AdguardTeam / AdGuardHome

Network-wide ads & trackers blocking DNS server
https://adguard.com/adguard-home/overview.html
GNU General Public License v3.0
25.55k stars 1.84k forks source link

IPv6 Clients No Longer Appearing in Dashboard #5110

Closed arubamon closed 1 year ago

arubamon commented 2 years ago

Prerequisites

Operating system type

Windows

CPU architecture

AMD64

Installation

GitHub releases or script from README

Setup

On one machine

AdGuard Home version

v0.107.17

Description

What did you do?

For the last year and a half since I first installed AdGuard Home, IPv6, as well as IPv4, clients were appearing in my dashboard. As of a few days ago, only IPv4 clients are being recognized. I do not believe I have changed anything in my home network that would cause this issue. I had been running the latest edge build of AdGuard Home, however, a day or two ago I uninstalled the edge build and installed the latest stable release, v0.107.17 to see if it may be an issue with a recent build. This issue still persists after installing the most recent stable release

I have native IPv6 from my ISP and have verified that I can still ping and access IPv6 addresses and that I still have IPv6 connectivity on both my Windows 10 (x64) machine hosting AdGuard Home as well as my client devices connected to my hosting machine

IPv6 traffic is still being filtered through AdGuard Home but IPv6 clients are no longer appearing in my dashboard

I have not modified any settings in AdGuard Home immediately prior to this issue occurring

Expected result

Both IPv6, as well as IPv4, clients should appear in my dashboard

Actual result

Only IPv4 clients now appear in my dashboard

Screenshots (if applicable)

Screenshot on 2022-11-06 at 10 30 53 Screenshot on 2022-11-06 at 10 31 12 Screenshot on 2022-11-06 at 10 31 27 Screenshot on 2022-11-06 at 10 31 43 Screenshot on 2022-11-06 at 10 31 51 Screenshot on 2022-11-06 at 10 32 23 Screenshot on 2022-11-06 at 10 33 00

Additional information

Screenshots attached, which may help me resolve this issue

arubamon commented 2 years ago

This issue is still present after upgrading to AdGuard Home v0.107.18, the latest stable release

arubamon commented 2 years ago

I have now reverted back to the lastest edge build, which is currently v0.108.0-a.382+167b1125. This issue still persists. Is there any solution to this issue, which only just started occurring for me within the last week or so? Thanks in advance

arubamon commented 1 year ago

This issue still persists on the lastest edge build, v0.108.0-a.393. Any ideas? Thanks again

arubamon commented 1 year ago

I am now on the latest edge build, v0.108.0-a.416. Can anyone help me figure out why my IPv6 clients are no longer showing up in my AdGuard Home dashboard? Thank you again

arubamon commented 1 year ago

Does no one have a solution for this issue, which i submitted almost four months ago? Thank you again

ainar-g commented 1 year ago

Apologies for this issue not getting attention. What are the values in the dns.bind_hosts array in your AdGuardHome.yaml? Are there any IPv6 addresses? Does it start working if you add them? (Make sure to stop AdGuard Home before editing the file to prevent AGH from overwriting it.)

arubamon commented 1 year ago

Thank you, @ainar-g, for getting back with me after all these months. As this was my first post here, I wasn't sure if maybe I wasn't doing something correctly

It seems my IPv6 clients have not been showing up in my AdGuard Home dashboard for the last four months or so basically because I'm an idiot, which I will explain below. As I have been using computers since around around 1992 when my parents got our first one, which was a 486DX2-66 running Windows 3.1, I should be more familiar with what is essentially basic networking knowledge, however, it appears I need to ask for assistance

To reiterate, I am hosting my AdGuard Home DNS server locally from my PC running Windows 10 (x64). I have native IPv6 from my ISP and have verified that I can still ping and access IPv6 addresses and that I still have IPv6 connectivity on both my Windows 10 hosting machine as well as my client devices connected to this hosting machine

