Closed Potterli20 closed 1 year ago
Potterli20
commented
1 year ago Technitium DNS Server v11.0.1 is now available that fixes the issue. Do update and let me know your feedback.
As if []# that one doesn't work, having a dns server is normal。 Let me know if the format changes
ShreyasZare
commented
1 year ago Technitium DNS Server v11.0.1 is now available that fixes the issue. Do update and let me know your feedback.
As if []# that one doesn't work, having a dns server is normal。 Let me know if the format changes
I had tested those and it were working well, just confirmed it too. Do you see any errors in logs?
Potterli20
commented
1 year ago Technitium DNS Server v11.0.1 is now available that fixes the issue. Do update and let me know your feedback.
As if []# that one doesn't work, having a dns server is normal。 Let me know if the format changes
I had tested those and it were working well, just confirmed it too. Do you see any errors in logs?
I don't understand
ShreyasZare
commented
1 year ago The dig response contains "Server exception" so there should be a error logged in the DNS logs. Do check and share the error that you see.
Potterli20
commented
1 year ago 
ShreyasZare
commented
1 year ago It seems my earlier response was not clear. You need to check the Logs > View Logs section in the DNS web panel. In there you should see log file names which are in date format on the left side. Click on the log entry for today's date and you should see the text logs on the right side. Scroll to the bottom to see the latest entries and check if there are any errors logged.
The web panel can only show logs upto 2 MB so if the log file is larger then you wont be able to see the complete file. You will need to use the download button to get the complete file and then open it to see it. Or you can open the file on the DNS server itself and see it.
Do share the errors logs you see in there.
Potterli20
commented
1 year ago It seems my earlier response was not clear. You need to check the Logs > View Logs section in the DNS web panel. In there you should see log file names which are in date format on the left side. Click on the log entry for today's date and you should see the text logs on the right side. Scroll to the bottom to see the latest entries and check if there are any errors logged.
The web panel can only show logs upto 2 MB so if the log file is larger then you wont be able to see the complete file. You will need to use the download button to get the complete file and then open it to see it. Or you can open the file on the DNS server itself and see it.
Do share the errors logs you see in there.
Over there, I can't see 😂. But using dig@ ::1 is normal
Potterli20
commented
1 year ago It seems my earlier response was not clear. You need to check the Logs > View Logs section in the DNS web panel. In there you should see log file names which are in date format on the left side. Click on the log entry for today's date and you should see the text logs on the right side. Scroll to the bottom to see the latest entries and check if there are any errors logged.
The web panel can only show logs upto 2 MB so if the log file is larger then you wont be able to see the complete file. You will need to use the download button to get the complete file and then open it to see it. Or you can open the file on the DNS server itself and see it.
Do share the errors logs you see in there.
Hold on. I'm uploading it to you
Potterli20
commented
1 year ago 25m log 2023-02-25.log
I found the problem, quic: / / doh3. DNS. Nextdns. IO domain name may be 443, he is a 443 is normal, but not 853, I had a test on mobile phones
ShreyasZare
commented
1 year ago TechnitiumLibrary.Net.Dns.DnsClientException: No IP address was found for name server: dns64.dns.google
The DoH URL that you are using with the domain name does not resolve since dns64.dns.google does not exists. You need to change it or add an IP address in round brackets to tell the DNS server to use that IP address. Example: https://dns64.dns.google/dns-query (1.2.3.4) where 1.2.3.4 is your upstream IP address.
Make that change in your config file and test again. If its not working again then check for any new error that you see in the logs.
Potterli20
commented
1 year ago
TechnitiumLibrary.Net.Dns.DnsClientException: No IP address was found for name server: dns64.dns.googleThe DoH URL that you are using with the domain name does not resolve since
dns64.dns.googledoes not exists. You need to change it or add an IP address in round brackets to tell the DNS server to use that IP address. Example:https://dns64.dns.google/dns-query (1.2.3.4)where1.2.3.4is your upstream IP address.Make that change in your config file and test again. If its not working again then check for any new error that you see in the logs.
dns64.dns.google is dns for ipv6 and I remember it used to work
ShreyasZare
commented
1 year ago
TechnitiumLibrary.Net.Dns.DnsClientException: No IP address was found for name server: dns64.dns.googleThe DoH URL that you are using with the domain name does not resolve sincedns64.dns.googledoes not exists. You need to change it or add an IP address in round brackets to tell the DNS server to use that IP address. Example:https://dns64.dns.google/dns-query (1.2.3.4)where1.2.3.4is your upstream IP address. Make that change in your config file and test again. If its not working again then check for any new error that you see in the logs.dns64.dns.google is dns for ipv6 and I remember it used to work!
