HOSTS file domains are not blocked

BlohoJo commented 2 years ago

Prerequisites

[X] I have checked the Wiki and Discussions and found no answer
[X] I have searched other issues and found no duplicates
[X] I want to report a bug and not ask a question

Operating system type

Windows

CPU architecture

AMD64

Installation

GitHub releases or script from README

Setup

On one machine

AdGuard Home version

107.18

Description

What did you do?

Blocked Apple tracking / ad domains in HOSTS file via Spybot Anti-Beacon

Expected result

Domain should be blocked, rewritten to 0.0.0.0

Actual result

In latest version of AdGuard 107.18, it blocks (rewrites) the domain once, then resolves the domain and lets data through immediately afterwards, according to the logs.

Screenshots (if applicable)

adguard01

adguard02

Additional information

OS is Windows Server 2008 R2 (up to date with final patches)

HOSTS data from Spybot Anti-Beacon:

# This list is Copyright 2000-2017 Safer-Networking Ltd.
0.0.0.0 app-sj01.marketo.com‍
0.0.0.0 appleglobal.102.112.2o7.net
0.0.0.0 appleglobal.112.2o7.net
0.0.0.0 pancake.g.aaplimg.com
0.0.0.0 zeusmedia.g.aaplimg.com
0.0.0.0 smoot-feedback.v.aaplimg.com
0.0.0.0 supportmetrics.apple-support.akadns.net
0.0.0.0 pipe.cloudapp.aria.akadns.net
0.0.0.0 dw-cbsi.cnet-basic-performance.akadns.net
0.0.0.0 cstat-lb.apple.com.akadns.net
0.0.0.0 gsas.apple.com.akadns.net
0.0.0.0 identity.apple.com.akadns.net
0.0.0.0 idiagnostics.apple.com.akadns.net
0.0.0.0 iphonesubmissions.apple.com.akadns.net
0.0.0.0 lcdn-locator-usuqo.apple.com.akadns.net
0.0.0.0 ocsp-lb.apple.com.akadns.net
0.0.0.0 outsideapple.apple.com.akadns.net
0.0.0.0 radarsubmissions.apple.com.akadns.net
0.0.0.0 tbsc.apple.com.akadns.net
0.0.0.0 wu.apple.com.akadns.net
0.0.0.0 wu-mdn.apple.com.akadns.net
0.0.0.0 wu-nwk.apple.com.akadns.net
0.0.0.0 pancake.cdn-apple.com.akadns.net
0.0.0.0 fr51p02sa.guzzoni-apple.com.akadns.net
0.0.0.0 mu21p02sa.guzzoni-apple.com.akadns.net
0.0.0.0 sp11p03sa.guzzoni-apple.com.akadns.net
0.0.0.0 isg-apple.com.akadns.net
0.0.0.0 mt-ingestion-service-mr22.itunes-apple.com.akadns.net
0.0.0.0 mt-ingestion-service-pv.itunes-apple.com.akadns.net
0.0.0.0 mt-ingestion-service-st11.itunes-apple.com.akadns.net
0.0.0.0 xp.itunes-apple.com.akadns.net
0.0.0.0 daf.xp.itunes-apple.com.akadns.net
0.0.0.0 prod-w.nexus.live.com.akadns.net
0.0.0.0 prod.omextemplates.live.com.akadns.net
0.0.0.0 gs-loc.ls-apple.com.akadns.net
0.0.0.0 gs-loc-new.ls-apple.com.akadns.net
0.0.0.0 gsp-ssl.ls-apple.com.akadns.net