I may not have configured my DNS server correctly after moving and using a new ISP, modem, and router, so essentially a new network, last September, but until about six weeks or so later, around the beginning of November, my IPv6, as well as my IPv4, clients were appearing in my AdGuard Home dashboard. Since then, only IPv4 clients have been showing up. It appears I have just now, after reading your reply, figured out why

Obviously, a device's local IPv4 addresses do not change when set statically, however, IPv6 addresses have at least one temporary IP address per device which does change, which is part of the networking basics I mentioned that I should not have to get clarification on. I had the DNS servers in Windows machine, on my TV, and on my Android phone using the IPv4 and IPv6 addresses of both my Windows machine's wired and wireless connections, and I was able to see both IPv4 and IPv6 clients for all my devices. It appears now, however, after reading your reply, that my IPv6 addresses for my Windows machine., which is hosting my DNS server, have all changed

For the past month or so, I have only been using my wired connection on my hosting machine, so even though I did not remove the IPv6 address for my wireless connection from the secondary DNS server for any of my clients, including on my Windows machine, I have not been seeing any IPv6 clients because the IPv6 addresses of my hosting machine's wired connection have changed

My questions now are as follows:

  1. On the attached screen, why is there an IPv6 address on the sixth line and also on the ninth line, in addition to the temporary IPv6 address on the tenth line down under my wired connection 'Ethernet adapter Ethernet'?
  2. Which IPv6 address(es) should I be using for my IPv6 DNS address(es) on my client machines?
  3. Should I also be using the above IPv6 address(es) for my IPv6 DNS address(es) on my Windows machine, which is hosting my DNS server, since it is also a client? It seems I should, as everything was working until my IPv6 addresses changed

As Android 12.1, or any Android version, I believe, does not have the built-in capability to modify your IPv6 DNS addresses, I am using a DNS changer, as well as also routing my traffic through a local HTTP proxy in AdGuard for Android on my rooted device. Until the beginning of November, this device also showed up as an IPv6 client in my dashboard

I just changed the IPv6 DNS address on my Windows hosting machine as well as in my DNS changer app on my Android device to the DNS server of my Windows machine located on the sixth line in the attached screen from my ipconfig /all command. My Windows machine now shows up as an IPv6 client, however, my Android device, which is the only other device I'm using at the moment, still does not. This device does not appear as a IPv6 client for me when I either use my DNS changer or when routing my traffic through a local HTTP proxy in AdGuard for Android in addition to using my DNS changer app. I did, at one time, try running the below script, which I modified slightly, on my device, but I can't quite remember the outcome:

#!/system/bin/sh
# Enable IPv6
echo 1 > /proc/sys/net/ipv6/conf/wlan0/accept_ra
echo 1 > /proc/sys/net/ipv6/conf/wlan1/accept_ra
echo 0 > /proc/sys/net/ipv6/conf/all/disable_ipv6

I'm not sure what the best way to achieve this is, which hopefully you do. It appears the DNS changer app I have been using, though, is doing exactly what it should be, at least when I the server(s) configured correctly

And to finally answer your question, I went through several backups of my AdGuardHome.yaml file I have from the middle of September until now, and every single one, including the ones when everything worked as expected, show:

dns:
  bind_hosts:
    - 0.0.0.0

I know I made this much more complicated that it needed to be, but I hope you were able to follow along and that the extra information was helpful. Thank you again for your assistance

EDIT: After changing the IPv6 DNS address for both my Windows machine and Android device from the IPv6 address of my Windows machine on the sixth line to the one of the ninth line, my Windows machine is still showing up as an IPv6 client, now using this updated IPv6 address, however, my Android device still does not appear as an IPv6 client, when it should already be transmitting IPv6 traffic

Screenshot on 2023-02-27 at 05 57 45 (redacted)

ainar-g commented 1 year ago

I'm glad that the problem has been partially resolved. The answers to your questions will depend on whether your network uses DHCPv6 or SLAAC to assign IPv6 addresses. (Assuming that DHCP Enabled . . . No refers only to DHCPv4.) If DHCPv6 is used, you can probably assign a static lease to the Windows machine in the router settings. Otherwise if SLAAC is used, there should probably be some kind of a setting on the Windows machine to set the method of address creation and the frequency of change.