You need to enable the Prefer IPv6 option in DNS server's Settings > General section to make the DNS server resolve IPv6 addresses. By default the option is disabled and the DNS server will only resolve IPv4 addresses.
Potterli20
commented
1 year ago
TechnitiumLibrary.Net.Dns.DnsClientException: No IP address was found for name server: dns64.dns.googleThe DoH URL that you are using with the domain name does not resolve sincedns64.dns.googledoes not exists. You need to change it or add an IP address in round brackets to tell the DNS server to use that IP address. Example:https://dns64.dns.google/dns-query (1.2.3.4)where1.2.3.4is your upstream IP address. Make that change in your config file and test again. If its not working again then check for any new error that you see in the logs.dns64.dns.google is dns for ipv6 and I remember it used to work!
You need to enable the Prefer IPv6 option in DNS server's Settings > General section to make the DNS server resolve IPv6 addresses. By default the option is disabled and the DNS server will only resolve IPv4 addresses.
Of course, I have them all on, and my home network has ipv6
ShreyasZare
commented
1 year ago Thanks for the details. It seems you will need to update the app's config to cover ipv6 requests too as shown below:
Potterli20
commented
1 year ago Thanks for the details. It seems you will need to update the app's config to cover ipv6 requests too as shown below:
Potterli20
commented
1 year ago Potterli20
commented
1 year ago I don't know why many of quic://'s are not uniform. If I write directly to the port, is there any problem?
Well, there's nothing I can do about it. I've updated the file, but it's not okay
ShreyasZare
commented
1 year ago There are still errors in logs:
TechnitiumLibrary.Net.Dns.DnsClientException: No IP address was found for name server: mozilla.cloudfare-dns.com
TechnitiumLibrary.Net.Dns.DnsClientException: No IP address was found for name server: dns64.dns.google
The DNS server will be resolving these domain names directly by performing recursive resolution. If your ISP is blocking unencrypted DNS requests or hijacking them then the resolution will fail.
When I would recommend is that you find the IP address manually and then append it to the DoH URL in round brackets so that the DNS server will directly use it and this issue wont come.
ShreyasZare
commented
1 year ago I don't know why many of quic://'s are not uniform. If I write directly to the port, is there any problem?
Well, there's nothing I can do about it. I've updated the file, but it's not okay
QUIC protocol is only supported on Windows 11 and Windows Server 2022. So make sure your OS supports it before using it.
Potterli20
commented
1 year ago There are still errors in logs:
TechnitiumLibrary.Net.Dns.DnsClientException: No IP address was found for name server: mozilla.cloudfare-dns.comTechnitiumLibrary.Net.Dns.DnsClientException: No IP address was found for name server: dns64.dns.googleThe DNS server will be resolving these domain names directly by performing recursive resolution. If your ISP is blocking unencrypted DNS requests or hijacking them then the resolution will fail.
When I would recommend is that you find the IP address manually and then append it to the DoH URL in round brackets so that the DNS server will directly use it and this issue wont come.
When you think about it, I've tried it, and it doesn't work
After a while, I also set fwd and other upstream, still not working
Potterli20
commented
1 year ago I don't know why many of quic://'s are not uniform. If I write directly to the port, is there any problem?
Well, there's nothing I can do about it. I've updated the file, but it's not okay
QUIC protocol is only supported on Windows 11 and Windows Server 2022. So make sure your OS supports it before using it.
I have updated the configuration file to write the fixed port.
ShreyasZare
commented
1 year ago You will need to add the IP address in brackets to all the DoH endpoints in your config. Even if one end point does not resolve then it would fail to work.
Potterli20
commented
1 year ago You will need to add the IP address in brackets to all the DoH endpoints in your config. Even if one end point does not resolve then it would fail to work.
I'll check tomorrow because the update profile is updated in the wee hours of the morning in the US and after 10 in China
Potterli20
commented
1 year ago You will need to add the IP address in brackets to all the DoH endpoints in your config. Even if one end point does not resolve then it would fail to work.
It's been tested, and it doesn't work
ShreyasZare
commented
1 year ago You will need to add the IP address in brackets to all the DoH endpoints in your config. Even if one end point does not resolve then it would fail to work.