0.0.0.0 gsp-ssl-dynamic.ls-apple.com.akadns.net
0.0.0.0 gsp-ssl-geomap.ls-apple.com.akadns.net
0.0.0.0 gsp10-ssl.ls-apple.com.akadns.net
0.0.0.0 gsp36-ssl.ls-apple.com.akadns.net
0.0.0.0 gsp47-ssl.ls-apple.com.akadns.net
0.0.0.0 gsp51-ssl.ls-apple.com.akadns.net
0.0.0.0 gsp57-ssl-background.ls-apple.com.akadns.net
0.0.0.0 gsp57-ssl-locus.ls-apple.com.akadns.net
0.0.0.0 gsp57-ssl-revgeo.ls-apple.com.akadns.net
0.0.0.0 gsp64-ssl.ls-apple.com.akadns.net
0.0.0.0 gsp9-ssl.ls-apple.com.akadns.net
0.0.0.0 iphone-services.ls-apple.com.akadns.net
0.0.0.0 gsp-ssl.ls2-apple.com.akadns.net
0.0.0.0 gsp-ssl-dynamic.ls4-apple.com.akadns.net
0.0.0.0 bn2-client-s.msnmessenger.msn.com.akadns.net
0.0.0.0 cl2-cdn.origin-apple.com.akadns.net
0.0.0.0 cl3-cdn.origin-apple.com.akadns.net
0.0.0.0 cl4-cdn.origin-apple.com.akadns.net
0.0.0.0 cl5-cdn.origin-apple.com.akadns.net
0.0.0.0 origin.seed-siri-apple.com.akadns.net
0.0.0.0 api.smoot-apple.com.akadns.net
0.0.0.0 dlc.nike.com.edgekey.net.globalredir.akadns.net
0.0.0.0 prd.col.aria.browser.skypedata.akadns.net
0.0.0.0 prd.col.aria.mobile.skypedata.akadns.net
0.0.0.0 pipe.prd.skypedata.akadns.net
0.0.0.0 msg-media.valueclick.akadns.net
0.0.0.0 eu-irl-00001.s3.dualstack.eu-west-1.amazonaws.com
0.0.0.0 aidc.apple.com
0.0.0.0 apsu.apple.com
0.0.0.0 basejumper.apple.com
0.0.0.0 books-analytics-events.apple.com
0.0.0.0 cds.apple.com
0.0.0.0 cdsassets.apple.com
0.0.0.0 cl1.apple.com
0.0.0.0 cl2.apple.com
0.0.0.0 cl3.apple.com
0.0.0.0 cl4.apple.com
0.0.0.0 cl5.apple.com
0.0.0.0 csig.apple.com
0.0.0.0 cstat.apple.com
0.0.0.0 static.deviceservices.apple.com
0.0.0.0 devimages-cdn.apple.com
0.0.0.0 api.edu.apple.com
0.0.0.0 gs-loc.apple.com
0.0.0.0 gsas.apple.com
0.0.0.0 gsp1.apple.com
0.0.0.0 gsp10-ssl.apple.com
0.0.0.0 gsp9-ssl.apple.com
0.0.0.0 iad.apple.com
0.0.0.0 iadcontent.apple.com
0.0.0.0 iadsdk.apple.com
0.0.0.0 ca.iadsdk.apple.com
0.0.0.0 cf.iadsdk.apple.com
0.0.0.0 cs.iadsdk.apple.com
0.0.0.0 news.iadsdk.apple.com
0.0.0.0 su.iadsdk.apple.com
0.0.0.0 tr.iadsdk.apple.com
0.0.0.0 ut.iadsdk.apple.com
0.0.0.0 www.iadsdk.apple.com
0.0.0.0 identity.apple.com
0.0.0.0 idiagnostics.apple.com
0.0.0.0 internalcheck.apple.com
0.0.0.0 iphone-ld.apple.com
0.0.0.0 iphone-services.apple.com
0.0.0.0 iphonesubmissions.apple.com
0.0.0.0 iphonesubmissions-old.apple.com
0.0.0.0 static.ips.apple.com
0.0.0.0 api.itunes.apple.com
0.0.0.0 carrierbundle.itunes.apple.com
0.0.0.0 cma.itunes.apple.com
0.0.0.0 desktop-music.itunes.apple.com