arubamon commented 1 year ago

Thank you for getting back to me almost immediately. The main, well, I guess, only reason I'm having to use a DNS changer on my Android device, is because the gateway (modem + router) provided by my current ISP has several router settings which are not configurable, namely changing the DNSv6 addresses. I am able to configure my IPv4 and IPv6 address ranges by modifying my DHCPv4 and DHCPv6 beginning and ending addresses, but I don't know enough about IPv6 addresses to modify those. I also have two options for LAN IPv6 Address Assignment, Stateless (Auto-Config) and Stateful (Use DHCP Server), however, the SLAAC option is grayed out, which may or may not have anything to do with my other router settings. I briefly skimmed over the below page for additional info regarding these two options:

https://networkengineering.stackexchange.com/questions/47829/dhcpv6-stateful-vs-stateless-what-is-difference-between-it

I am also able to also modify both my Link-Local Gateway Address and my Global Gateway Address, however, I cannot change my DNS servers, either DNSv4 or DNSv6. Setting all my devices static with the IPv4 address of my Windows machine hosting my AdGuard Home DNS server as each client's DNS server is beneficial, of course, only if I did not also have IPv6 enabled. So without changing my DNSv6 address on my Android device, by either using a DNS changer or some other method, that traffic is not routed through my DNS server, which, of course, is what I want. There is at least one other device currently on my network, my cable box from the same company, which I cannot modify the DNS addresses on at all, either IPv4 or IPv6, so I obviously cannot block any traffic on this device, since I cannot change the DNS addresses on my gateway

It looks like it was helpful that I changed the DNSv6 address for both my Windows machine and Android device from the IPv6 address of my Windows machine on the sixth line to the one of the ninth line, since the one on the sixth line just changed. This one, however, does not say 'Temporary' like the one on the tenth line, so I still am not sure why there are three DNS addresses for my wired network adapter and why one of the two that does not say 'Temporary' is changing

Hopefully this additional information clarified things and I didn't make it more confusing, since I have a habit of overexplaining and confusing others, and occasionally myself. :} If so, are you now able to answer my three previous questions as well as determine what may be the cause of my Android device still not appearing as an IPv6 client in my AdGuard Home dashboard?

Again, thank you for your prompt reply, @ainar-g

UPDATE: I just checked my dashboard and noticed that four requests were blocked by an IPv6 address of a new client, and upon checking my Android device, I verified that this IPv6 address it the current temporary IPv6 address of this device. I did absolutely nothing between the time I posted everything above this "UPDATE:" and now, which would have been difficult, as I was asleep. I'm unsure if all IPv6 requests on this device are being filtered through my AdGuard Home DNS server, however, I did check https://ipv6.ipleak.net and see that an additional 95 requests from this site and a few others were just routed through my DNS server. As I did before, every time my temporary IPv6 address changes, I will have to add the new IPv6 address to my client for that device so I know what traffic is coming from which device and also to ensure that the new temporary IPv6 address do belong to my devices or ones I want on my network. Is this what I have to do to accomplish this? Thank you again

ainar-g commented 1 year ago

By the sound of it, it seems like DHCPv6 is enabled in the router, and if so, there is probably a way to set a static IPv6 address lease to the Windows machine the same way you've set it a static IPv4 one. And if there is, you should set it a static IPv6 address lease and use the address from it.

