fernvenue
commented
2 years ago Seems like your device is hitting a rate limit or something, I'm not sure, you can use verbose log to get more information.
Open chriskloe opened 2 years ago
fernvenue
commented
2 years ago Seems like your device is hitting a rate limit or something, I'm not sure, you can use verbose log to get more information.
chriskloe
commented
2 years ago Sorry for the delay, I got not much time for experiments....
what I did:
But this is something I am discovering rom time to time when I want to play around with the settings to fix the problem: sometimes it suddenly starts to work for a while but short time later it doesn't work again. So no clear repeatable behaviour what is an indiciation for a software bug for me.
I am still trying to get a log of that behaviour and I will post it as soon as I got it.
chriskloe
commented
2 years ago OK, this time it worked. When I am interpreting the log in the right ways this is the section showing a failed attempt:
2022/04/10 22:14:38.521227 14821#509 [debug] github.com/AdguardTeam/dnsproxy/proxy.(Proxy).udpHandlePacket(): Start handling new UDP packet from 192.168.178.51:6827 2022/04/10 22:14:38.528072 14821#509 [debug] github.com/AdguardTeam/dnsproxy/proxy.(Proxy).logDNSMessage(): IN: ;; opcode: QUERY, status: NOERROR, id: 24976 ;; flags: rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION: ;server.fritz.box. IN A
2022/04/10 22:14:38.528380 14821#509 [debug] SafeBrowsing: found in cache: server.fritz.box: not blocked 2022/04/10 22:14:38.528516 14821#509 [debug] github.com/AdguardTeam/AdGuardHome/internal/filtering.(DNSFilter).checkSafeBrowsing(): SafeBrowsing lookup for server.fritz.box; Elapsed time: 0ms 2022/04/10 22:14:38.528680 14821#509 [debug] 192.168.178.1:53: sending request A server.fritz.box. 2022/04/10 22:14:38.531326 14821#509 [debug] 192.168.178.1:53: response: ok 2022/04/10 22:14:38.531477 14821#509 [debug] github.com/AdguardTeam/dnsproxy/upstream.exchange(): upstream 192.168.178.1:53 successfully finished exchange of ;server.fritz.box. IN A. Elapsed 2.812636ms. 2022/04/10 22:14:38.531557 14821#509 [debug] github.com/AdguardTeam/dnsproxy/proxy.(Proxy).replyFromUpstream(): RTT: 2.933282ms 2022/04/10 22:14:38.531656 14821#509 [debug] client ip: 192.168.178.51 2022/04/10 22:14:38.531761 14821#509 [debug] github.com/AdguardTeam/dnsproxy/proxy.(*Proxy).logDNSMessage(): OUT: ;; opcode: QUERY, status: NXDOMAIN, id: 24976 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION: ;server.fritz.box. IN A
;; AUTHORITY SECTION: fritz.box. 9 IN SOA fritz.box. admin.fritz.box. 1649621678 21600 1800 43200 10
This is another query from another client in the same timeframe that passed (in fact it's the laptop I used to access the log):
2022/04/10 22:14:45.551252 14821#410 [debug] github.com/AdguardTeam/dnsproxy/proxy.(Proxy).udpHandlePacket(): Start handling new UDP packet from 192.168.178.55:63858 2022/04/10 22:14:45.558060 14821#410 [debug] github.com/AdguardTeam/dnsproxy/proxy.(Proxy).logDNSMessage(): IN: ;; opcode: QUERY, status: NOERROR, id: 17080 ;; flags: rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION: ;server.fritz.box. IN A
