AdGuardHome icon indicating copy to clipboard operation
AdGuardHome copied to clipboard

Published 20 hours ago verified publisher icon AdguardTeam

DNS Server crashes on settings change using TLS upstream

Open Commy opened this issue 1 year ago • 9 comments

Prerequisites

  • [X] I have checked the Wiki and Discussions and found no answer

  • [X] I have searched other issues and found no duplicates

  • [X] I want to report a bug and not ask a question

Operating system type

Linux, Other (please mention the version in the description)

CPU architecture

64-bit ARM

Installation

GitHub releases or script from README

Setup

On one machine

AdGuard Home version

107.18

Description

What did you do?

Changed a setting, e.g. enabled DNSSEC or changed the blocking mode. (Doesn’t really matter what setting as long as it restarts the DNS server when applying).

The primary Upstream DNS is configured to use TLS using tls://1.1.1.1:853 or Adguard’s TLS equivalent.

Expected result

Settings should be applied and server should continue to run.

Actual result

DNS Server crashes and stops resolving until a manual restart of the AdGuard Home service.

Screenshots (if applicable)

BE9B5AFA-A2BC-46F3-9EB1-AF496C4615B0

31799D08-2494-44F3-9614-D9E1A96A30FC

Additional information

Hardware: Raspberry Pi 3b OS: Raspbian lite 64 bit (Debian 11 Bullseye)

At first I thought this was due to a conflict with unbound when I installed it. I removed it, same error. I then reinstalled the entire OS and only installed AdGuard Home. Same error. I haven’t seen this error before, but I have started using a TLS upstream only recently. Doesn’t occur when using Plain DNS Upstream.

Commy avatar Nov 09 '22 01:11 Commy

Noticed the same issue in 107.17+ when trying to save changes in DNS settings. I've been using 107.16 and never noticed such error until I updated to 107.18. Same issue was happening in 107.17.

/control/dns_config: could not reconfigure the server: closing primary resolvers: stopping dns proxy server: failed to close some upstreams: 3 errors: "failed to close some connections: 5 errors: \"tls: failed to send closeNotify alert (but connection was closed anyway): write tcp 172.19.6.25:39710->1.0.0.1:853: write: broken pipe\", \"tls: failed to send closeNotify alert (but connection was closed anyway): write tcp 172.19.6.25:39718->1.0.0.1:853: write: broken pipe\", \"tls: failed to send closeNotify alert (but connection was closed anyway): write tcp 172.19.6.25:39808->1.0.0.1:853: write: broken pipe\", \"tls: failed to send closeNotify alert (but connection was closed anyway): write tcp 172.19.6.25:39988->1.0.0.1:853: write: broken pipe\", \"tls: failed to send closeNotify alert (but connection was closed anyway): write tcp 172.19.6.25:39994->1.0.0.1:853: write: broken pipe\"", "failed to close some connections: 2 errors: \"tls: failed to send closeNotify alert (but connection was closed anyway): write tcp 172.19.6.25:58688->8.8.4.4:853: write: broken pipe\", \"tls: failed to send closeNotify alert (but connection was closed anyway): write tcp 172.19.6.25:58620->8.8.4.4:853: write: broken pipe\"", "failed to close some connections: tls: failed to send closeNotify alert (but connection was closed anyway): write tcp 172.19.6.25:40034->9.9.9.9:853: write: broken pipe"

monkitrainer avatar Nov 09 '22 03:11 monkitrainer

Same error on v0.108.0-a.381+98af0e00. Occur kinda randomly.

CDzungx avatar Nov 09 '22 12:11 CDzungx

I also experienced it im back 0.107.16

pendie avatar Nov 09 '22 18:11 pendie

I'm experiencing this pretty regularly when saving settings in AdGuard Home 107.18, also only with DoT upstreams (dns.switch.ch and dns10.quad9.net)

Maffsie avatar Nov 11 '22 14:11 Maffsie

Happens for me 100% of the time if there is any DoT upstream present. It crashes the entire DNS any time I try to apply any DNS config changes in the web interface. Without any DoT upstreams, problem is gone. Not sure exactly when this first started occuring but last time I was fiddling with config it didn't have this issue (would be a few versions back)