If not, another way to try would be DynDNS. Assuming that your router supports that, and that the devices can use hostnames as DNS addresses, using the router as the bootstrap server, the router would respond to AAAA queries with the currently leased IPv6 address. In theory.

arubamon commented 1 year ago

@ainar-g, thank you again for getting back with me. If this were a router I purchased, I wouldn't have a problem being able to modify my DNSv6 addresses, either in the router settings of the official firmware or a custom one, such as DD-WRT. However, I am using a gateway (modem + router) that I rent from my ISP, which has limited configurable settings. I am attaching a screen of the local IP Config settings, which shows the options I mentioned earlier. All redacted settings can be modified other than the first four groups of hexadecimal digits of the DHCPv6 Beginning and Ending Addresses

After setting the DNSv6 address in my DNS Changer app on my rooted Android device to the IPv6 address on the ninth line from my ipconfig /all command from the screen I previously attached, IPv6 traffic is now only sometimes being routed through my DNS server, and I'm not sure why. I can tell this because, not only is there no increase in IPv6 requests from my current IPv6 address of this device in AdGuard Home, there are several entries in the DNS log from my DNS changer app where one request from a particular domain is blocked and another request from the same domain is allowed. Every check I've done on https://www.top10vpn.com/tools/what-is-my-dns-server on this device, whether I am using the DNS changer by itself or in conjunction with AdGuard for Android, returns only Cloudflare DNS servers, which tells me this device is using my DNS server for both DNSv4 and DNSv6, since I have the Bootstrap DNS Servers in AdGuard Home set to:

1.1.1.1
1.0.0.1
2606:4700:4700::1111
2606:4700:4700::1001

Otherwise, it would show my ISP's DNSv6 addresses, which again, I do not believe is possible to modify with a DNS changer, unless possibly with a shell command such as the one I posted previously. I'm still unsure why this device's IPv6 traffic is only sometimes being routed through my DNS server though

A few minutes ago, I also just got 50 requests in 8 seconds from domains, all of which I recognize as initiating from this same Android device, but from a client with an IPv6 address belonging to my mobile carrier, not my ISP. How is it possible that traffic from a device can go through my DNS server on my LAN when this device was using cell data rather than being connected to my local network via Wi-Fi? I've seen this before in the past as well

Thank you again. Additional screens to follow

Screenshot on 2023-02-27 at 23 56 17

ainar-g commented 1 year ago

https://www.manualslib.com/manual/659561/Comcast-Xfinity.html?page=28#manual

According to this, you should be able to set a static IP address for your Windows machine on the Connected Devices > Computers page. If that's not available, or if it only works with IPv4 addresses, then I'm not sure if there is a better way than those I've listed above, sorry.

Also, whatever addresses you use, make sure to put the address into both primary and secondary address inputs, if there are two or more. Otherwise devices will often use their default addresses.

arubamon commented 1 year ago

@ainar-g, thank you again for getting back with me. While the user manual you linked in your last reply was not the correct one for my gateway, which is a Technicolor CGM4331COM, with a relevant user manual located at https://www.manualslib.com/manual/1877122/Technicolor-Cgm4331-Series.html, I knew where to look for the info you provided. Only IPv4 addresses can be set statically in the router settings

Again, for reference, I am able to configure my IPv4 and IPv6 address ranges by modifying my DHCPv4 and DHCPv6 beginning and ending addresses, but I don't know enough about IPv6 addresses to modify those. I also have two options for LAN IPv6 Address Assignment, Stateless (Auto-Config) and Stateful (Use DHCP Server), however, the SLAAC option is grayed out, which may or may not have anything to do with my other router settings. Since it is not possible to give devices a static IPv6 address in my router settings, I do not believe modifying my Link-Local Gateway Address, Global Gateway Address, or the DHCPv6 Beginning Address or DHCPv6 Ending Address will do me any good, correct? From your previous replies, it seems my only option then would be to use a dynamic DNS provider, is this correct as well? I do not believe even this is possible with the gateway I lease from Comcast Xfinity, therefore, is seems I have no available options, as far as I can tell

None of the below may even matter anymore then, but please let me know if anything here would be beneficial to my situation:

