Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Private Reverse DNS Queries aren't cached, its consequences and more.. #6950

Open
4 tasks done
candybars2021 opened this issue Apr 29, 2024 · 1 comment
Open
4 tasks done

Private Reverse DNS Queries aren't cached, its consequences and more.. #6950

candybars2021 opened this issue Apr 29, 2024 · 1 comment
Labels
waiting for data Waiting for users to provide more data.

Comments

@candybars2021
Copy link

candybars2021 commented Apr 29, 2024
edited

Prerequisites

Platform (OS and CPU architecture)

Windows, AMD64 (aka x86_64)

Installation

GitHub releases or script from README

Setup

Other (please mention in the description)

AdGuard Home version

v0.107.48

Action

Replace the following command with the one you're calling or a
description of the failing action:

dig -x -192.168.2.50 ' 
...
; ANSWER SECTION:
50.2.168.192.in-addr.arpa. 0	IN	PTR	macbook.lan

So response from local firewall DNS server includes 0 seconds TTL, which should have been extended to the minimum set it cache (default 2400), but there seems to be a bug that private reverse queries are not cached, causing, for example, my MacBook to reverse search its lan address every few seconds, as TTL remains zero with no cached response.

BTW - to verify it isn't the specific 0 (intent not to cache?) that is causing this, which I verified by configuring yahoo.com for reverse DNS lookup through my firewall, and receiving a higher number, yet it was never cached either.

Trying to use the ulternate mechanism of excluding reverse local lookups from default DNS settings, instead of the private resolve option, does not work and this syntax in the upstream section (by design or not) has not effect and resolution will fail on public DNS this way. Thus I can not force "cache" this way either:

9.9.9.9
[/168.192.in-addr.arpa/]192.168.10.1
...

Expected result

I expected the minimum TTL of 2400 to be applied to the the 0 TTL on private reverse DNS responses.

Actual result

As mentioned this causes my devices receiving 0 ttl to send hundreds of thousands of identical queries, so unless I block and disable private reverse, and create a long hosts file, AdGuard Home is barely useable and very very slow.

Additional information and/or screenshots

Screenshots: 2. private reverse on and configured 3 screen of Reverse dig on 192.168.2.50, MacBook that makes 100Ks such requests showing 0 ttl. 4. Dig yahoo.com and reverse dig to show the problem applies to anything defined as private, not just ttl 0. 5. Shows Cache is configured with minimum 2400 6. Qurey log of Mac repeating them as they have no "cached" value, and cache not applied (bug) on private reverse which causes this. 7. shows the same for revers lookups without caching again for other domain that did not have TTL 0 but was implemented through the same app features, that makes it impossible to use.

sh2 sh3 sh4 sh5 sh6 sh7
@EugeneOne1
Copy link
Member

@candybars2021, hello and thanks for the report. Unfortunately, we can't reproduce the issue. Could you please collect a verbose log for us? You may send it to devteam@adguard.com.

@EugeneOne1 EugeneOne1 added the waiting for data Waiting for users to provide more data. label May 6, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
waiting for data Waiting for users to provide more data.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@EugeneOne1 @candybars2021