Problems with AdvancedForwarding.App

[Potterli20]

Is there a problem with this configuration file? { "enableForwarding": true, "forwarders": [ { "name": "local-tcp", "dnssecValidation": true, "forwarderProtocol": "tcp", "forwarderAddresses": [ "127.0.0.1:56", "127.0.0.1:57", "127.0.0.1:58", "127.0.0.1:59", "127.0.0.1:60" ] }, { "name": "local-udp", "dnssecValidation": true, "forwarderProtocol": "udp", "forwarderAddresses": [ "127.0.0.1:56", "127.0.0.1:57", "127.0.0.1:58", "127.0.0.1:59", "127.0.0.1:60" ] } ], "networkGroupMap": { "0.0.0.0/0": "everyone", "[::]/0": "everyone" }, "groups": [ { "name": "everyone", "enableForwarding": true, "forwardings": [ { "forwarders": [ "local-tcp", "local-udp" ], "domains": [ "*" ] } ] } ] }

[ShreyasZare]

Thanks for asking. The config looks good to me. Do you see any errors in the DNS logs?

[Potterli20]

It has been sent to your email

[ShreyasZare]

Thanks for the logs. I see the following error in it:

[2023-06-23 14:53:18 Local] DNS Server failed to resolve the request 'www.baidu.com. AAAA IN' using forwarders: 0.0.0.0:56, 0.0.0.0:57, 0.0.0.0:58, 0.0.0.0:59, 0.0.0.0:60, 0.0.0.0:56, 0.0.0.0:57, 0.0.0.0:58, 0.0.0.0:59, 0.0.0.0:60.

The above error means you had 0.0.0.0 address set as the forwarder addresses which is incorrect config.

[2023-06-23 14:50:55 Local] DNS Server failed to resolve the request 'apple.com. NS IN' using forwarders: 127.0.0.1:56, 127.0.0.1:57, 127.0.0.1:58, 127.0.0.1:59, 127.0.0.1:60, 127.0.0.1:56, 127.0.0.1:57, 127.0.0.1:58, 127.0.0.1:59, 127.0.0.1:60.
TechnitiumLibrary.Net.Dns.DnsClientNoResponseException: DnsClient failed to resolve the request 'apple.com. NS IN': request timed out.

In the above error, you have 127.0.0.1 addresses in the forwarder but they are not responding to requests in time. Try to increase the timeout value in Settings > Proxy & Forwarders section. Try checking if the forwarders that you have configured are indeed working well by querying them using the DNS Client tab on the DNS web panel.

[Potterli20]

In the above error, you have 127.0.0.1 addresses in the forwarder but they are not responding to requests in time. Try to increase the timeout value in Settings > Proxy & Forwarders section. Try checking if the forwarders that you have configured are indeed working well by querying them using the DNS Client tab on the DNS web panel.

It's normal for me to forward the configuration It's just that it's not with such a configuration, but it's normal to use a file

[ShreyasZare]

In the above error, you have 127.0.0.1 addresses in the forwarder but they are not responding to requests in time. Try to increase the timeout value in Settings > Proxy & Forwarders section. Try checking if the forwarders that you have configured are indeed working well by querying them using the DNS Client tab on the DNS web panel.

It's normal for me to forward the configuration It's just that it's not with such a configuration, but it's normal to use a file

Have you tested that those forwarders work using the DNS Client tool?

[Potterli20]

On the contrary, I have a problem now that I can't use TLS services, and I feel that there is no traffic access on the public network, and the intranet can be parsed

[ShreyasZare]

On the contrary, I have a problem now that I can't use TLS services, and I feel that there is no traffic access on the public network, and the intranet can be parsed

That's a separate problem which is unrelated to the forwarders not responding. You first need to check why the forwarders are not responding by querying them directly.

[Potterli20]

That's a separate problem which is unrelated to the forwarders not responding. You first need to check why the forwarders are not responding by querying them directly.

