search

AdguardTeam / DnsLibs

DNS filtering library that's used in AdGuard products
https://adguard.com/
Apache License 2.0
95 stars 20 forks source link

DNS-over-Quic (DoQ) and DoH with HTTP/3 - exchange timed out after wakeup of device #226

Open flo-m opened 1 month ago

flo-m commented 1 month ago

Please answer the following questions for yourself before submitting an issue

AdGuard version

4.6.1

Environment

HTTPS filtering

Root access

Integration with AdGuard VPN

Routing mode

Local VPN

Ad Blocking

No response

Privacy

No response

Social

No response

Annoyances

No response

Security

No response

Language-specific

No response

Other

No response

Which DNS server do you use?

AdGuard DNS

DNS protocol

DNS-over-QUIC

Custom DNS

No response

What Stealth Mode options do you have enabled?

No response

Issue Details

Steps to reproduce:

  1. Use DoQ or DoH (with HTTP/3) DNS
  2. Wait 10-15min (device idle)
  3. Unlock device and instantly browse any webpage

Expected Behavior

Webpage should be loaded within 1sec

Actual Behavior

Loading for about 5 seconds until fallback DNS is contacted. Then the page loads fine. After few seconds the DoQ and DOH (HTTP/3) works fine as expected.

This only happens with both protocols; DoH without HTTP/3 works fine and DoT also.

Screenshots

Screenshot 1

Additional Information

08:44:50.832 [Thread-1620] DEBUG com.adguard.dnslibs.proxy.DnsProxy - ResponseCache get: Expired cache entry for key 1|1|00|androidwearcloudsync-pa.googleapis.com. 08:44:55.834 [Thread-1620] DEBUG com.adguard.dnslibs.proxy.DnsProxy - DNS forwarder do_upstream_exchange: [47914] Upstream [1] (quic://dns.adguard-dns.com) exchange timed out 08:44:55.844 [Thread-1620] DEBUG com.adguard.dnslibs.proxy.DnsProxy - DNS forwarder handle_message_with_timeout: [47914] Request timed out

[...]

08:45:05.093 [Thread-1620] DEBUG com.adguard.dnslibs.proxy.DnsProxy - DOQ upstream disconnect: Disconnect reason: Short timeout timer expired 08:45:05.100 [Thread-1620] DEBUG com.adguard.dnslibs.proxy.DnsProxy - DOQ upstream init_ssl: Advertised ALPNs: doq 08:45:05.101 [Thread-1620] DEBUG com.adguard.dnslibs.proxy.DnsProxy - TLS session cache get_session: Returning cached session, 0 sessions remaining for quic://dns.adguard-dns.com 08:45:05.101 [Thread-1620] DEBUG com.adguard.dnslibs.proxy.DnsProxy - DOQ upstream init_ssl: Using a cached TLS session 08:45:05.118 [Thread-1620] DEBUG com.adguard.dnslibs.proxy.DnsProxy - DNS forwarder handle_message_with_timeout: [47914] Request timed out 08:45:05.119 [Thread-1620] DEBUG com.adguard.dnslibs.proxy.DnsProxy - DNS forwarder log_packet: [47914] Server failure response: ;; ->>HEADER<<- opcode: QUERY, rcode: SERVFAIL, id: 47914 ;; flags: qr rd ra ; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;; androidwearcloudsync-pa.googleapis.com. IN AAAA

;; ANSWER SECTION:

;; AUTHORITY SECTION:

;; ADDITIONAL SECTION:

;; Query time: 0 msec ;; WHEN: Thu Jan 1 01:00:00 1970 ;; MSG SIZE rcvd: 0

Versty commented 1 month ago

@flo-m Thank you for reporting! We have tried to reproduce this issue on our side, but to no avail. Could you record a complete log file on your device and provide it to our email? If so, please follow the steps below:

  1. Enable debug logging: Settings -> General -> Advanced -> Logging level -> Debug

  2. Reproduce the issue, then remember the exact time when it happened

  3. Collect logs: Settings -> General -> Advanced -> Export logs and system info

  4. Send this file to devteam@adguard.com:

    • mention the 5414 number in the subject
    • specify the exact time when the issue occurred
flo-m commented 1 month ago

Just sent you the logs

Versty commented 1 month ago

@flo-m We have received the logs and are investigating. We also highly recommend upgrading to the latest version (4.6.1), which fixes a bug related to IPv6 filtering, so it might help resolve this issue as well.

flo-m commented 1 month ago

@Versty i already upgraded to 4.6.1. but it doesnt fix the issues. Also, this was present in 4.5. an prior versions. I can generate logs with 4.6.1 though...

One tip to reproduce the issue: Set DNS over Quic Server and let the Device sleep for 2-3 hours. Then the issue is constantly reproducable after 5-10min sleep.

Versty commented 1 month ago

@flo-m Thank you for detailed explanation, we have managed to reproduce this issue on our device with AdGuard DNS DoQ.

Versty commented 1 month ago

@flo-m Transferring this issue to the DNSLibs repository for further work.

flo-m commented 1 week ago

Any update ?