It's been tested, and it doesn't work
Can you create and share an adguard config file with just one single domain name such that it failing on your setup. I will then test this same config on my setup and try to reproduce the issue.
Potterli20
commented
1 year ago You will need to add the IP address in brackets to all the DoH endpoints in your config. Even if one end point does not resolve then it would fail to work.
It's been tested, and it doesn't work
Can you create and share an adguard config file with just one single domain name such that it failing on your setup. I will then test this same config on my setup and try to reproduce the issue.
How does that work? Write two configuration files? I find that using ip, dns, doh, and dot is fine, but using domain names is problematic
ShreyasZare
commented
1 year ago It's been tested, and it doesn't work
Can you create and share an adguard config file with just one single domain name such that it failing on your setup. I will then test this same config on my setup and try to reproduce the issue.
How does that work? Write two configuration files? I find that using ip, dns, doh, and dot is fine, but using domain names is problematic
What I am asking is to have a config file that is small i.e. only a domain or two. This will help with debugging the issue. The file you shared earlier is too big to edit and try to debug. So, just remove all domain names and keep only a couple of them and try to test it. If its failing to work on your setup then share the same config so that I can test it here.
Potterli20
commented
1 year ago What I am asking is to have a config file that is small i.e. only a domain or two. This will help with debugging the issue. The file you shared earlier is too big to edit and try to debug. So, just remove all domain names and keep only a couple of them and try to test it. If its failing to work on your setup then share the same config so that I can test it here.
This is divided into two files, one is the file used by Chinese dns, the other is the file used by foreign dns. The file used by Chinese dns : https://file-cn.trli.club:2083/dns-hosts/dns-adguardhome/blacklist_full.txt File used by foreign dns : https://file-cn.trli.club:2083/dns-hosts/dns-adguardhome/whitelist_full.txt File directory: https://file-cn.trli.club:2083/dns-hosts/dns-adguardhome/ script: https://github.com/Potterli20/file/blob/main/file-hosts.sh/dns.sh https://github.com/Potterli20/file/blob/0e02a2d08e77a328afb40cc1707ad395b63936ba/file-hosts.sh/dns.sh#L164 My adjustment won't be done until tomorrow
ShreyasZare
commented
1 year ago So I downloaded one list from the link you provided and kept only a couple of domain names to test as shown below:
https://doh.opendns.com/dns-query
https://dns.google/dns-query
https://dns64.dns.google/dns-query
https://dns.google.com/dns-query
https://1dot1dot1dot1.cloudflare-dns.com/dns-query
https://dns11.quad9.net/dns-query
https://dns.nextdns.io/dns-query
https://mozilla.cloudfare-dns.com/dns-query
https://chrome.cloudflare-dns.com/dns-query
https://e5aehtlc5e.cloudflare-gateway.com/dns-query
https://sepfvn6g5a.cloudflare-gateway.com/dns-query
https://dns-unfiltered.adguard.com/dns-query
https://odoh.cloudflare-dns.com/dns-query
https://dns.twnic.tw/dns-query
https://doh3.dns.nextdns.io/dns-query
https://anycast.dns.nextdns.io/dns-query
quic://anycast.dns.nextdns.io:853
quic://dns-unfiltered.adguard.com:853
quic://dns.nextdns.io:853
quic://doh3.dns.nextdns.io:853
h3://anycast.dns.nextdns.io
h3://doh3.dns.nextdns.io/dns-query
h3://dns.nextdns.io/dns-query
h3://cloudflare-dns.com/dns-query
h3://dns-unfiltered.adguard.com/dns-query
h3://odoh.cloudflare-dns.com/dns-query
[/zzzzzzzzzzzzz.com0-owazo4.net.zooplus.de/]#
[/0-100.com/]https://doh.360.cn/dns-query
[/0-100.com/]https://dns.alidns.com/dns-query
[/0-100.com/]https://doh.pub/dns-query
[/0-100.com/]https://sm2.doh.pub/dns-query
[/0-100.com/]https://1.12.12.12/dns-query
[/0-100.com]https://120.53.53.53/dns-query
[/0-100.com]https://223.5.5.5/dns-query
[/0-100.com]https://223.6.6.6/dns-query
[/0-100.com]tls://dns.alidns.com
[/0-100.com]tls://dot.360.cn
[/0-100.com]tls://dns.pub
[/0-100.com]tls://1.12.12.12
[/0-100.com]tls://120.53.53.53
[/0-100.com]tls://223.5.5.5
[/0-100.com]tls://223.6.6.6I connected to IPv6 network and tried to resolve both the domain names and it worked without any issues here. It took a while initially to resolve all the domain names for each of the DoH forwarder URL. Once these IP addresses were resolved, the actual domain lookup was working normally. If your setup is failing to resolve the DoH forwarder URL then adding IP address in round brackets will make it work.
