部分中国域名无法解析

[Potterli20]

本人查看了日记没有问题 域名也是没有拦截 I have checked the diary and there is no problem Domain names are also not blocked

机器是4c8g The machine is 4 c8g

规则是用 https://trli.coding.net/p/file/d/ad-hosts/git/lfs/master/ad-adguardhome.txt

dns上游是用 https://trli.coding.net/p/file/d/dns-hosts/git/lfs/master/dns-adguardhome/blacklist_full.txt

Rule is to use https://trli.coding.net/p/file/d/ad-hosts/git/lfs/master/ad-adguardhome.txt

DNS upstream is used https://trli.coding.net/p/file/d/dns-hosts/git/lfs/master/dns-adguardhome/blacklist_full.txt

dns程序是用dnsproxy

拦截程序是用adguardhome

DNS programs use DNSProxy

The interceptor is adGuardHome

developer.lanzoug.com在adgh上是无法解析该域名，在dnsproxy是可以正常解析该域名。 adgh的上游都是来自dnsproxy开端口

Developer.lanzoug.com cannot resolve this domain name on ADGH, dnsProxy can resolve this domain name properly.

The upstream of ADGH comes from the dNSProxy gateway

这个是有问题图片 This is the picture in question

解析部分网站是无法解析的，如中国的饿了么的定向等(该域名等相关域名进行白名单) Parsing part of the website is unable to resolve, such as China's Ele. me directional, etc. (the domain name and other related domain name whitelist)

本人也看到了相关使用规则的问题 https://github.com/AdguardTeam/AdGuardHome/issues/4414#issuecomment-1075465522

[cyouhi]

先把你的规则停用看看能不能解析 你提供的ad-adguardhome.txt列表中有|client-api.ele.me^，|lanzoug.com^

[Potterli20]

先把你的规则停用看看能不能解析 你提供的ad-adguardhome.txt列表中有|client-api.ele.me^，|lanzoug.com^

我是查developer.lanzoug.com域名，并不是lanzoug.com域名，还有饿了么没有误拦截，是有时候解析不了

[cyouhi]

[Potterli20]

[cyouhi]

研究研究吧，我是没用你上面的规则

[Potterli20]

研究研究吧，我是没用你上面的规则

等于白说。 我拦截了，我会查。 但是确实不解析

[Potterli20]

确实adgh的问题 关闭了规则也是无法访问

[Potterli20]

原因找到了 在dns设置-不允许域名 我设置成这样的 version.bind id.server hostname.bind .in-addr.arpa .ip6.arpa *.lan 结果设置成这样部分网站有问题

删除就好了

但是我也不把这些域名出现在日记上

lanzou的域名是套了cdn all.lanzou*.com.w.kunluncan.com的

我不知道是不是和*.lan有关系

[fernvenue]

Yes, *.lan includes all domains MATCHING it, such as a.lan, a.a.lan, a.lan.test and so on. If you wanna drop lan and all its sunbomains, you should use ||lan^ here to tell AdGuardHome matching all domains ENDING in lan.

For more information about this just read the AdGuardHome Wiki - Hosts Blocklists.

[Potterli20]

Yes, *.lan includes all domains MATCHING it, such as a.lan, a.a.lan, a.lan.test and so on. If you wanna drop lan and all its sunbomains, you should use ||lan^ here to tell AdGuardHome matching all domains ENDING in lan.

For more information about this just read the AdGuardHome Wiki - Hosts Blocklists.

Then I would suggest simply unsetting DNS - disallowed domain names. This and blacklist custom is the same, there is no need to write. If this is the case, don't write the DNS Settings access Settings line, change it to custom rules for filters. 那我就建议，直接取消dns设置-不允许的域名。这个和黑名单的自定义是一样，没有必要去写。如果是这样dns设置访问设置这一行就不要写，都改为过滤器的自定义规则。

[fernvenue]

Then I would suggest simply unsetting DNS - disallowed domain names.

Nope, Drop and Block are completely different behaviors.

Not to be confused with filters. AdGuard Home drops DNS queries matching these domains, and these queries don't even appear in the query log.

Just read the description of this option carefully :)

[Potterli20]

Then I would suggest simply unsetting DNS - disallowed domain names.

Nope, Drop and Block are completely different behaviors.

Not to be confused with filters. AdGuard Home drops DNS queries matching these domains, and these queries don't even appear in the query log.

Just read the description of this option carefully :)

那我知道是不同，那我想问wiki上有？他们现在把访问设置当过滤来使用，我已在写了.lan是排除的也不会写到日记中，可为什么我是访问该域名呢？请问你有测试了？ So I know it's different, so I'm gonna ask is it on wiki? They are now using access Settings as filters, I have written that . LAN is excluded and will not be written in the diary, but why am I accessing this domain? Do you have a test? (￢_￢)

The test? https://github.com/AdguardTeam/AdGuardHome/issues/4436#issuecomment-1080171365

[fernvenue]

So I know it's different, so I'm gonna ask is it on wiki?

In web UI you can find that description just under the Disallowed domains option like I said https://github.com/AdguardTeam/AdGuardHome/issues/4436#issuecomment-1086532017 here. About Adblock-Style Syntax you can get information from AdGuardHome Wiki just like what I said https://github.com/AdguardTeam/AdGuardHome/issues/4436#issuecomment-1086500771 here.

They are now using access Settings as filters...

I don't get it. They? Who? Nobody should be confused this with filters.

Do you have a test?

Of course, and you can try it by yourself too.