[Potterli20]

I seem to have figured out the problem

[Potterli20]

The log has been sent to your email The image is upstream of my server

[ShreyasZare]

The log has been sent to your email The image is upstream of my server

Again it seems to be an issue with your forwarders. They are returning REFUSED response code which is why you see all the query logs with REFUSED RCODE.

Also, you do not need to use both the UDP and TCP forwarders together. Its of no use to use TCP forwarders too when you have UDP ones configured.

[Potterli20]

The log has been sent to your email The image is upstream of my server

Again it seems to be an issue with your forwarders. They are returning REFUSED response code which is why you see all the query logs with REFUSED RCODE.

Also, you do not need to use both the UDP and TCP forwarders together. Its of no use to use TCP forwarders too when you have UDP ones configured.

Is there any way to use TCP and UDP at the same time?

[ShreyasZare]

Is there any way to use TCP and UDP at the same time?

There is no point in even trying to attempt that. Just use UDP in you config. If the response is big then automatically the protocol will switch to TCP for it.

[Potterli20]

The first time there is no request, the second time there is a request, the cache is also set, there will be no request problem

[Potterli20]

There is no point in even trying to attempt that. Just use UDP in you config. If the response is big then automatically the protocol will switch to TCP for it.

Okay, okay, I get it

[Potterli20]

This diary was just tested 2023-06-24(1).log

[Potterli20]

This diary belongs to the dot server 2023-06-24(2).log

[ShreyasZare]

The first time there is no request, the second time there is a request, the cache is also set, there will be no request problem

In this case, if forwarder does not respond in time then the DNS server will return ServerFailure response after timeout.

[Potterli20]

In this case, if forwarder does not respond in time then the DNS server will return ServerFailure response after timeout.

The transponder responds in time, but the DnsServer does not respond in time. I also set the cache, and it didn't work

[ShreyasZare]

This diary was just tested 2023-06-24(1).log

TechnitiumLibrary.Net.Dns.DnsClientNoResponseException: DnsClient failed to recursively resolve the request 'connect.rom.miui.com. A IN': no response from name servers [ns4.dnsv5.com ([2402:4e00:1020:1250:0:983e:3bb8:54bb]), ns4.dnsv5.com (223.166.151.126), ns4.dnsv5.com (183.47.126.155), ns4.dnsv5.com (106.55.82.76), ns4.dnsv5.com (183.192.164.119), ns4.dnsv5.com (1.12.0.16), ns4.dnsv5.com (1.12.0.19), ns4.dnsv5.com (117.89.178.200), ns3.dnsv5.com ([2402:4e00:1430:11f9:0:983e:2e27:2604]), ns3.dnsv5.com (61.151.180.51), ns3.dnsv5.com (1.12.0.17), ns3.dnsv5.com (36.155.149.211), ns3.dnsv5.com (1.12.0.18), ns3.dnsv5.com (1.12.0.20), ns3.dnsv5.com (223.166.151.16), ns3.dnsv5.com (49.234.175.103)].
 ---> System.Net.Sockets.SocketException (101): Network is unreachable

There seems to be some kind of network issue causing this error.

[Potterli20]

[ShreyasZare]

This diary belongs to the dot server 2023-06-24(2).log

TechnitiumLibrary.Net.Dns.DnsClientNoResponseException: DnsClient failed to recursively resolve the request 'staging.security.browser.miui.com. AAAA IN': no response from name servers [ns4.dnsv5.com ([2402:4e00:1020:1250:0:983e:3bb8:54bb]), ns3.dnsv5.com ([2402:4e00:1430:11f9:0:983e:2e27:2604]), ns3.dnsv5.com (223.166.151.16), ns4.dnsv5.com (1.12.0.16), ns4.dnsv5.com (1.12.0.19), ns4.dnsv5.com (183.47.126.155), ns4.dnsv5.com (117.89.178.200), ns3.dnsv5.com (1.12.0.17), ns4.dnsv5.com (106.55.82.76), ns3.dnsv5.com (1.12.0.20), ns3.dnsv5.com (36.155.149.211), ns3.dnsv5.com (49.234.175.103), ns3.dnsv5.com (61.151.180.51), ns4.dnsv5.com (223.166.151.126), ns4.dnsv5.com (183.192.164.119), ns3.dnsv5.com (1.12.0.18)].
 ---> System.Net.Sockets.SocketException (101): Network is unreachable

Same network issue here. You need to check if there are intermittent connectivity issues on the server. If its wired network then check the cables since loose cables can cause such issues.