0.0.0.0 desktop-music-legacy.itunes.apple.com
0.0.0.0 desktop-store.itunes.apple.com
0.0.0.0 edge-search.itunes.apple.com
0.0.0.0 embed.itunes.apple.com
0.0.0.0 files.itunes.apple.com
0.0.0.0 itunesu.itunes.apple.com
0.0.0.0 mt-ingestion-service-pv.itunes.apple.com
0.0.0.0 radio-quickplay.itunes.apple.com
0.0.0.0 se-edge.itunes.apple.com
0.0.0.0 se2.itunes.apple.com
0.0.0.0 siri-search.itunes.apple.com
0.0.0.0 sitemaps.itunes.apple.com
0.0.0.0 tf-feedback.itunes.apple.com
0.0.0.0 uts-api-siri.itunes.apple.com
0.0.0.0 uts-preview.itunes.apple.com
0.0.0.0 vocabulary.itunes.apple.com
0.0.0.0 vpp-app.itunes.apple.com
0.0.0.0 web-experience.itunes.apple.com
0.0.0.0 itunesconnect.apple.com
0.0.0.0 lcdn-locator.apple.com
0.0.0.0 configuration.ls.apple.com
0.0.0.0 gsp-ssl.ls.apple.com
0.0.0.0 gsp10-ssl.ls.apple.com
0.0.0.0 gsp36-ssl.ls.apple.com
0.0.0.0 gsp47-ssl.ls.apple.com
0.0.0.0 gsp51-ssl.ls.apple.com
0.0.0.0 gsp57-ssl-background.ls.apple.com
0.0.0.0 gsp57-ssl-locus.ls.apple.com
0.0.0.0 gsp57-ssl-revgeo.ls.apple.com
0.0.0.0 gsp64-ssl.ls.apple.com
0.0.0.0 gsp85-ssl.ls.apple.com
0.0.0.0 metrics.apple.com
0.0.0.0 sb.music.apple.com
0.0.0.0 news-events.apple.com
0.0.0.0 notes-analytics-events.apple.com
0.0.0.0 ocsp.apple.com
0.0.0.0 outsideapple.apple.com
0.0.0.0 pancake.apple.com
0.0.0.0 pcr.apple.com
0.0.0.0 ftreporter.push.apple.com
0.0.0.0 radarsubmissions.apple.com
0.0.0.0 securemetrics.apple.com
0.0.0.0 seed.siri.apple.com
0.0.0.0 api.smoot.apple.com
0.0.0.0 api-aka.smoot.apple.com
0.0.0.0 daypass.api-aka.smoot.apple.com
0.0.0.0 api-glb.smoot.apple.com
0.0.0.0 api-glb-ams.smoot.apple.com
0.0.0.0 api-glb-ash.smoot.apple.com
0.0.0.0 api-glb-atl.smoot.apple.com
0.0.0.0 daypass.api-glb-atl.smoot.apple.com
0.0.0.0 api-glb-bln.smoot.apple.com
0.0.0.0 api-glb-dal.smoot.apple.com
0.0.0.0 api-glb-den.smoot.apple.com
0.0.0.0 api-glb-drf.smoot.apple.com
0.0.0.0 api-glb-fra.smoot.apple.com
0.0.0.0 api-glb-lon.smoot.apple.com
0.0.0.0 daypass.api-glb-lon.smoot.apple.com
0.0.0.0 api-glb-man.smoot.apple.com
0.0.0.0 api-glb-nyc.smoot.apple.com
0.0.0.0 api-glb-sea.smoot.apple.com
0.0.0.0 daypass.api-glb-sea.smoot.apple.com
0.0.0.0 daypass.api-glb-sto.smoot.apple.com
0.0.0.0 cdn.smoot.apple.com
0.0.0.0 fbs.smoot.apple.com
0.0.0.0 ssl.apple.com
0.0.0.0 stocks-analytics-events.apple.com
0.0.0.0 stocks-sparkline.apple.com
0.0.0.0 supportmetrics.apple.com
0.0.0.0 tbsc.apple.com
0.0.0.0 sb.tv.apple.com
0.0.0.0 valid.apple.com
0.0.0.0 videos.apple.com
0.0.0.0 api.videos.apple.com
0.0.0.0 weather-analytics-events.apple.com