Do test the above config on your test setup once and check if that is working or not.
Potterli20
commented
1 year ago So I downloaded one list from the link you provided and kept only a couple of domain names to test as shown below:
https://doh.opendns.com/dns-query https://dns.google/dns-query https://dns64.dns.google/dns-query https://dns.google.com/dns-query https://1dot1dot1dot1.cloudflare-dns.com/dns-query https://dns11.quad9.net/dns-query https://dns.nextdns.io/dns-query https://mozilla.cloudfare-dns.com/dns-query https://chrome.cloudflare-dns.com/dns-query https://e5aehtlc5e.cloudflare-gateway.com/dns-query https://sepfvn6g5a.cloudflare-gateway.com/dns-query https://dns-unfiltered.adguard.com/dns-query https://odoh.cloudflare-dns.com/dns-query https://dns.twnic.tw/dns-query https://doh3.dns.nextdns.io/dns-query https://anycast.dns.nextdns.io/dns-query quic://anycast.dns.nextdns.io:853 quic://dns-unfiltered.adguard.com:853 quic://dns.nextdns.io:853 quic://doh3.dns.nextdns.io:853 h3://anycast.dns.nextdns.io h3://doh3.dns.nextdns.io/dns-query h3://dns.nextdns.io/dns-query h3://cloudflare-dns.com/dns-query h3://dns-unfiltered.adguard.com/dns-query h3://odoh.cloudflare-dns.com/dns-query [/zzzzzzzzzzzzz.com0-owazo4.net.zooplus.de/]# [/0-100.com/]https://doh.360.cn/dns-query [/0-100.com/]https://dns.alidns.com/dns-query [/0-100.com/]https://doh.pub/dns-query [/0-100.com/]https://sm2.doh.pub/dns-query [/0-100.com/]https://1.12.12.12/dns-query [/0-100.com]https://120.53.53.53/dns-query [/0-100.com]https://223.5.5.5/dns-query [/0-100.com]https://223.6.6.6/dns-query [/0-100.com]tls://dns.alidns.com [/0-100.com]tls://dot.360.cn [/0-100.com]tls://dns.pub [/0-100.com]tls://1.12.12.12 [/0-100.com]tls://120.53.53.53 [/0-100.com]tls://223.5.5.5 [/0-100.com]tls://223.6.6.6I connected to IPv6 network and tried to resolve both the domain names and it worked without any issues here. It took a while initially to resolve all the domain names for each of the DoH forwarder URL. Once these IP addresses were resolved, the actual domain lookup was working normally. If your setup is failing to resolve the DoH forwarder URL then adding IP address in round brackets will make it work.
Do test the above config on your test setup once and check if that is working or not.
There you go. I tried everything. It didn't work
ShreyasZare
commented
1 year ago Do test the above config on your test setup once and check if that is working or not.
There you go. I tried everything. It didn't work
Do you have IPv6 only connection or dual stack (IPv6 + IPv4) Internet connection?
If you have IPv6 only connection then there are some domain names in the forwarder DoH URLs that may only resolve if you have IPv4 connectivity.
Potterli20
commented
1 year ago Do test the above config on your test setup once and check if that is working or not.
There you go. I tried everything. It didn't work
Do you have IPv6 only connection or dual stack (IPv6 + IPv4) Internet connection?
If you have IPv6 only connection then there are some domain names in the forwarder DoH URLs that may only resolve if you have IPv4 connectivity.
