AdGuard Home Using DNS Providers That Have Been Removed From Upstream DNS Settings

[phneeley]

Prerequisites

• [X] I have checked the Wiki and Discussions and found no answer

• [X] I have searched other issues and found no duplicates

• [X] I want to report a bug and not ask a question or ask for help

• [X] I have set up AdGuard Home correctly and configured clients to use it. (Use the Discussions for help with installing and configuring clients.)

Platform (OS and CPU architecture)

Linux, ARM64

Installation

Other (please mention in the description)

Setup

Other (please mention in the description)

AdGuard Home version

v0.107.50

Action

I’ve been experimenting with different DNS providers from AdGuard’s list of known and trusted providers to identify the ones that provide the best performance. I’ve gone through several rounds of adding, deleting, and commenting out providers, mostly using their DoH addresses. I’ve finally settled on a few providers. However, running dnscheck.tools, I can see that frequently, but not all the time, AdGuard is continuing to use some of the providers that I’ve removed or commented out of the Upstream DNS Servers list.

Expected result

After deleting or commenting out DNS providers from Upstream DNS Servers field, AdGuard home should cease to use these providers.

Actual result

Frequently, but not all the time, AdGuard continues to use DNS providers that have been removed or commented out of the Upstream DNS Servers field.

Additional information and/or screenshots

Adguard installed on Raspberry Pi 4 and through Dietpi O/S. Unbound is also installed, though I’ve encountered this same problem when Unbound is not installed/when entering text directly into the Upstream DNS Server box.

[ainar-g]

Have you actually restarted AdGuard Home between writes?

[phneeley]

Hi! Thanks for the quick response.

 I’ve rebooted the hosts each time. I have two identical instances running, both on RPi4s.

Thanks! On Jun 6, 2024 at 06:33 -0500, Ainar Garipov @.***>, wrote:

Have you actually restarted AdGuard Home between writes? — Reply to this email directly, view it on GitHub, or unsubscribe. You are receiving this because you authored the thread.Message ID: @.***>

[ainar-g]

How do you actually verify that AdGuard Home is using the removed upstreams? Do you see queries with these upstreams in the query logs?

Also, are you sure that neither the fallback servers, nor the private rDNS servers, nor the server on port 5335 are the ones making the queries? What are the DNS settings besides the upstream file?

[phneeley]

I’m using https://www.dnscheck.tools/ to monitor DNS resolvers. Deleted DNS servers occasionally show up there though I cannot find corresponding log entries in querylog.json.

I’m not using any fallback. Bootstrap is set to Quad9 standard. The server is set to localhost though I’ve also occasionally had it set to Quad9’s standard IPv4 addresses.

[phneeley]

I’m starting to think this is a problem with dnscheck.tools.

One at a time, I completely wiped / reinstalled DietPi on both RPis and re-installed AdGuard Home using AdGuard Sync to make sure I didn’t lose all my non-DNS server settings (by the way, it would be great to have a settings back-up/restore option in the GUI).

I still get the same strange results on occasion. Other DNS leak test sites don’t suggest there’s an issue. I don’t know how to explain the results on dnscheck.tools, but it seems this is not an issue with AdGuard Home so far as I can tell.

[phneeley]

Ok, this is actually a NextDNS issue/feature. I have been using https://anycast.dns.nextdns.io/ and https://dns.nextdns.io/. The anycast DoH occasionally use servers in various different locations I was not expecting.