If you use *.lan and resolve some domain matching it you will get this:

~# nslookup www.lan.com
;; connection timed out; no servers could be reached

And if you use ||lan^ and resolve same domain again you will get something like this:

~# nslookup www.lan.com
Server:         127.0.0.1
Address:        127.0.0.1#53

Non-authoritative answer:
www.lan.com     canonical name = www.prod.lan.com.
www.prod.lan.com        canonical name = secure.lan.com.edgekey.net.
secure.lan.com.edgekey.net      canonical name = e11633.b.akamaiedge.net.
Name:   e11633.b.akamaiedge.net
Address: 96.7.98.230

Until here, the problem you're having https://github.com/AdguardTeam/AdGuardHome/issues/4436#issuecomment-1080167130 is pretty clear. Addresses like airuila.lanzous.com cannot be reached just because of *.lan in Disallowed domains.

Let's move on to see what happens if we use Custom filtering rules instead of Disallowed domains:

edited: I changed the content to ||lan.com^ here for testing the difference between Custom filtering rules and Disallowed domains.

~# nslookup www.lan.com
Server:         127.0.0.1
Address:        127.0.0.1#53

Non-authoritative answer:
Name:   www.lan.com
Address: 0.0.0.0

And actually AdGuardHome already give us some information about block mode:

Blocking mode Default: Respond with zero IP address (0.0.0.0 for A; :: for AAAA) when blocked by Adblock-style rule; respond with the IP address specified in the rule when blocked by /etc/hosts-style rule REFUSED: Respond with REFUSED code NXDOMAIN: Respond with NXDOMAIN code Null IP: Respond with zero IP address (0.0.0.0 for A; :: for AAAA) Custom IP: Respond with a manually set IP address

No drop option here. So we can not use it as filters, return a meanningless answer will make clients do not try to resolve the domain by any other upstream. That's all, hope this can help you :)

[Potterli20]

So I know it's different, so I'm gonna ask is it on wiki?

In web UI you can find that description just under the Disallowed domains option like I said https://github.com/AdguardTeam/AdGuardHome/issues/4436#issuecomment-1086532017 here. About Adblock-Style Syntax you can get information from AdGuardHome Wiki just like what I said https://github.com/AdguardTeam/AdGuardHome/issues/4436#issuecomment-1086500771 here.

They are now using access Settings as filters...

I don't get it. They? Who? Nobody should be confused this with filters.

Do you have a test?

Of course, and you can try it by yourself too.

If you use *.lan and resolve some domain matching it you will get this:

~# nslookup www.lan.com
;; connection timed out; no servers could be reached

And if you use ||lan^ and resolve same domain again you will get something like this:

~# nslookup www.lan.com
Server:         127.0.0.1
Address:        127.0.0.1#53

Non-authoritative answer:
www.lan.com     canonical name = www.prod.lan.com.
www.prod.lan.com        canonical name = secure.lan.com.edgekey.net.
secure.lan.com.edgekey.net      canonical name = e11633.b.akamaiedge.net.
Name:   e11633.b.akamaiedge.net
Address: 96.7.98.230

Until here, the problem you're having https://github.com/AdguardTeam/AdGuardHome/issues/4436#issuecomment-1080167130 is pretty clear. Addresses like airuila.lanzous.com cannot be reached just because of *.lan in Disallowed domains.

Let's move on to see what happens if we use Custom filtering rules instead of Disallowed domains:

~# nslookup www.lan.com
Server:         127.0.0.1
Address:        127.0.0.1#53

Non-authoritative answer:
Name:   www.lan.com
Address: 0.0.0.0

So we can not use it as filters, return a meanningless answer will make clients do not try to resolve the domain by any other upstream. That's all, hope this can help you :)

Please translate the preceding Chinese by yourself. You don't understand. You're talking for nothing. I said I was using custom filtering, and I was talking about access Settings from beginning to end. You set please send pictures instead of www.lan.com

[fernvenue]

在dns设置-不允许域名 我设置成这样的 version.bind id.server hostname.bind .in-addr.arpa .ip6.arpa *.lan

Isn't that saying you use Disallowed domains? Chinese is not my native language. And I use www.lan.com just for an example, it works for all matching domains, such as developer.lanzoug.com, airuila.lanzous.com and so on, in the screenshots above you have also said that you are having problems accessing these domains.

Of course, you can also reproduce my tests exactly as well.

[Potterli20]

在dns设置-不允许域名 我设置成这样的 version.bind id.server hostname.bind .in-addr.arpa .ip6.arpa *.lan

Isn't that saying you use Disallowed domains? Chinese is not my native language. And I use www.lan.com just for an example, it works for all matching domains, such as developer.lanzoug.com, airuila.lanzous.com and so on, in the screenshots above you have also said that you are having problems accessing these domains.

Of course, you can also reproduce my tests exactly as well.

The top is not allowed domain name, the bottom is not allowed domain name. Well, let me ask you,

AdGuard Home 将排除匹配这些网域的 DNS 查询，并且这些查询将不会在查询日志中显示 AdGuard Home will exclude DNS queries that match these domains, and these queries will not show up in the query log

这个就是中文的意思 That's what it means in Chinese

[Potterli20]

那我要求也很简单，屏蔽该域名的请求日记，不受域名请求(可以正常访问)。

That I request is also very simple, shield the domain name request diary, not by domain name request (normal access).

[fernvenue]

The top is not allowed domain name, the bottom is not allowed domain name.

I don't get it, that's no difference.

...not by domain name request (normal access).

What is...well, I can't understand your statement either Chinese or English, let someone else give you some advice.