0.0.0.0 wu-calculator.apple.com
0.0.0.0 xp.apple.com
0.0.0.0 daf.xp.apple.com
0.0.0.0 zeusmedia.apple.com
0.0.0.0 defra.ce.apple-dns.net
0.0.0.0 edge-001.defra.ce.apple-dns.net
0.0.0.0 edge-009.defra.ce.apple-dns.net
0.0.0.0 edge-012.defra.ce.apple-dns.net
0.0.0.0 edge-013.defra.ce.apple-dns.net
0.0.0.0 edge-017.defra.ce.apple-dns.net
0.0.0.0 edge-024.defra.ce.apple-dns.net
0.0.0.0 gblon.ce.apple-dns.net
0.0.0.0 edge-010.gblon.ce.apple-dns.net
0.0.0.0 edge-012.gblon.ce.apple-dns.net
0.0.0.0 edge-031.gblon.ce.apple-dns.net
0.0.0.0 edge-032.gblon.ce.apple-dns.net
0.0.0.0 edge-040.gblon.ce.apple-dns.net
0.0.0.0 edge-044.gblon.ce.apple-dns.net
0.0.0.0 edge-045.gblon.ce.apple-dns.net
0.0.0.0 gbman.ce.apple-dns.net
0.0.0.0 edge-014.gbman.ce.apple-dns.net
0.0.0.0 edge-024.gbman.ce.apple-dns.net
0.0.0.0 searn.ce.apple-dns.net
0.0.0.0 usbos.ce.apple-dns.net
0.0.0.0 usnyc.ce.apple-dns.net
0.0.0.0 edge-003.usnyc.ce.apple-dns.net
0.0.0.0 edge-035.usnyc.ce.apple-dns.net
0.0.0.0 feedbackws.fe.apple-dns.net
0.0.0.0 metrics.fe.apple-dns.net
0.0.0.0 me.apple-dns.net
0.0.0.0 books-analytics-events.news.apple-dns.net
0.0.0.0 news-events.news.apple-dns.net
0.0.0.0 notes-analytics-events.news.apple-dns.net
0.0.0.0 stocks-analytics-events.news.apple-dns.net
0.0.0.0 weather-analytics-events.news.apple-dns.net
0.0.0.0 health-assets.cdn-apple.com
0.0.0.0 iadsdk.apple.com.edgekey.net
0.0.0.0 pancake.apple.com.edgekey.net
0.0.0.0 health-assets.cdn-apple.com.edgekey.net
0.0.0.0 cstat.apple.com.edgesuite.net
0.0.0.0 gcs-eu-00002.content-storage-download.googleapis.com
0.0.0.0 feedbackws.icloud.com
0.0.0.0 metrics.icloud.com
0.0.0.0 messaging.metrics.icloud.com
0.0.0.0 apps.itunes-nocookie.com
0.0.0.0 accertify.mzstatic.com
0.0.0.0 dzc-metrics.mzstatic.com
0.0.0.0 itc.mzstatic.com
0.0.0.0 metrics.mzstatic.com
0.0.0.0 store.mzstatic.com
0.0.0.0 t.appsflyer.com
0.0.0.0 analytics.ff.avast.com
0.0.0.0 analytics.ns1.ff.avast.com
0.0.0.0 v7event.stats.avcdn.net
0.0.0.0 v7.stats.avcdn.net
0.0.0.0 ads.avocet.io
0.0.0.0 telemetry.battle.net
0.0.0.0 analytics.rollout.io
0.0.0.0 metrics.ol.epicgames.com
0.0.0.0 a.fiksu.com
0.0.0.0 sdk.fiksu.com
0.0.0.0 settings.crashlytics.com
0.0.0.0 e.crashlytics.com
0.0.0.0 firebase-settings.crashlytics.com
0.0.0.0 insights-collector.gog.com
0.0.0.0 ssl.google-analytics.com
0.0.0.0 ssl-google-analytics.l.google.com
0.0.0.0 static.hotjar.com
0.0.0.0 flow.lavasoft.com
0.0.0.0 telemetry.servers.getgo.com
0.0.0.0 telemetry.malwarebytes.com
0.0.0.0 ws.mcafee.com
