AdGuardHome

Network-wide ads & trackers blocking DNS server
https://adguard.com/adguard-home/overview.html
GNU General Public License v3.0
25.58k stars 1.84k forks source link

Not showing DNS stamps in query logs #3841

Open gyCfjSnO opened 3 years ago

gyCfjSnO commented 3 years ago

Have a question or an idea? Please search it on our forum to make sure it was not yet asked. If you cannot find what you had in mind, please submit it here.

Issue Details

I have a bunch of DNS Stamp servers listed in upstream DNS however DNS queries going to a server not listed in upstream DNS. (Unless an update has been released where the DNS Stamp is decrypted and the true DNS shown?)

Expected Behavior

AdGuard should use the servers listed in upstream servers

Actual Behavior

It is using other DNS servers

Screenshots

Screenshot: ![Screenshot_20211114-220241](https://user-images.githubusercontent.com/49738152/141680205-340f1039-420b-4b5c-9bf2-9af4e82c77cb.png) ![Screenshot_20211114-220256](https://user-images.githubusercontent.com/49738152/141680196-b3ea0b20-8f1a-4e62-9d0d-fe9989f71134.png) ![Screenshot_20211114-220218](https://user-images.githubusercontent.com/49738152/141680203-328cbcdd-6d16-4eaa-a2f5-948cd523a72c.png)

Additional Information

ainar-g commented 3 years ago

As far as I can see, DNS stamps have been decrypted and shown as hostnames as far back as 2018. Would you say that that is confusing, and that the stamp should be shown instead?

gyCfjSnO commented 3 years ago

As far as I can see, DNS stamps have been decrypted and shown as hostnames as far back as 2018. Would you say that that is confusing, and that the stamp should be shown instead?

Not confusing at all it's what I thought it would do but it had never done that since using SDNS and I've been using the v107 beta versions for a while now as well. It only started decrypting the SDNS after I had an extended internet outage.

ainar-g commented 3 years ago

I've just tried on a v0.106.3 build, and it decrypts the stamp there as well. And again, the code that does it has been checked in way back in 2018.

Either way, if this isn't really a problem, I will close the issue, if you don't mind.

gyCfjSnO commented 3 years ago

I've just tried on a v0.106.3 build, and it decrypts the stamp there as well. And again, the code that does it has been checked in way back in 2018.

Either way, if this isn't really a problem, I will close the issue, if you don't mind.

Strange, any reason why it wouldn't work/decrypt in the past?

ainar-g commented 3 years ago

I don't remember ever seeing a stamp in the query log, to be honest. If you are able to produce a screenshot of the old behaviour, we could investigate further.

gyCfjSnO commented 2 years ago

I knew I wasn't going crazy, it's happening again.

@ainar-g

image

gyCfjSnO commented 2 years ago

@ainar-g

Screenshot 2021-11-29 132810 Screenshot 2021-11-29 132857

ainar-g commented 2 years ago

@EugeneOne1, if I recall correctly, you've been making some changes to the upstream logic and query logs recently? Please investigate.

gyCfjSnO commented 2 years ago

Seems only to occur when using sdns://AQMAAAAAAAAADTkuOS45LjExOjg0NDMgZ8hHuMh1jNEgJFVDvnVnRt803x2EwAuMRwNo34Idhj4ZMi5kbnNjcnlwdC1jZXJ0LnF1YWQ5Lm5ldA

Decrypting on https://dnscrypt.info/stamps/ shows it as been DNSCrypt protocol.

These are my other servers I am using which all decrypt fine in the logs.

# AdGuard DNS Non-filtering DoT
sdns://AwAAAAAAAAAAAAAaZG5zLXVuZmlsdGVyZWQuYWRndWFyZC5jb20
# CloudFlare DoT
sdns://AwAAAAAAAAAAAAAPb25lLm9uZS5vbmUub25l
# Google DoH
sdns://AgUAAAAAAAAAACAe9iTP_15r07rd8_3b_epWVGfjdymdx-5mdRZvMAzBuQpkbnMuZ29vZ2xlCi9kbnMtcXVlcnk
# Cisco DoH
sdns://AgUAAAAAAAAAAAAPZG9oLm9wZW5kbnMuY29tCi9kbnMtcXVlcnk
gyCfjSnO commented 2 years ago

Confirming this is still an issue on v0.108.0-b.4 any DNS Stamp which is DNSCrypt does not get decrypted in AdGuard Home logs.

gyCfjSnO commented 2 years ago

Still occurring on v0.108.0-b.7

EugeneOne1 commented 2 years ago

@gyCfjSnO, as you correctly noted, this upstream uses DNSCrypt protocol, which can't be represented as a human-readable string AFAIK. I'd say this behavior is intended.