App Store and iMessage resolve slowly or not at all

[jaburgoyne]

Issue Details

• AdGuard version: AdGuard for iOS v4.4.6
• Device model and storage size: iPhone 13 Pro / iPad Pro 12.9” (4th generation)
• Operating system and version: iOS/iPadOS 16.5
• Browser or App: App Store and iMessage

Expected Behavior

The App Store should open with little noticeable delay, and images should appear in iMessage without issue.

Actual Behavior

The App Store often fails to load altogether, sometimes even reporting a broken internet connection, and when it does load, it sometimes takes multiple tries or needs to be restarted manually. Images in iMessage often do not load but show an HEIC placeholder, again sometimes requiring an app restart. This behaviour occurs regardless of public or subscription AdGuard DNS servers and regardless of whether AdGuard VPN is active or not. Choosing other DNS servers does seem to help, and so perhaps it is an AdGuard DNS issue – but my Mac with AdGuard and AdGuard DNS does not seem to have trouble connecting to Apple services.

Given the frequency of connections to Apple on iOS, my average DNS resolution time as reported by AdGuard is now 166 ms and has been around this value for several weeks.

Additional Information

Often – but again, not always – disabling and re-enabling WiFi or even just switching to 5G helps. I wish I could be more specific, but it’s been a difficult problem to track down. I am happy to create and send logs if it would be useful.

I have a similar situation with a PlayStation 5, which is unable to connect to the PlayStation Store when using AdGuard DNS. Again, this suggest that the core of the problem may be AdGuard DNS, but because the issue is most reproducible on iOS, I am starting with an issue here.

[AidanGee7]

Exact same thing is happening to me too. iPhone 13 Pro Max. AdGuard 4.4.6 (998). Using AdGuard DNS. Happening on iOS 16 and also the latest iOS 17 beta.

App Store fails to load, Shazam times out and doesn’t detect any songs. Turning AdGuard off and on fixes the issue.

I’ve been struggling to track this down on my dns logs, I tried whitelisting any Apple.com domain (or any others that get blocked when trying to access the App Store) but it doesn’t seem to fix it.

Happy to share any logs/videos if needed.

This has only started happening in the past two weeks or so. I thought it was just an issue at my end but just spotted this issue on GitHub that matches what’s happening to me.

[AidanGee7]

Managed to capture most of it on video. When trying to open the App Store it started to load infinitely. Turning off AdGuard and turning it back on did not fix it. It was only resolved when I fully turned off AdGuard, closed the App Store and reopened it.

Sorry it’s not the best video! If I’m able to capture a better one I will do.

https://github.com/AdguardTeam/AdguardForiOS/assets/28673281/187bd7ae-f951-415f-8c7d-fadb0f7984d5

[AidanGee7]

One more video, it shows the App Store stuck loading and Shazam also doing the same thing (it would just listen for a long time and then time out eventually).

Turning off AdGuard and retrying Shazam/App Store fixes the issue.

https://github.com/AdguardTeam/AdguardForiOS/assets/28673281/ae620ec3-ff22-4737-bd7a-f94904ec6c65

[jaburgoyne]

After some further investigation, the problems seem to be tied to metrics.icloud.com and sharing analytics data with Apple.

I noticed that metrics.icloud.com was my most blocked domain, and first I tried whitelisting it. This helped.

As a follow-up, I took metrics.icloud.com back off the whitelist but disabled as many analytics-sharing options as I could across all of the Apple devices in my household. Although there are still some blocked queries to metrics.icloud.com in the DNS logs, the login problems are much better now.

So I wonder whether there is some interaction or change either on AdGuard's side or on Apple's such that if the user agrees to share analytics but can't because of a blocked DNS lookup, everything hangs during a long time-out. I'm happy to help with further debugging if I can.

[Versty]

@jaburgoyne @AidanGee7 Thank you for the self-investigation! The best solution here is to upgrade to the latest version. In AdGuard for iOS 4.5 we've made some adjustments to AdGuard DNS filter, so it won't hinder interaction with Apple services that much.

Please try and let me know the result.

[Versty]

@jaburgoyne

Given the frequency of connections to Apple on iOS, my average DNS resolution time as reported by AdGuard is now 166 ms and has been around this value for several weeks.

This issue is known and will be fixed soon, keep an eye on thread #2161

[jaburgoyne]

Thank you for the response, @Versty. I upgraded to AdGuard 4.5 on release day, and it hasn't changed much.

It did switch to QUIC from HTTPS, which made everything faster, but Apple servers are still very noticeably slower than the rest. I'll keep an eye on the other threads, and if it would help you to have some logs from me, just let me know.

[Versty]

@jaburgoyne

Could you reproduce the issue using AdGuard DNS Non-filtering? If some DNS filters are enabled in AdGuard application, disable them beforehand.

If the issue still occurs even with AdGuard DNS Non-filtering upstream, then we would like to take a look at the logs from your device. Please follow the steps above:

1. Open Settings -> General -> Turn Advanced mode on -> Advanced settings -> Turn Debug logs switch on;
2. Reproduce the issue and remember the exact time when it happened;
3. Open the settings -> Support -> Export logs;
4. System popup will be opened -> Choose "Mail" app;
5. Enter apple@adguard.com as a recipient;
6. Mention this issue number 2176 in the subject and add the time the issue was reproduced at.

[jaburgoyne]

Indeed it seems that the non-filtering DNS corrects the problem, @Versty. Should this issue be moved to AdGuardFilters, then?

[Versty]

@jaburgoyne AdGuardFilters repo is for the filters related to Safari protection and AdGuard DNS filter, so if this issue is caused by AdGuard DNS filter, it can be moved. But if the issue is caused by AdGuard DNS server, it would be better to keep the discussion here.

Would you mind enabling AdGuard DNS filter and check if the issue persist with AdGuard DNS Non-filtering server?

[jaburgoyne]

This was always a difficult big to reproduce, @Versty, but with AdGuard DNS (filtering) and AdGuard VPN active (both with QUIC), I am no longer having problems. If you would like me to run more tests under different configurations, please let me know. Otherwise, I think you can close the issue.

Thank you for keeping on top of this!