0.0.0.0 analytics.ccs.mcafee.com
0.0.0.0 analyticsdcs.ccs.mcafee.com
0.0.0.0 gate.hockeyapp.net
0.0.0.0 dc.services.visualstudio.com
0.0.0.0 api.mixpanel.com
0.0.0.0 decide.mixpanel.com
0.0.0.0 ads.mopub.com
0.0.0.0 incoming.telemetry.mozilla.org
0.0.0.0 h.online-metrix.net
0.0.0.0 analytics.paddle.com
0.0.0.0 treasuredata.com
0.0.0.0 in.treasuredata.com
0.0.0.0 redshell.io
0.0.0.0 api.redshell.io
0.0.0.0 carcharodon.trendmicro.com
0.0.0.0 cdn.segment.com
0.0.0.0 api.segment.io
0.0.0.0 mobile-service.segment.com
0.0.0.0 a.ads1.msn.com
0.0.0.0 a.ads2.msads.net
0.0.0.0 a.ads2.msn.com
0.0.0.0 a.rad.msn.com
0.0.0.0 a-0001.a-msedge.net
0.0.0.0 a-0002.a-msedge.net
0.0.0.0 a-0003.a-msedge.net
0.0.0.0 a-0004.a-msedge.net
0.0.0.0 a-0005.a-msedge.net
0.0.0.0 a-0006.a-msedge.net
0.0.0.0 a-0007.a-msedge.net
0.0.0.0 a-0008.a-msedge.net
0.0.0.0 a-0009.a-msedge.net
0.0.0.0 ac3.msn.com
0.0.0.0 ad.doubleclick.net
0.0.0.0 adnexus.net
0.0.0.0 adnxs.com
0.0.0.0 ads.msn.com
0.0.0.0 ads1.msads.net
0.0.0.0 ads1.msn.com
0.0.0.0 aidps.atdmt.com
0.0.0.0 aka-cdn-ns.adtech.de
0.0.0.0 a-msedge.net
0.0.0.0 apps.skype.com
0.0.0.0 az361816.vo.msecnd.net
0.0.0.0 az512334.vo.msecnd.net
0.0.0.0 b.ads1.msn.com
0.0.0.0 b.ads2.msads.net
0.0.0.0 b.rad.msn.com
0.0.0.0 bs.serving-sys.com
0.0.0.0 c.atdmt.com
0.0.0.0 c.msn.com
0.0.0.0 cdn.atdmt.com
0.0.0.0 cds26.ams9.msecn.net
0.0.0.0 compatexchange.cloudapp.net
0.0.0.0 corpext.msitadfs.glbdns2.microsoft.com
0.0.0.0 cs1.wpc.v0cdn.net
0.0.0.0 db3aqu.atdmt.com
0.0.0.0 ec.atdmt.com
0.0.0.0 fe2.update.microsoft.com.akadns.net
0.0.0.0 feedback.microsoft-hohm.com
0.0.0.0 flex.msn.com
0.0.0.0 g.msn.com
0.0.0.0 h1.msn.com
0.0.0.0 lb1.www.ms.akadns.net
0.0.0.0 live.rads.msn.com
0.0.0.0 m.adnxs.com
0.0.0.0 m.hotmail.com
0.0.0.0 msedge.net
0.0.0.0 msftncsi.com
0.0.0.0 msnbot-65-55-108-23.search.msn.com
0.0.0.0 msntest.serving-sys.com
0.0.0.0 pre.footprintpredict.com
0.0.0.0 preview.msn.com
0.0.0.0 pricelist.skype.com
0.0.0.0 rad.live.com
0.0.0.0 rad.msn.com
0.0.0.0 s.gateway.messenger.live.com
0.0.0.0 s0.2mdn.net
0.0.0.0 schemas.microsoft.akadns.net
0.0.0.0 secure.adnxs.com
0.0.0.0 secure.flashtalking.com
0.0.0.0 sls.update.microsoft.com.akadns.net
0.0.0.0 static.2mdn.net
0.0.0.0 statsfe1.ws.microsoft.com
0.0.0.0 statsfe2.update.microsoft.com.akadns.net
0.0.0.0 statsfe2.ws.microsoft.com
0.0.0.0 survey.watson.microsoft.com
0.0.0.0 view.atdmt.com
0.0.0.0 www.msftncsi.com
0.0.0.0 choice.microsoft.com
0.0.0.0 choice.microsoft.com.nstac.net
0.0.0.0 df.telemetry.microsoft.com