[Potterli20]

The network is connected (https://connect.rom.miui.com) the curl - I - v, the upstream also

[ShreyasZare]

In this case, if forwarder does not respond in time then the DNS server will return ServerFailure response after timeout.

The transponder responds in time, but the DnsServer does not respond in time. I also set the cache, and it didn't work

If the forwarder responded in time then the DNS server will immediately respond to the original request. If you think this is not happening then run tcpdump on the server to capture packets and test it again.

[ShreyasZare]

The reason for this is "failure cache". If the DNS server does not get response from the forwarder in time then it will cache it as a "failure" for 60 seconds default. After that if you run the above test then the forwarder will seem like its responding but the DNS server will return ServerFailure from its cache.

If this is happening frequently then you need to increase the forwarder timeout values and also reduce the Failure TTL value in Settings > Cache section.

[Potterli20]

I set it that way but it didn't work

[ShreyasZare]

I set it that way but it didn't work

You need to reset all the cache settings to default values and keep Cache Failure TTL to 10 sec. The current values you have is causing you issues.

• Enable Save Cache to disk option.
• Enable Serve Stale with the default TTL value (1200 is too small).
• Set Cache Maximum TTL to default value (1200 is too small).
• Set Prefetch Trigger to 9. Dont disable prefetch and auto prefetch.

All these are important and if there are not configured correctly then you will see frequently ServerFailure responses.

[Potterli20]

[ShreyasZare]

No, that is not correct json syntax. For adding two files, you will need to create two json objects as shown below:

"adguardUpstreams": [
  {
    "dnssecValidation": true,
    "configFile": "/root/dns-apple.txt"
  },
  {
    "dnssecValidation": true,
    "configFile": "/root/domain-full.txt"
  }
]

[Potterli20]

I have found that part of the dns file has not taken effect, but it has to cooperate with the Forwarders. I don't know why

[Potterli20]

You can't completely take over the Forwarders function, or rely on the Forwarders function to set upstream

[ShreyasZare]

You can't completely take over the Forwarders function, or rely on the Forwarders function to set upstream

When you have forwarders configured, the DNS server will totally rely on it and will just act as a caching server.

[Potterli20]

You can't completely take over the Forwarders function, or rely on the Forwarders function to set upstream

When you have forwarders configured, the DNS server will totally rely on it and will just act as a caching server.

Is there any way to rely on the Forwarders feature to set upstream? I already have a DNS upstream server in my dns file, and I don't want to set up Forwarders else

[ShreyasZare]

You can't completely take over the Forwarders function, or rely on the Forwarders function to set upstream

When you have forwarders configured, the DNS server will totally rely on it and will just act as a caching server.

Is there any way to rely on the Forwarders feature to set upstream? I already have a DNS upstream server in my dns file, and I don't want to set up Forwarders else

It already relies on the forwarders that you have configured.

[Potterli20]

You can't completely take over the Forwarders function, or rely on the Forwarders function to set upstream

When you have forwarders configured, the DNS server will totally rely on it and will just act as a caching server.

Is there any way to rely on the Forwarders feature to set upstream? I already have a DNS upstream server in my dns file, and I don't want to set up Forwarders else

It already relies on the forwarders that you have configured.

