Adguardhome: [OUTAGE] AG DNS[Crypt?] Is Down! 😱

Created on 5 Sep 2017  Â·  7Comments  Â·  Source: AdguardTeam/AdGuardHome

AG DNS[Crypt?] has become unavailable w/in the last 2 hours or so (sometime between 12p & 2:15p, UTC)


Steps to reproduce

  1. Using AG Android, switch to either AG DNS server via DNSCrypt
  2. Back out to set DNS.
  3. Try navigation to e.g., GitHub.Com → Not resolved!
  4. Use AG Android to switch to e.g., OpenDns IP6 via DNSCrypt
  5. Try GitHub again → All functional again!

Expected behavior


DNS requests should resolve!

Actual behavior


They aren't!

Screenshot: Skipping, since easy test

Your environment

| Description | Value |
| -------------- | ------------ |
| DNS server in use:| (e.g. Default, 176.103.130.130) Either AG DNS via DNSCrypt UI
| How did you setup DNS configuration:| (System/DNSCrypt app/Router) AG Android
| Device model:| (e.g. Google Pixel) Nextbit → Razer Robin
| Operating system and version:| (e.g. Android 7.1.2) Android 7.1.1

picture TPS
1

All 7 comments

@TPS We are on it, thanks mate

vozersky picture vozersky on 5 Sep 2017
🎉1

fixed, please check

vozersky picture vozersky on 5 Sep 2017
👍1

Thanks, all good. Sorry for delay on confirming.

TPS picture TPS on 6 Sep 2017
🎉1

Sorry for this, monitoring failed us yesterday, we should've fixed it right away

ameshkov picture ameshkov on 6 Sep 2017
👍1

I'm just glad I figured it out. I spent an unfruitful few minutes restarting the phone & poking the router until I remembered the custom DNS settings.

Maybe y'all can buildin to the ß versions some sort of diagnostic notification of when DNS &/or DNSCrypt fails this way (for _any_ DNS setting, not just AG DNS)?

TPS picture TPS on 6 Sep 2017
👍1

Unfortunately, it would be much more complex with DNSCrypt, at least as long at it would silently fail if the server key/cert pair is not completely regenerated. The check what community has been using works only against expired server certificate (the due expiration is shown). We would think about a possibility of sending the corresponding patch to the upstream to expose both types of handshake misbehavior.

ameshkov picture ameshkov on 6 Sep 2017
👍1

Oh, I was thinking along the lines of something more simple, like checking DNS of a known set of URLs on a heartbeat (like when checking filter updates) after determining that IP-address-only connections to those sites work.

DNSCrypt checking could wait, though I thought there was some sort of diagnostic built in to the spec?

TPS picture TPS on 6 Sep 2017
👍1
Was this page helpful?
0 / 5 - 0 ratings

Related issues

xenio picture xenio  Â·  4Comments
snhv picture snhv  Â·  3Comments
AnthonyBe picture AnthonyBe  Â·  3Comments
thb007 picture thb007  Â·  3Comments
sosp picture sosp  Â·  3Comments