I have dual threading on my side, both ipv6 and ipv4. I don't know why, but dnsproxy does not effect part of the upstream dns file, but dnsproxy has a lot of memory. Can dnsproxy set other upstream of -b to request local dns files
ShreyasZare
commented
1 year ago Try this new adguard config file and let me know if you can resolve both zzzzzzzzzzzzz.com0-owazo4.net.zooplus.de and 0-100.com domain names.
https://doh.opendns.com/dns-query ([2620:119:fc::2])
https://dns.google/dns-query ([2001:4860:4860::8888])
https://dns64.dns.google/dns-query ([2001:4860:4860::6464])
https://dns.google.com/dns-query ([2001:4860:4860::8888])
https://1dot1dot1dot1.cloudflare-dns.com/dns-query ([2606:4700:4700::1111])
https://dns11.quad9.net/dns-query ([2620:fe::11])
https://dns.nextdns.io/dns-query ([2400:6180:100:d0::89f:9001])
https://mozilla.cloudfare-dns.com/dns-query (23.82.12.32)
https://chrome.cloudflare-dns.com/dns-query ([2606:4700:9763:8c46:5876:0:722:b1fd])
https://e5aehtlc5e.cloudflare-gateway.com/dns-query ([2606:4700:54::a29f:2407])
https://sepfvn6g5a.cloudflare-gateway.com/dns-query ([2606:4700:54::a29f:2407])
https://dns-unfiltered.adguard.com/dns-query ([2a10:50c0::1:ff])
https://odoh.cloudflare-dns.com/dns-query ([2606:4700:91b3:8ced:8776:0:1827:bcee])
https://dns.twnic.tw/dns-query ([2001:de4::101])
https://doh3.dns.nextdns.io/dns-query ([2400:6180:100:d0::89f:9001])
https://anycast.dns.nextdns.io/dns-query ([2a07:a8c0::])
quic://anycast.dns.nextdns.io:853 ([2a07:a8c0::])
quic://dns-unfiltered.adguard.com:853 ([2a10:50c0::1:ff])
quic://dns.nextdns.io:853 ([2400:6180:100:d0::89f:9001])
quic://doh3.dns.nextdns.io:853 ([2400:6180:100:d0::89f:9001])
h3://anycast.dns.nextdns.io ([2a07:a8c0::])
h3://doh3.dns.nextdns.io/dns-query ([2400:6180:100:d0::89f:9001])
h3://dns.nextdns.io/dns-query ([2400:6180:100:d0::89f:9001])
h3://cloudflare-dns.com/dns-query ([606:4700:9763:8ced:8776:0:1827:bcee])
h3://dns-unfiltered.adguard.com/dns-query ([2a10:50c0::1:ff])
h3://odoh.cloudflare-dns.com/dns-query ([2606:4700:9763:8ced:8776:0:1827:bcee])
[/zzzzzzzzzzzzz.com0-owazo4.net.zooplus.de/]#
[/0-100.com/]https://doh.360.cn/dns-query (101.198.193.29)
[/0-100.com/]https://dns.alidns.com/dns-query ([2400:3200::1])
[/0-100.com/]https://doh.pub/dns-query (162.14.21.178)
[/0-100.com/]https://sm2.doh.pub/dns-query (106.55.91.174)
[/0-100.com/]https://1.12.12.12/dns-query
[/0-100.com]https://120.53.53.53/dns-query
[/0-100.com]https://223.5.5.5/dns-query
[/0-100.com]https://223.6.6.6/dns-query
[/0-100.com]tls://dns.alidns.com ([2400:3200::1])
[/0-100.com]tls://dot.360.cn (101.198.193.29)
[/0-100.com]tls://dns.pub (162.14.21.178)
[/0-100.com]tls://1.12.12.12
[/0-100.com]tls://120.53.53.53
[/0-100.com]tls://223.5.5.5
[/0-100.com]tls://223.6.6.60-100.com
Can't
ShreyasZare
commented
1 year ago 0-100.com
It actually worked. 0-100.com does not have an A record and so your dig response is correct with NOERROR RCODE. Query again for NS records and check the response.
Potterli20
commented
1 year ago 0-100.com
It actually worked.
0-100.comdoes not have an A record and so your dig response is correct with NOERROR RCODE. Query again for NS records and check the response.
In fact, there are some domain names no longer exist, but it is an example in foreign countries, alas, this problem will wait until I go home next week to open another machine, there is only one now, very affect the user. Now you can only use https back in the program. I will provide the machine of China network for you to test next week. My machine is in the virtual machine (with desktop system). The Chinese network is different from your current network, and it is very difficult for you to download the file. I will prepare the dns file of the Chinese network and the dns file of your network at that time.
It's like a diversion file for dnsproxy, right? https://github.com/AdguardTeam/AdGuardHome/wiki/Configuration#upstreams-for-domains