Actually, I don't want to rely on another repeater, it takes up too much memory. My DNS file is about 350m in size. That's why I didn't want to use another transponder

[ShreyasZare]

You can't completely take over the Forwarders function, or rely on the Forwarders function to set upstream

When you have forwarders configured, the DNS server will totally rely on it and will just act as a caching server.

Is there any way to rely on the Forwarders feature to set upstream? I already have a DNS upstream server in my dns file, and I don't want to set up Forwarders else

It already relies on the forwarders that you have configured.

Actually, I don't want to rely on another repeater, it takes up too much memory. My DNS file is about 350m in size. That's why I didn't want to use another transponder

You can operate the DNS server only in two modes: recursive resolver, or forwarder. If you do not configure any forwarder then it will work as a recursive resolver.

Which DNS file are you talking about?

[Potterli20]

dns files: https://github.com/Potterli20/file/releases/download/dns-hosts/dns-adguardhome-blacklist_full_combine.txt

I want to use the dns file as the forwarder file so that I don't have to configure the upstream of Forwarders

[ShreyasZare]

dns files: https://github.com/Potterli20/file/releases/download/dns-hosts/dns-adguardhome-blacklist_full_combine.txt

I want to use the dns file as the forwarder file so that I don't have to configure the upstream of Forwarders

That adguard file will be used as forwarders. Its one and the same thing. Either you configure forwarders in the app's config or you use the adguard file format. Internally, the DNS server is going to work the same way.

[Potterli20]

dns files: https://github.com/Potterli20/file/releases/download/dns-hosts/dns-adguardhome-blacklist_full_combine.txt

I want to use the dns file as the forwarder file so that I don't have to configure the upstream of Forwarders

That adguard file will be used as forwarders. Its one and the same thing. Either you configure forwarders in the app's config or you use the adguard file format. Internally, the DNS server is going to work the same way.

My DNS file is based on the adguard format, but I don't know why I need external forwarders to use DNS files, my DNS file already has a DNS upstream server

[ShreyasZare]

My DNS file is based on the adguard format, but I don't know why I need external forwarders to use DNS files, my DNS file already has a DNS upstream server

Yes, you do not need to define any extra forwarders anywhere else. The forwarders in the adguard file that you have will be used.

[Potterli20]

My DNS file is based on the adguard format, but I don't know why I need external forwarders to use DNS files, my DNS file already has a DNS upstream server

Yes, you do not need to define any extra forwarders anywhere else. The forwarders in the adguard file that you have will be used.

However, the problem is that I configured some domain names to resolve normally, and some domain names did not resolve but slowed down, as if they did not completely take over the Forwarders function, and needed Forwarders and configuration files to work together.

[ShreyasZare]

However, the problem is that I configured some domain names to resolve normally, and some domain names did not resolve but slowed down, as if they did not completely take over the Forwarders function, and needed Forwarders and configuration files to work together.

What do you mean when you say you want some domain names to resolve "normally"?

There is absolutely no difference between the forwarders you have in the adguard config or the forwarders you configure in the app's json config. Internally they are one and the same. The adguard config is just read by the app and it uses the forwarders in that file just like how the app uses the forwarders defined in the json config.

[Potterli20]

However, the problem is that I configured some domain names to resolve normally, and some domain names did not resolve but slowed down, as if they did not completely take over the Forwarders function, and needed Forwarders and configuration files to work together.

What do you mean when you say you want some domain names to resolve "normally"?

There is absolutely no difference between the forwarders you have in the adguard config or the forwarders you configure in the app's json config. Internally they are one and the same. The adguard config is just read by the app and it uses the forwarders in that file just like how the app uses the forwarders defined in the json config.

It's strange, I don't configure Forwarders upstream on my side, some domain names cannot be resolved, and all of the upstream of configured Forwarders can be resolved. I'll find a time to record a video for you. I don't know how to tell it to you either😭

[ShreyasZare]

However, the problem is that I configured some domain names to resolve normally, and some domain names did not resolve but slowed down, as if they did not completely take over the Forwarders function, and needed Forwarders and configuration files to work together.