You can set both primary and secondary DNS servers in both Android settings and well as in the settings for my DNS changer app, which I did following your last reply, however, it appeared my Android device's IPv6 traffic was still only sometimes being routed through my DNS server, since there are several entries in the DNS log of my DNS changer app where one request from a particular domain is blocked and another request from the same domain is allowed. However, all of these requests are blocked in my Query Log for AdGuard Home, so it seems none are actually getting through. Is this was you would conclude as well? I do not have screens showing all allowed domains that correspond to every blocked domain in the DNS log of my DNS changer app that I am attaching a screen of, but, as you can see, per my Query Log for AdGuard Home, all of these domains were indeed blocked, at least in AdGuard Home

You cannot natively set both the Preferred and Alternate DNS servers in Windows to the same IP address though, either for IPv4 or IPv6. Screens attached

Again, my current AdGuardHome.yaml file, and all backups that I have since at least the middle of September, show:

dns:
  bind_hosts:
    - 0.0.0.0

My additional questions are still as follows:

  1. On the previously attached screen, why is there an IPv6 address on the sixth line and also on the ninth line, in addition to the temporary IPv6 address on the tenth line down under my wired connection 'Ethernet adapter Ethernet'?
  2. Which IPv6 address(es) should I be using for my IPv6 DNS address(es) on my client machines?
  3. Should I also be using the above IPv6 address(es) for my IPv6 DNS address(es) on my Windows machine, which is hosting my DNS server, since it is also a client? It seems I should, as everything was working until my IPv6 addresses changed
  4. As Android does not have the capability to natively modify DNSv6 addresses, would a script such as the below achieve the same outcome as using a DNS changer app. I have been using https://play.google.com/store/apps/details?id=mobi.freeapp.dns.changer, which is the only one I have been able to get to work as intended
#!/system/bin/sh
# Enable IPv6
echo 1 > /proc/sys/net/ipv6/conf/wlan0/accept_ra
echo 1 > /proc/sys/net/ipv6/conf/wlan1/accept_ra
echo 0 > /proc/sys/net/ipv6/conf/all/disable_ipv6
  1. I previously stated that requests from domains, all of which I recognize as initiating from my Android device, came from an IPv6 address belonging to my mobile carrier, not my ISP. How is it possible that traffic from a device can go through my DNS server on my LAN when this device was using cell data rather than being connected to my local network via Wi-Fi? I have seen this before in the past as well

I know I again made this much more complicated that it needed to be, but I hope the extra information is helpful. If there are any questions which are beyond your expertise, since many do not deal specially with AdGuard Home, please notate this in your reply. Hopefully, with your next reply, I can close this issue, as you are probably tired of replying to my long and complex responses. Thank you once again for your assistance

Screenshot on 2023-02-28 at 03 16 19 Screenshot on 2023-03-01 at 19 34 36 Screenshot on 2023-03-01 at 19 34 49 Screenshot on 2023-03-01 at 19 35 03 Screenshot on 2023-03-01 at 19 35 08 Screenshot on 2023-03-01 at 19 36 03 Screenshot on 2023-03-01 at 19 36 09 Screenshot_20230227-195436_DNS Changer Screenshot_20230301-203323_DNS Changer Screenshot_20230301-203332_DNS Changer Screenshot_20230301-203918_DNS Changer

arubamon commented 1 year ago

@ainar-g, thank you again for all your previous responses to my issue. A week ago today I did create one additional rather long and detailed post to try and get one last bit of feedback regarding the questions I still have for this issue. If you have time, would it be possible to follow up with me one final time so I can get clarification on, and then close, this first issue I have ever posted of on this site?

Thank you again :)

ainar-g commented 1 year ago

@arubamon, good day. I do not have any new ideas, as the issue seems to not be with AdGuard Home but with this particular network configuration. And also, if I can be honest, Windows network stack isn't exactly my forte. You might have more luck asking in the Discussions, since the Issues section is for bugs and feature requests in AdGuard Home itself.

arubamon commented 1 year ago

@ainar-g, got it. That's what I was not sure about, which was the reason I mentioned "If there are any questions which are beyond your expertise, since many do not deal specially with AdGuard Home, please notate this in your reply." in a recent reply

Thank you again though for all your assistance in helping me deal with this issue. Have a great day :)