2022/04/10 22:14:45.558167 14821#411 [debug] SafeBrowsing: found in cache: server.fritz.box: not blocked 2022/04/10 22:14:45.558298 14821#410 [debug] SafeBrowsing: found in cache: server.fritz.box: not blocked 2022/04/10 22:14:45.558360 14821#411 [debug] github.com/AdguardTeam/AdGuardHome/internal/filtering.(DNSFilter).checkSafeBrowsing(): SafeBrowsing lookup for server.fritz.box; Elapsed time: 0ms 2022/04/10 22:14:45.558406 14821#410 [debug] github.com/AdguardTeam/AdGuardHome/internal/filtering.(DNSFilter).checkSafeBrowsing(): SafeBrowsing lookup for server.fritz.box; Elapsed time: 0ms 2022/04/10 22:14:45.558521 14821#410 [debug] serving response from general cache 2022/04/10 22:14:45.558536 14821#411 [debug] 192.168.178.1:53: sending request AAAA server.fritz.box. 2022/04/10 22:14:45.558595 14821#410 [debug] client ip: 192.168.178.55 2022/04/10 22:14:45.558695 14821#410 [debug] github.com/AdguardTeam/dnsproxy/proxy.(*Proxy).logDNSMessage(): OUT: ;; opcode: QUERY, status: NXDOMAIN, id: 17080 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION: ;server.fritz.box. IN A
;; AUTHORITY SECTION: fritz.box. 2 IN SOA fritz.box. admin.fritz.box. 1649621678 21600 1800 43200 10
2022/04/10 22:14:45.561969 14821#411 [debug] 192.168.178.1:53: response: ok
Is there any information to read from that? I just see "NXDOMAIN" another time but no reason, no failure, no error code...
chriskloe
commented
2 years ago FYI: I am usually working with the first two entries on the general settings page enabled (this translates to something like "Block domains by filters and host-files" and "use AdGuard webservice for internet safety" from the German UI. For a test I deactivated both entries and it immediately started to work, even after a restart of AdGuardHome. I'll wait a while, see if it keeps working tomorrow and keep you updated.
Stopped working again. After enabling both filters it works again (not for long I guess). There's definitely something buggy!
chriskloe
commented
2 years ago To convince you it's not a kodi related issue: the same happens when I want access the AdGuardHome webpage on the server from the tablet. FYI: no change with the latest update.
ainar-g
commented
2 years ago Apologies, this issue seems to have slipped through the cracks.
I assume that server.fritz.box is a domain name that is dynamically allocated by the router? The logs don't show anything unusual, so my first assumption is that perhaps the router “forgets” that domain every once in a while?
chriskloe
commented
2 years ago Hupps, there is still an open topic. Some updates later it is still not working. What I am reading from the logs cited above: tablet is asking for the ip-adress of server.fritz.box AGH is forwarding the request to the router Router is answering properly with an ip AGH is not forwarding the ip but responding with NXDOMAIN. It would be great to have a reason for that conversion in the log! The problem repeatedly disappears as soon as I let the router set the DNS address to it's own one instead of AGH (using DHCP/DDNS),
