Automatic root proxy BYPASS DNS filtering completely.

[Rtizer-9]

Please answer the following questions for yourself before submitting an issue.

• [X] I am running the latest version
• [X] I checked the documentation and found no answer
• [X] I checked to make sure that this issue has not already been filed

AdGuard version

4.2.88 nightly

Environment

- OS: Android 13 Custom Rom
- Device:
- Firmware:

Root access

• [X] Yes, I have it.

What filters do you have enabled?

No response

What Stealth Mode options do you have enabled?

No response

Issue Details

Steps to reproduce:

1. Set a filtering DNS server like nextdns in ag.
2. Set ag filtering mode to automatic proxy.

Expected Behavior

The domains blocked in your configured dns server should be blocked in ag perfectly with 0.0.0.0 replies for their requests in ag filtering log.

Actual Behavior

1. In automatic root proxy if you visit the website which is blocked in the configured dns server, ag still lets you visit that without any blocking ever getting triggered.

2. This happens with a configured server like nextdns, I don't know about the user configured rules of dns acting as expected or not, I'm specifically talking about a configured filtering dns server here.

3. If you switch to VPN mode without changing any other setting, everything starts to work as expected and it even shows in filtering log properly.

Screenshots

Screenshot 1:

Additional Information

This happens in latest nightly and I checked it after clearing all data of adguard from a fresh state so as to completely remove the possibility of some other user config causing this so I'm pretty sure that this happens in default state after just setting a configured dns server and automatic proxy.

When automatic proxy is on with your configured nextdns server, the nextdns account page shows that it's not being used and when you change to VPN mode without changing anything, it correctly shows that it's being used.

[Rtizer-9]

Is there any update on this? It's a very critical issue.

[Rtizer-9]

It's happening again. Vpn mode do it without any issue but automatic proxy is a hit and miss. You can test it simply by switching between vpn and automatic proxy mode.

[sfionov]

@Rtizer-9 Do you have IPv6 DNS servers?

[Rtizer-9]

I'm using nextdns dns-over-https url with http3 forced like h3://dns.nextdns.io/myconfig.

But as I mentioned above just to be sure I completely cleared Adguard data and then only added nextdns dns with both usual doh and then doh3, both has same behaviour.

When I switch to vpn mode, everything works as it's supposed to be.

To replicate this you can simply go to nextdns and make a dummy account with some temporary email and then use that in Adguard.

I've mentioned nextdns but you can probably test this with any other filtering dns. It seems like with automatic proxy the dns module isn't completely able to redirect all requests probably to itself all the time.

The nextdns account page will also show you whether you're connected to them or not, you can assume that because of some incompatibility it'll show you it's not connected but works as expected but that's not the case.

The request log in nextdns is also not showing the urls while automatic proxy is being used. With VPN mode, all things work - nextdns correctly shows it's being used and requests log also logs all the urls with all rules applied properly with doh3.

[Rtizer-9]

@sfionov the bug is still unresolved after that tproxy update and again, turning off ipv6 resolves this.

I'm currently using simple ipv4 and ipv6 address as dns in ag and the blocking still doesn't work.

The interesting thing is that this should've meant all the blocked ads and trackers should have bypassed similarly but the ads and trackers blocking works perfectly so I don't really know why a particular user filter isn't working even though it shows being blocked in the filtering log.

[Dondrejohnson5]

This issue may or may not coincide with a bug that forcefully disables total ag protection in auto-root mode after only a few hours, and won't re-enable until force-stop. On VPN mode, ad blocking goes on for hours with no hitch

[Versty]

@Dondrejohnson5 This is a separate issue, discussed in #5338

[Rtizer-9]

@sfionov @Versty it's been so long and the automatic proxy still has this issue. Eagerly waiting for your reply. You can easily replicate the issue on your side so there shouldn't be an issue with understanding what's happening under the hood.

[Dondrejohnson5]

@Dondrejohnson5 This is a separate issue, discussed in #5338

If this is so, then I must not have used automatic root long enough to notice until now, but regardless, the fact that either of these issues is long-standing is pretty concerning

[LiliumFra]

Since version 4.7.163, I have exactly the same problem, root proxy DNS filtering does absolutely nothing, even reinstalling the app, the problem persists.

[Versty]

@LiliumFra @Rtizer-9 It looks like the fix did not go as smoothly as expected.

Could you please collect debug logs from the latest release 4.8 as described below?

1. Enable debug logging: Settings -> General -> Advanced -> Logging level -> Debug.

2. Relaunch the AdGuard application

3. Reproduce the problem, then remember the exact time when it happened.

4. Collect logs: Settings -> General -> Advanced -> Export logs and system info.

5. Send this file to [email protected]:

   • include [android] keyword and 4976 in the subject of your email
   • specify the exact time when the issue occurred

[ameshkov]

Duplicates https://github.com/AdguardTeam/AdguardForAndroid/issues/5223

Filtering IPv6 UDP in automatic proxy mode is quite tricky, we're yet to figure it out. The temporary solution would be to disable IPv6.