Adguard version: v0.107.18 Environment: Docker on Unraid v6.11.2 Hardware: Intel 12600k, 64gb ram Network:

  • Docker config: macvlan with dedicated NIC/dedicated IP for adguard home (192.168.5.10) (realtek 2.5g onboard)

2022/11/13 12:13:23.934825 [info] Start reconfiguring the server 2022/11/13 12:13:23.934843 [info] Stopping the DNS proxy server 2022/11/13 12:13:23.935361 [info] Stopped the DNS proxy server 2022/11/13 12:13:23.935479 [error] POST [*my local adguard domain*] /control/dns_config: could not reconfigure the server: closing primary resolvers: stopping dns proxy server: failed to close some upstreams: failed to close some connections: 7 errors: "tls: failed to send closeNotify alert (but connection was closed anyway): write tcp 192.168.5.10:53692->1.0.0.1:853: write: broken pipe", "tls: failed to send closeNotify alert (but connection was closed anyway): write tcp 192.168.5.10:53760->1.0.0.1:853: write: broken pipe", "tls: failed to send closeNotify alert (but connection was closed anyway): write tcp 192.168.5.10:53714->1.0.0.1:853: write: broken pipe", "tls: failed to send closeNotify alert (but connection was closed anyway): write tcp 192.168.5.10:53730->1.0.0.1:853: write: broken pipe", "tls: failed to send closeNotify alert (but connection was closed anyway): write tcp 192.168.5.10:53764->1.0.0.1:853: write: broken pipe", "tls: failed to send closeNotify alert (but connection was closed anyway): write tcp 192.168.5.10:43144->1.0.0.1:853: write: broken pipe", "tls: failed to send closeNotify alert (but connection was closed anyway): write tcp 192.168.5.10:48814->1.0.0.1:853: write: broken pipe"

Works fine again upon restarting the container

pauly2805 avatar Nov 13 '22 01:11 pauly2805

I can confirm everything that pauly2805 wrote. I'm, using AGH on macvlan too.

physx2494 avatar Nov 27 '22 10:11 physx2494

My problem went away after an update to version 107.19. Did somebody silently fix the issue? I don't see any more errors or server crashes when applying settings.

Commy avatar Nov 27 '22 21:11 Commy

Same thing happens here 107.19 Raspberry Pi 4 wnrt back to DoH

Error: control/dns_config | could not reconfigure the server: closing primary resolvers: stopping dns proxy server: failed to close some upstreams: failed to close some connections: 4 errors: "tls: failed to send closeNotify alert (but connection was closed anyway): write tcp 192.168.50.200:37398->1.0.0.1:853: write: broken pipe", "tls: failed to send closeNotify alert (but connection was closed anyway): write tcp 192.168.50.200:44694->1.0.0.1:853: write: broken pipe", "tls: failed to send closeNotify alert (but connection was closed anyway): write tcp 192.168.50.200:44704->1.0.0.1:853: write: broken pipe", "tls: failed to send closeNotify alert (but connection was closed anyway): write tcp 192.168.50.200:35214->1.0.0.1:853: write: broken pipe" | 500

Glassertje avatar Nov 28 '22 13:11 Glassertje

I'm running 107.19 (on Linux) and it's still an issue, 107.19 didn't fix it.

buzzwebly avatar Nov 30 '22 16:11 buzzwebly

same here on dell wyse dx0d with HA (ADH as addon). And my adh resolve time jump from 5 ms to 80 ms...

kuduacz avatar Dec 05 '22 13:12 kuduacz

I'm also having the same issue. I have two AGH setups one on a Pi0 W and Pi4B. I've got NextDNS as my upstream for both DoH and DoT.

pbanana avatar Dec 06 '22 04:12 pbanana

Same question here on v0.107.19 x86_64. But v0.108.0-b.10 arm_64 doesn't have such problem, configurations are totally same.

iamydp avatar Dec 07 '22 10:12 iamydp

Same question here on v0.107.20 x86_64 Docker.

ICEY1W32 avatar Dec 13 '22 12:12 ICEY1W32

Apologies for the long response, everyone. We're preparing a fix in #5251, and we're planning to publish a new release with this issue fixed very soon. I'll merge this issue into that one.

ainar-g avatar Dec 13 '22 14:12 ainar-g