0.0.0.0 oca.telemetry.microsoft.com
0.0.0.0 oca.telemetry.microsoft.com.nsatc.net
0.0.0.0 redir.metaservices.microsoft.com
0.0.0.0 reports.wes.df.telemetry.microsoft.com
0.0.0.0 services.wes.df.telemetry.microsoft.com
0.0.0.0 settings-sandbox.data.microsoft.com
0.0.0.0 settings-win.data.microsoft.com
0.0.0.0 sqm.df.telemetry.microsoft.com
0.0.0.0 sqm.telemetry.microsoft.com
0.0.0.0 sqm.telemetry.microsoft.com.nsatc.net
0.0.0.0 telecommand.telemetry.microsoft.com
0.0.0.0 telecommand.telemetry.microsoft.com.nsatc.net
0.0.0.0 telemetry.appex.bing.net
0.0.0.0 telemetry.microsoft.com
0.0.0.0 telemetry.urs.microsoft.com
0.0.0.0 vortex-sandbox.data.microsoft.com
0.0.0.0 vortex-win.data.microsoft.com
0.0.0.0 vortex.data.microsoft.com
0.0.0.0 watson.telemetry.microsoft.com
0.0.0.0 watson.telemetry.microsoft.com.nsatc.net
0.0.0.0 watson.ppe.telemetry.microsoft.com
0.0.0.0 wes.df.telemetry.microsoft.com
0.0.0.0 vortex-bn2.metron.live.com.nsatc.net
0.0.0.0 vortex-cy2.metron.live.com.nsatc.net
0.0.0.0 watson.live.com
0.0.0.0 watson.microsoft.com
0.0.0.0 feedback.search.microsoft.com
0.0.0.0 feedback.windows.com
0.0.0.0 corp.sts.microsoft.com
0.0.0.0 diagnostics.support.microsoft.com
0.0.0.0 i1.services.social.microsoft.com
0.0.0.0 i1.services.social.microsoft.com.nsatc.net
0.0.0.0 vortex-bn2.metron.live.com.nsatc.net
0.0.0.0 vortex-cy2.metron.live.com.nsatc.net
0.0.0.0 ca.telemetry.microsoft.com
0.0.0.0 cache.datamart.windows.com
0.0.0.0 diagnostics.support.microsoft.com
0.0.0.0 spynet2.microsoft.com
0.0.0.0 spynetalt.microsoft.com
# End of entries inserted by Spybot Anti-Beacon for Windows 10

fernvenue commented 2 years ago

Not sure why, maybe you can enable verbose log to see what's happen.

RainmakerRaw commented 1 year ago

If you look at the request types, it's processing HTTPS queries, not IP records. These will not resolve to an IP for the purposes of connecting to the server in question. In that sense, there's nothing to rewrite/block. Only A and AAAA record lookups need rewriting to 0.0.0.0 here, which prevents your client(s) from connecting to the domain in question. The HTTPS lookup is simply asking for information about the domain. See here.

ainar-g commented 1 year ago

RainmakerRaw is correct. We currently only rewrite A and AAAA records for system /etc/hosts files. You can add this file as a separate filtering rule list instead, which will block all types of queries.

BlohoJo commented 1 year ago

That makes sense, thanks very much for the helpful info! :)

AdguardTeam / AdGuardHome