Adguardhome: Listening to TCP is mandatory in some cases
Running AdGuard Home v0.92 on Raspberry Pi 3 Model B+.
Cloudflare DNS servers are configured as Upstream DNS servers (regular DNS over UDP, since DoT currently causes issues with AdGuard Home).
The problems is that on my Sony Bravia Android-TV Netflix stops working with connections issues to the Netflix Servers as soon as AdGuard Home DNS Servers are used withing my home network.
First I thought that some hosts are blocked by filter lists. But the Query Log didn't show any blocked or empty DNS requests. So I tried to disable everything (protection, all filters and block lists), but still the Netflix app doesn't work.
So I used Cloudflare DNS servers directly in my home network. The Netflix App instantly was working again.
Seems to be an issue with AdGuard Home. I was using Pi-hole before to globally block Ads in my network without problems.
alexruf
All 19 comments
I believe you're experiencing the same issue as #505
If so, it's a known issue that is going to be adressed.
Vansinnet
on 3 Jan 2019
Don't think it's the same issue as #505
v0.92-hotfix1 has solved many connection issues, but not this one.
alexruf
on 5 Jan 2019
Could you please run AG Home with -v argument and collect the verbose log?
ameshkov
on 5 Jan 2019
Could you please run AG Home with -v argument and collect the verbose log?
Should I send you the logs to your email address?
alexruf
on 5 Jan 2019
@alexruf hi! I've received your log, thank you!
Just in case, do you have go installed? Can you build a test version of AG Home if I make some changes in a branch?
ameshkov
on 5 Jan 2019
Just in case, do you have
goinstalled? Can you build a test version of AG Home if I make some changes in a branch?
I have Go 1.11.4 installed on my MacBook yes.
alexruf
on 5 Jan 2019
Awesome, I'll get back with instructions then.
Also, it'd be easier to experiment with https://github.com/AdguardTeam/dnsproxy and not AG Home, that's what works under the hood of AG Home anyway.
ameshkov
on 5 Jan 2019
Ah, one more thing, it makes sense to build and run dnsproxy right away and see if there's any issue with this configuration:
./dnsproxy -u tls://1.1.1.1 -v
In this case dnsproxy will run with disabled cache and that might be important for this issue
ameshkov
on 5 Jan 2019
Thanks to @alexruf I can now compare logs from dnsproxy and AGH.
There's one interesting detail about it, some of the DNS requests came to dnsproxy over TCP, and the difference is that AGH does not listen to TCP! That might be important.
ameshkov
on 5 Jan 2019
@alexruf could you please build AGH from this branch and see how it goes?
https://github.com/AdguardTeam/AdGuardHome/tree/fix/521
To build AGH you'll need go v1.11 and node v10+ (and npm v6+).
It's explained here how to build it:
https://github.com/AdguardTeam/AdGuardHome#prerequisites
@ibksturm as I understand you've got some issues with Netflix as well. Could you please check if you still experience it with v0.92-hotfix1?
ameshkov
on 5 Jan 2019
updatet to 0.92-f1 netflix running since 6h stable
my wife too...........
i use a combi from dot, doh and dnsc servers
127.0.2.5:55
tls://dns.switch.ch
tls://unicast.censurfridns.dk
tls://iana.tenta.io
tls://dns.quad9.net
https://doh.powerdns.org
sdns://AgMAAAAAAAAADjE3Ni41Ni4yMzYuMTc1ID4aGg9sU_PpekktVwhLW5gHBZ7gV6sVBYdv2D_aPbg4DmRucy5hYWZsYWxvLm1lCi9kbnMtcXVlcnk
sdns://AQcAAAAAAAAAEzE3OC4xMjguMjU1LjI4OjUzNTMgkr1k-Lp2d9IXiFlXoBAgFGZUCJSPW_x81Ec6ShkPsJYdMi5kbnNjcnlwdC1jZXJ0LmJvdHRsZXBvc3QubWU
sdns://AQMAAAAAAAAAFFsyYTBkOjJhMDA6MTo6XTo4NDQzILysMvrVQ2kXHwgy1gdQJ8MgjO7w6OmflBjcd2Bl1I8pEWNsZWFuYnJvd3Npbmcub3Jn
sdns://AgUAAAAAAAAAACA-GhoPbFPz6XpJLVcIS1uYBwWe4FerFQWHb9g_2j24OAxjb21tb25zLmhvc3QKL2Rucy1xdWVyeQ
sdns://AgMAAAAAAAAADTk0LjEzMC4xODMuMTgAEmRvaDEuZG5zd2FyZGVuLmNvbQEv
ibksturm
on 5 Jan 2019
@alexruf could you please build AGH from this branch and see how it goes?
https://github.com/AdguardTeam/AdGuardHome/tree/fix/521To build AGH you'll need
go v1.11andnode v10+(andnpm v6+).It's explained here how to build it:
https://github.com/AdguardTeam/AdGuardHome#prerequisites
I tried to build it from source, but had trouble to do so. Couldn't figure out what exactly went wrong.
...
GOOS=darwin GOARCH=amd64 GO111MODULE=off go get -v github.com/gobuffalo/packr/...
PATH=[...]: No such file or directory
make: *** [AdGuardHome] Error 127
Make sure that you clone the repo not to gopath
You need osx binary? I guess I can build it for you later when I am at the laptop.
ameshkov
on 5 Jan 2019
Make sure that you clone the repo _not_ to gopath
You need osx binary? I guess I can build it for you later when I am at the laptop.
Nope 'linux/ARMv7'.
Cloned it to a directory outside of my GOPATH and tried to build with 锘縠nv GOOS=linux GOARCH=arm GOARM=7 make, but still get same error.
alexruf
on 5 Jan 2019
@alexruf could you please build AGH from this branch and see how it goes?
https://github.com/AdguardTeam/AdGuardHome/tree/fix/521
@ameshkov I was finally able to build the fix/521 branch from source and can confirm that it indeed fixed the problems for me. Seems like you were right and for some weird reasons there were DNS requests made over TCP instead of UDP by some applications.
Thanks allot for your effort in analyzing this problem and providing a fix! 馃憤
alexruf
on 6 Jan 2019
@alexruf thanks for checking it!
ameshkov
on 6 Jan 2019
@ameshkov Second confirmation, fixed Netflix on Roku devices too (#534) 馃槃
ghost
on 7 Jan 2019
Looks like this issue is back on v0.96-hotfix. Cannot access netflix app on smart tv. II dont see any DNS query log in the GUI which suggests that domain is blocked.
Works fine when switching back to ISPs DNS servers.
zeus10000
on 13 Jun 2019
@zeus10000 hm, this must be something else, the DNS server currently listens to TCP.
Could you please enable verbose logging and check what's there?
ameshkov
on 13 Jun 2019
Related issues
TXC
路
3Comments
ameshkov
路
3Comments
s-timm
路
4Comments
xenio
路
4Comments
snhv
路
3Comments