What do you mean when you say you want some domain names to resolve "normally"? There is absolutely no difference between the forwarders you have in the adguard config or the forwarders you configure in the app's json config. Internally they are one and the same. The adguard config is just read by the app and it uses the forwarders in that file just like how the app uses the forwarders defined in the json config.

It's strange, I don't configure Forwarders upstream on my side, some domain names cannot be resolved, and all of the upstream of configured Forwarders can be resolved. I'll find a time to record a video for you. I don't know how to tell it to you either😭

Instead of video, just create a small sample adguard config with just 1 or 2 domain names in it and try to reproduce the problem Then share the config and how to test it so that I can also test it on my setup.

[Potterli20]

Oh, by the way, writing local upstream such as 127.0.0.1:54 in a dns file does not work. It is also the upstream of configuring Forwarders to take effect

[Potterli20]

I first use the dnsproxy program as the forwarder, and dns forwards to pihole as the upstream service, ports 54-55 respectively. Finally, the DOT service uses the dnsproxy program to forward the pihole port: 53, and the dnsproxy service port is 56-60, but the dot service forwards it with dns files, which is not effective.

[ShreyasZare]

Oh, by the way, writing local upstream such as 127.0.0.1:54 in a dns file does not work. It is also the upstream of configuring Forwarders to take effect

Create a sample adguard config file with single upstream and test it once. If you are able to reproduce the issue then share the sample adguard config file so that I can try to reproduce the issue on my setup.

[Potterli20]

Oh, by the way, writing local upstream such as 127.0.0.1:54 in a dns file does not work. It is also the upstream of configuring Forwarders to take effect

Create a sample adguard config file with single upstream and test it once. If you are able to reproduce the issue then share the sample adguard config file so that I can try to reproduce the issue on my setup.

This is the configuration, pure IP file https://github.com/TechnitiumSoftware/DnsServer/issues/669#issuecomment-1605471391

{ "enableForwarding": true, "networkGroupMap": { "0.0.0.0/0": "everyone,", "[::]/0": "everyone," }, "groups": [ { "name": "everyone", "enableForwarding": true, "adguardUpstreams": [ { "configFile": "/root/dns-local-127.0.0.1.txt" } ] } ] }

[ShreyasZare]

Oh, by the way, writing local upstream such as 127.0.0.1:54 in a dns file does not work. It is also the upstream of configuring Forwarders to take effect

Create a sample adguard config file with single upstream and test it once. If you are able to reproduce the issue then share the sample adguard config file so that I can try to reproduce the issue on my setup.

This is the configuration, pure IP file #669 (comment)

{ "enableForwarding": true, "networkGroupMap": { "0.0.0.0/0": "everyone,", "[::]/0": "everyone," }, "groups": [ { "name": "everyone", "enableForwarding": true, "adguardUpstreams": [ { "configFile": "/root/dns-local-127.0.0.1.txt" } ] } ] }

I tested the exact same config that you have on my local test setup and its working as expected without any issues.

[Potterli20]

Oh, by the way, writing local upstream such as 127.0.0.1:54 in a dns file does not work. It is also the upstream of configuring Forwarders to take effect

Create a sample adguard config file with single upstream and test it once. If you are able to reproduce the issue then share the sample adguard config file so that I can try to reproduce the issue on my setup.

This is the configuration, pure IP file #669 (comment)

{ "enableForwarding": true, "networkGroupMap": { "0.0.0.0/0": "everyone,", "[::]/0": "everyone," }, "groups": [ { "name": "everyone", "enableForwarding": true, "adguardUpstreams": [ { "configFile": "/root/dns-local-127.0.0.1.txt" } ] } ] }

I tested the exact same config that you have on my local test setup and its working as expected without any issues.

It's so strange, I write local dns with a file, my configuration file does not take effect, even if the cache is cleaned, it does not work, and it takes effect only when I write forwarders

He has a request, but does not parse the IP when using dig