Open c15412 opened 1 month ago
c15412
commented
1 month ago cdn.example1.com use CNAME record point to exampleCDN.com, the AdGuardHome wrongly resolved the IPs via the provider of example1.com and get the results which not the best. i think when cdn.example1.com CNAME to exampleCDN.com, The results IPs should been resolved by the providers of exampleCDN.com
c15412
commented
1 month ago cdn.example1.com use CNAME record point to exampleCDN.com, the AdGuardHome wrongly resolved the IPs via the provider of example1.com and get the results which not the best. i think when cdn.example1.com CNAME to exampleCDN.com, The results IPs should been resolved by the providers of exampleCDN.com
for example, exampleCDN.com were resolved to 1.1.1.2 on the dns 1.1.1.1 and resolved to 2.2.2.3 on the dns 2.2.2.2
provider of example1.com was set to 1.1.1.1 provider of exampleCDN.com was set to 2.2.2.2 the AdGuardHome will get result 1.1.1.2 for the example1.com, but it should be 2.2.2.3
CNAME records should be resolved iteratively, each CNAME record should be resolved by its own provider, not by the provider of the source domain
The logic should work as follows: the first domain owns the cname record to resolve to the second domain, and then the second domain is processed according to the second domain's own corresponding filter and provider rules
This is not difficult to achieve, we just need to make a judgement when the first response from the upstream. If it's a CNAME record, the content domain in the CNAME record will be re-matched to the provider according to the rules and filtered again. This has almost no impact on performance and improves the reliability of the results
Cebeerre
commented
1 month ago With all due respect, I'm honestly struggling to understand what's your issue here and if you really understand how DNS works regarding CNAMEs ...
It would maybe be easier if you clearly state what are you trying to achieve with all these dnsrewrites ...
Not really sure what's your intention here when nowadays mostly all CDNs moved from the "EDNS client subnet" approach to Anycast in order to "redirect" you to the closest server in your GEO location.
bcookatpcsd
commented
1 month ago Does this help @c15412?
||example.com^$dnsrewrite=NOERROR;A;1.2.3.4 adds an A record with the value 1.2.3.4.
||example.com^$dnsrewrite=NOERROR;AAAA;abcd::1234 adds an AAAA record with the value abcd::1234.
||example.com^$dnsrewrite=NOERROR;CNAME;example.org adds a CNAME record. See explanation above.
Prerequisites
[X] I have checked the Wiki and Discussions and found no answer
[X] I have searched other issues and found no duplicates
[X] I want to report a bug and not ask a question or ask for help
[X] I have set up AdGuard Home correctly and configured clients to use it. (Use the Discussions for help with installing and configuring clients.)
Platform (OS and CPU architecture)
Windows, AMD64 (aka x86_64)
Installation
GitHub releases or script from README
Setup
On one machine
AdGuard Home version
v0.107.52
Action
(My English is not very good, so I use examples to express my meaning) I write those rules on Custom filtering rules(as follow). But the domains that use CNAME records point to domains that should be processed are not have been processed correctly These domains are still randomly assigned IPs in different zones via the original DNS through the CNAME records. Domains with the CNAME records that match the rule are not processed! Now, I can only rewrite domains that use CNAME records one by one. which is cumbersome and unstable! I think the filter should be applied to the domain on the CNAME records I also tried setting up different DNS providers, but when I set 223.6.6.6 as the provider for .w.alikunlun.com, those domains using CNAME records pointing to .w.alikunlun.com resolved via default DNS.
for example: example1.com and example2.com etc. (Thousands of domains using the same CDN) use the CNAME records point to the sub domains of .w.exampleCDN.com , Then I run the test to get the best CDN IPs for .w.exampleCDN.com under my network. So I add the rewrite rules to rewrite the CDN IP. But in fact the example1.com get the IPs-Group-1 via the original DNS through the CNAME records the example2.com get the IPs-Group-2 via the original DNS through the CNAME records etc.
||w.alikunlun.com^$dnsrewrite=39.173.176.101 ||w.alikunlun.com^$dnsrewrite=39.173.176.102 ||w.alikunlun.com^$dnsrewrite=39.173.176.103 ||w.alikunlun.com^$dnsrewrite=39.173.176.104 ||w.alikunlun.com^$dnsrewrite=39.173.176.105 ||w.alikunlun.com^$dnsrewrite=39.173.176.106 ||w.alikunlun.com^$dnsrewrite=39.173.176.107 ||w.alikunlun.com^$dnsrewrite=39.173.176.108
Expected result
I believe that the IP resolution of domains in CNAME records should be resolved by the appropriate provider in the provider list, not the provider of the domain itself using that CNAME record. Also, because there are different servers and different subdomains, I can't single out a provider for the main domain. I think it would be better to triage the domains inside the CNAME record to get resolution based on the provider rules and filtering rules
example : I set the provider DNSProvider2(192.168.1.3) for exampleCDN.com. And default DNS (192.168.1.1) for default example1.com use the CNAME record point to exampleCDN.com exampleCDN.com resolves to 111.1.164.249 on the default dns. (Which server is not the best and fastest) exampleCDN.com resolves to 39.173.176.101 on DNSProvider2.(the best server)
when I use "nslookup example1.com" It resolved the domain via default DNS (192.168.1.1) and got the IPs. This is how it works. DOMAIN:example1.com==>(match the default Provider) ↓ use default Provider(192.168.1.1)==> records: CNAME exampleCDN.com ↓ use default Provider(192.168.1.1)==>IP: 111.1.164.249
I think that's the right way to work: DOMAIN:example1.com==>(match the default Provider) ↓ use default Provider(192.168.1.1)==> records: CNAME exampleCDN.com ↓ exampleCDN.com==>(match the DNSProvider2) ↓ use DNSProvider2(192.168.1.3)==>IP: 39.173.176.101
Actual result
NAME: media.cdn.queniuqe.com.w.alikunlun.com Addresses: 111.1.164.244 111.1.164.243 111.1.164.245 111.1.164.246 111.1.164.248 111.1.164.249 111.1.164.222 111.1.164.242 Aliases: media.cdn.queniuqe.com This is how it works.
Additional information and/or screenshots
the domains with CNAME records were wrongly resolved by the dns provider of the domain itself, instead of the provider of domains in CNAME records.