chris@server:/opt/AdGuardHome$ ./AdGuardHome -v --version AdGuard Home Version: v0.107.5 Channel: release Go version: go1.16.15 Build time: 2022-03-04T12:59:06Z+0000 GOOS: linux GOARCH: amd64 Race: false Dependencies: github.com/AdguardTeam/dnsproxy@v0.40.7-0.20220207171519-b3947de6a902 (sum: h1:6pxvSWL9tVelFo0R3t6Pn8u6YU5dCqTVehvNnP6lOqI=) github.com/AdguardTeam/golibs@v0.10.4 (sum: h1:TMBkablZC0IZOpRgg9fzAKlxxNhSN2YJq7qbgtuZ7PQ=) github.com/AdguardTeam/urlfilter@v0.15.2 (sum: h1:LZGgrm4l4Ys9eAqB+UUmZfiC6vHlDlYFhx0WXqo6LtQ=) github.com/NYTimes/gziphandler@v1.1.1 (sum: h1:ZUDjpQae29j0ryrS0u/B8HZfJBtBQHjqw2rQ2cqUQ3I=) github.com/aead/chacha20@v0.0.0-20180709150244-8b13a72661da (sum: h1:KjTM2ks9d14ZYCvmHS9iAKVt9AyzRSqNU1qabPih5BY=) github.com/aead/poly1305@v0.0.0-20180717145839-3fee0db0b635 (sum: h1:52m0LGchQBBVqJRyYYufQuIbVqRawmubW3OFGqK1ekw=) github.com/ameshkov/dnscrypt/v2@v2.2.3 (sum: h1:X9UP5AHtwp46Ji+sGFfF/1Is6OPI/SjxLqhKpx0P5UI=) github.com/ameshkov/dnsstamps@v1.0.3 (sum: h1:Srzik+J9mivH1alRACTbys2xOxs0lRH9qnTA7Y1OYVo=) github.com/beefsack/go-rate@v0.0.0-20200827232406-6cde80facd47 (sum: h1:M57m0xQqZIhx7CEJgeLSvRFKEK1RjzRuIXiA3HfYU7g=) github.com/cheekybits/genny@v1.0.0 (sum: h1:uGGa4nei+j20rOSeDeP5Of12XVm7TGUd4dJA9RDitfE=) github.com/digineo/go-ipset/v2@v2.2.1 (sum: h1:k6skY+0fMqeUjjeWO/m5OuWPSZUAn7AucHMnQ1MX77g=) github.com/fsnotify/fsnotify@v1.5.1 (sum: h1:mZcQUHVQUQWoPXXtuf9yuEXKudkV2sx1E06UadKWpgI=) github.com/go-ping/ping@v0.0.0-20210506233800-ff8be3320020 (sum: h1:mdi6AbCEoKCA1xKCmp7UtRB5fvGFlP92PvlhxgdvXEw=) github.com/google/go-cmp@v0.5.5 (sum: h1:Khx7svrCpmxxtHBq5j2mp/xVjsi8hQMfNLvJFAlrGgU=) github.com/google/gopacket@v1.1.19 (sum: h1:ves8RnFZPGiFnTS0uPQStjwru6uO6h+nlr9j6fL7kF8=) github.com/google/renameio@v1.0.1 (sum: h1:Lh/jXZmvZxb0BBeSY5VKEfidcbcbenKjZFzM/q0fSeU=) github.com/insomniacslk/dhcp@v0.0.0-20210310193751-cfd4d47082c2 (sum: h1:NpTIlXznCStsY88jU+Gh1Dy5dt/jYV4z4uU8h2TUOt4=) github.com/josharian/native@v0.0.0-20200817173448-b6b71def0850 (sum: h1:uhL5Gw7BINiiPAo24A2sxkcDI0Jt/sqp1v5xQCniEFA=) github.com/kardianos/service@v1.2.0 (sum: h1:bGuZ/epo3vrt8IPC7mnKQolqFeYJb7Cs8Rk4PSOBB/g=) github.com/lucas-clemente/quic-go@v0.24.0 (sum: h1:ToR7SIIEdrgOhgVTHvPgdVRJfgVy+N0wQAagH7L4d5g=) github.com/marten-seemann/qtls-go1-16@v0.1.4 (sum: h1:xbHbOGGhrenVtII6Co8akhLEdrawwB2iHl5yhJRpnco=) github.com/mdlayher/ethernet@v0.0.0-20190606142754-0394541c37b7 (sum: h1:lez6TS6aAau+8wXUP3G9I3TGlmPFEq2CTxBaRqY6AGE=) github.com/mdlayher/netlink@v1.4.0 (sum: h1:n3ARR+Fm0dDv37dj5wSWZXDKcy+U0zwcXS3zKMnSiT0=) github.com/mdlayher/raw@v0.0.0-20210412142147-51b895745faf (sum: h1:InctQoB89TIkmgIFQeIL4KXNvWc1iebQXdZggqPSwL8=) github.com/miekg/dns@v1.1.45 (sum: h1:g5fRIhm9nx7g8osrAvgb16QJfmyMsyOCb+J7LSv+Qzk=) github.com/patrickmn/go-cache@v2.1.0+incompatible (sum: h1:HRMgzkcYKYpi3C8ajMPV8OFXaaRUnok+kx1WdO15EQc=) github.com/pkg/errors@v0.9.1 (sum: h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=) github.com/satori/go.uuid@v1.2.0 (sum: h1:0uYX9dsZ2yD7q2RtLRtPSdGDWzjeM3TbMJP9utgA0ww=) github.com/ti-mo/netfilter@v0.4.0 (sum: h1:rTN1nBYULDmMfDeBHZpKuNKX/bWEXQUhe02a/10orzg=) github.com/u-root/u-root@v7.0.0+incompatible (sum: h1:u+KSS04pSxJGI5E7WE4Bs9+Zd75QjFv+REkjy/aoAc8=) go.etcd.io/bbolt@v1.3.6 (sum: h1:/ecaJf0sk1l4l6V4awd65v2C3ILy7MSj+s/x1ADCIMU=) golang.org/x/crypto@v0.0.0-20211215153901-e495a2d5b3d3 (sum: h1:0es+/5331RGQPcXlMfP+WrnIIS6dNnNRe0WB02W0F4M=) golang.org/x/net@v0.0.0-20211216030914-fe4d6282115f (sum: h1:hEYJvxw1lSnWIl8X9ofsYMklzaDs90JI2az5YMd4fPM=) golang.org/x/sync@v0.0.0-20210220032951-036812b2e83c (sum: h1:5KslGYwFpkhGh+Q16bwMP3cOontH8FOep7tGV86Y7SQ=) golang.org/x/sys@v0.0.0-20211216021012-1d35b9e2eb4e (sum: h1:fLOSk5Q00efkSvAm+4xcoXD+RRmLmmulPn5I3Y9F2EM=) golang.org/x/text@v0.3.7 (sum: h1:olpwvP2KacW1ZWvsR7uQhoyTYvKAupfQrRGBFM352Gk=) gopkg.in/natefinch/lumberjack.v2@v2.0.0 (sum: h1:1Lc07Kr7qY4U2YPouBjpCLxpiyxIVoxqXgkXLknAOE8=) gopkg.in/yaml.v2@v2.4.0 (sum: h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY=) howett.net/plist@v0.0.0-20201203080718-1454fab16a06 (sum: h1:QDxUo/w2COstK1wIBYpzQlHX/NqaQTcf9jyz347nI58=
How did you install AdGuard Home:
Following instructions provided by a local IT magazine (heise.de), when I remember right it was loading and executing an install script from github.
How did you setup DNS configuration:
I got a local FritzBox that does the usual DNS and is upstream for AdGuard home: https://dns10.quad9.net/dns-query https://dnsforge.de/dns-query [//fritz.box/local/]192.168.178.1
The network is configured as DHCP and FritzBox is sending the IP of the server, where AdGuardHome is running as DNS. The server is configured with a fixed IP in the FritzBox.
My server with AdGuard is running on:
CPU architecture: Intel Xeon 2176
Operating system and version:
Ubuntu 20.4.3 LTS
Expected Behavior
I am runing several clients in the network that need to resolve local IP-addresses to access file shares, services like nextcloud, a database, tvheadend and so on running on the same server than AdGuardHome. To make that work I set up a dns forwarding rule in the adguard home configuration (shown above) and I made Adguard home start with the extra option --no-etc-hosts (why is this not an option available from the settings page?!). For most of the clients and most of the software running that works perfectly well.
Actual Behavior
I have one client in the network, a Samsung Android Tablet running Anroid 8.1.0 that repeatedly gets NXDOMAIN-responses when trying to resolve local services. Most of the time this affects file shares (samba), and mysql-database running on the server. Very weird: accessing tvheadend on the same server seems to work. Attached a screenshot from the AdGuardHome accesslog showing some rejected resolves during startup of kodi on that tablet.
Please contact me if you need more information. Thanks in advance for any kind of support, this issue is really annoying.
By the way: another annoying topic: it would be great to see a reason for any kind of reject from the log. Reading only "NXDOMAIN" drives me nuts.