AdGuard stops serving all DNS requests when internet connection drops

[NullEnt1ty]

Issue Details

• Version of AdGuard Home server:
  • v0.107.3
• How did you install AdGuard Home:
  • Docker
• How did you setup DNS configuration:
  • Router
• If it's a router or IoT, please write device model:
  • FRITZ!Box 7590
• CPU architecture:
  • AMD64
• Operating system and version:
  • Ubuntu 21.10 (Linux 5.13.0-28-generic)

Expected Behavior

AdGuard Home should continue to serve DNS requests for local devices even when the internet connections drops.

Actual Behavior

After starting AdGuard Home it operates normally. However, after a few minutes (without internet access) it stops serving DNS requests completely.

Additional Information

This seems to be related to #2657

Debug logs: adguard.log

Configuration

```yaml bind_host: 0.0.0.0 bind_port: 8080 beta_bind_port: 0 users: - name: dominique password: -snip- auth_attempts: 5 block_auth_min: 15 http_proxy: "" language: en debug_pprof: false web_session_ttl: 720 dns: bind_hosts: - 0.0.0.0 port: 53 statistics_interval: 30 querylog_enabled: false querylog_file_enabled: true querylog_interval: 6h querylog_size_memory: 1000 anonymize_client_ip: false protection_enabled: true blocking_mode: nxdomain blocking_ipv4: "" blocking_ipv6: "" blocked_response_ttl: 10 parental_block_host: family-block.dns.adguard.com safebrowsing_block_host: standard-block.dns.adguard.com ratelimit: 20 ratelimit_whitelist: [] refuse_any: true upstream_dns: - quic://dns-unfiltered.adguard.com:784 - tls://1.1.1.1 - tls://1.0.0.1 - tls://dns.quad9.net - '[/168.192.in-addr.arpa/]192.168.188.1' - '[/fritz.box/]192.168.188.1' upstream_dns_file: "" bootstrap_dns: - 1.1.1.1:53 - 1.0.0.1:53 all_servers: false fastest_addr: false fastest_timeout: 1s allowed_clients: [] disallowed_clients: [] blocked_hosts: - version.bind - id.server - hostname.bind trusted_proxies: - 127.0.0.0/8 - ::1/128 cache_size: 4194304 cache_ttl_min: 0 cache_ttl_max: 0 cache_optimistic: true bogus_nxdomain: [] aaaa_disabled: false enable_dnssec: false edns_client_subnet: false max_goroutines: 300 ipset: [] filtering_enabled: true filters_update_interval: 24 parental_enabled: false safesearch_enabled: false safebrowsing_enabled: false safebrowsing_cache_size: 1048576 safesearch_cache_size: 1048576 parental_cache_size: 1048576 cache_time: 30 rewrites: - domain: fritz.box answer: 192.168.188.1 - domain: smart.home.mattern.dev answer: hass-pi.fritz.box - domain: nas.home.mattern.dev answer: 192.168.188.6 blocked_services: [] upstream_timeout: 10s local_domain_name: lan resolve_clients: true use_private_ptr_resolvers: true local_ptr_upstreams: - 192.168.188.1 tls: enabled: false server_name: "" force_https: false port_https: 443 port_dns_over_tls: 853 port_dns_over_quic: 784 port_dnscrypt: 0 dnscrypt_config_file: "" allow_unencrypted_doh: false strict_sni_check: false certificate_chain: "" private_key: "" certificate_path: "" private_key_path: "" filters: - enabled: true url: https://adguardteam.github.io/AdGuardSDNSFilter/Filters/filter.txt name: AdGuard DNS filter id: 1 - enabled: false url: https://adaway.org/hosts.txt name: AdAway id: 2 - enabled: false url: https://hosts-file.net/ad_servers.txt name: hpHosts - Ad and Tracking servers only id: 3 - enabled: false url: https://www.malwaredomainlist.com/hostslist/hosts.txt name: MalwareDomainList.com Hosts List id: 4 whitelist_filters: [] user_rules: - '||e.crashlytics.com^$important' - '||mtalk.google.com^$important' - '||ott.io.mi.com^$important' - '||de.ots.io.mi.com^$important' - "" dhcp: enabled: false interface_name: "" dhcpv4: gateway_ip: "" subnet_mask: "" range_start: "" range_end: "" lease_duration: 86400 icmp_timeout_msec: 1000 options: [] dhcpv6: range_start: "" lease_duration: 86400 ra_slaac_only: false ra_allow_slaac: false clients: [] log_compress: false log_localtime: false log_max_backups: 0 log_max_size: 100 log_max_age: 3 log_file: "" verbose: false os: group: "" user: "" rlimit_nofile: 0 schema_version: 12 ```

The problem seems to occur once AdGuard tries to contact its upstream DNS servers or update its filter lists.

The web interface continues to work.

[fernvenue]

As ameshkov said in https://github.com/AdguardTeam/AdGuardHome/issues/2657#issuecomment-820279087:

The easy solution to this issue is to set max_goroutines to 0 in AdGuardHome.yaml.

That works for me, and I don't think the mainline version has changed this to default behavior, it is still max_goroutines: 300.

[NullEnt1ty]

The easy solution to this issue is to set max_goroutines to 0 in AdGuardHome.yaml.

Thanks, I will try this in the meantime, but this sounds more like a workaround to me.

According to this comment the issue should have been fixed in v0.107.0 which is not the case for me. That's why I'm reporting it again.

[fernvenue]

The easy solution to this issue is to set max_goroutines to 0 in AdGuardHome.yaml.

Thanks, I will try this in the meantime, but this sounds more like a workaround to me.

According to this comment the issue should have been fixed in v0.107.0 which is not the case for me. That's why I'm reporting it again.

What I see is they are talking about beta and edge releases...let's just wait and see the new progress of this issue.

[gibwar]

I just had an ISP outage after switching over to AGH a few days ago from pi.hole and am running 0.107.5 with a similar configuration (tls://1.0.0.1, [/home/]172.24.44.45, etc) and was surprised to see all internal DNS requests fail while the internet was down. I figured the whole point of routing requests was to know which were reachable (both on the 172.24.44.x network) and which weren't (upstream).

I'm liking AGH, but if I have another outage, I may have to point AGH to upstream to bind so internal works while the internet is off. The reason I switched was for the native DoT support without third-party libraries.

ETA: I did have "Use AdGuard browsing security web service" enabled when the internet went down, so maybe AGH was checking my internal DNS responses against this security web service? I've since disabled it in hopes that DNS keeps working next time the internet is out.

[phenomenomenom]

I have the same experience as @NullEnt1ty. Local DNS stops being served when there's an upstream outage. Setting max_goroutines to 0 functions as a workaround.

[cburgess]

I ran into the same exact issue this morning on v0.107.6. After some debugging I determined that the issue is in fact with having 'safebrowsing_enabled' set to true (e.g. 'Use AdGuard browsing security web service'). With the upstream internet down it takes some time for that upstream query to fail and during that time the DNS response just hangs and/or times out. In order to work around this I added custom filtering rules to always allow my local DNS names. This resolved the issue as AdGuard will by-pass the safebrowsing check since its allowed.