AdGuardHome
AdGuardHome copied to clipboard
AdguardTeam
Some DoH queries fail with REFUSE but succeed via CLI
NOTE: Issue #4544 is similar to this but that ticket shows as "Waiting for data" and rather than hijack that issue, I decided to create a new issue for my specific scenario.
-
Version of AdGuard Home server:
- v0.107.7
-
How did you install AdGuard Home:
- Docker v20.10.17
-
How did you setup DNS configuration:
- Upstream DoH lookups to Cloudflare, Google, & Quad9
-
If it's a router or IoT, please write device model:
- N\A
-
CPU architecture:
- AMD64
-
Operating system and version:
- Rocky Linux 8.6
Expected Behavior
A-record DoH lookups for zones that have a valid A-record are served with the response code NOERROR + the proper answer; i.e. IPv4 addresses.
Actual Behavior
Some A-record DoH lookups made to Cloudflare fail with a response code of REFUSED despite the exact same lookup succeeding, less than 1m prior, using the CLI dnslookup tool. In addition, the same lookup shows as successful in the WebGUI when made to Google or Quad9.
Screenshots
WebGUI querylog showing FAILED DoH lookup of roomserver.astar.mobi via Cloudflare
SUCCESSFUL DoH lookup of roomserver.astar.mobi via Cloudflare using the dnslookup tool
WebGUI querylog showing SUCCESSFUL DoH lookup of roomserver.astar.mobi via Google
WebGUI querylog showing SUCCESSFUL DoH lookup of roomserver.astar.mobi via Quad9
WebGUI querylog showing that some DoH lookups via Cloudflare do SUCCEED
Additional Information
At present, I have only seen the issue occur when querying cloudflare-dns.com so I am not sure if this is an issue with AGH + Cloudflare only or AGH + all services.
Sorry about the late response. Is this still an issue? Also, do you have the Enable EDNS client subnet option enabled? If so, it could be an EDNS issue, and disabling it could shed some light.
Just found this issue cuz I have seen the same problem. @ainar-g Turning off EDNS did fix it.
Here's with EDNS on:
Here's with EDNS off:
