Internal hosts not reachable when DNS filtering is enabled

[ep0ns]

I am using a company internal domain which does not work when Adguard DNS is set in Adguard Windows.

I am using the default settings (WPF) and have set the company internal domain to the DNS Whitelist in the settings. I whitelisted *.domain.

I have tested this with browsing internal domains and using Windows RDP. No matter if I use the FQDN or just hostname, it does not work.

Steps to reproduce

1. Enable DNS Filtering in Adguard
2. Enter internal domain to DNS exclusion list in Adguard
3. Browse internal website and try RDP connection
4. See that connection is not possible and the following error is showed in chrome "DNS_PROBE_FINISHED_NXDOMAIN"

Note: HTTPS-Filtering is disabled in Adguard

Expected behavior

Domains that are listed in the DNS exclusion list will not be directed via the Adguard DNS service.

Actual behavior

Domains that are listed in the DNS list are routed through the Adguard DNS service.

[Aydinv13]

To troubleshoot this issue, we need to get the app trace logs. Here's what we need you to do:

1. Turn on debug logging level (Settings - General settings - Logging level - Debug).
2. Close AdGuard via tray menu (right lick - Exit AdGuard - No).
3. Open terminal cmd and paste C:\"Program Files (x86)"\Adguard\Adguard.exe /trace there.
4. Reproduce your issue.
5. Remember the exact time when the issue was reproduced. We will need it to find the corresponding records in the log file.
6. Send the archive to [email protected] and mention this issue number in the subject.
7. Turn on Default logging level.

[adbuker]

@ep0ns , could you please check the issue with the latest stable 7.10 version

[ep0ns]

@adbuker I already checked, unfortunately the issue is still present.

[adbuker]

@ep0ns , ok, thanks a lot, we'll work on it

[ep0ns]

@adbuker Please note that the DNS-Filtering and domain exclusion list feature should work regardless of HTTPS-Filtering enabled. It seems that by using HTTPS-Filtering the internal domain is working. But for the remote desktop connection I didn't retest, because i set the app to the exclusion list in adguard.

Also the issue is not dependent on usage of VPN.

[adbuker]

@ep0ns , thank you for your patience, could you please try to repro the issue with the latest nightly version. We've started using generally reworked DNS module. If the issue still persist, please grab and send the logs again

[ep0ns]

@adbuker Currently I could just test it with VPN connection and there it is still reproducable. Whyever, some servers are reachable after doing a nslookup in the commandline.

I am using the adguard private DNS. When checking the logs for 1) and 2) I see that the hostnames are very strange like

server.domain.vpndomain is looked up

I have cleared the DNS cache before each test

Case 1) Server reachable after manual nslookup 1a trying a RDP-connection to internal server does not work 1b Using nslookup and the server can be resolved successfully - here the adguard DNS bypass setting works 1c trying a RDP-connection again and it works

Case 2) Server not reachable after manual nslookup a Server in same network as server from example 1) b trying to connect via rdp fails c trying nslookup the server fails

[northis]

@ep0ns if you disable DNS in AdGuard, would you be able to connect to your local domains? You can also try the following:

1. Delete mstsc.exe from exclusions
2. Try to disable Filter localhost in the Advanced settings. There is a possibility that it may help. This setting can be changed if you don't have AdGuard VPN installed.
3. In DNS exclusions, leave only two of the servers you want to connect (from the case 1 and case 2) - this is to exclude possible influence of the *.domain and other entries.

[ep0ns]

@northis

Everything seems to be working fine now.

I already removed the mstsc from exclusions. It works now. Seems like something about the credentials that have been stored on my computer for the remote servers was wrong.

[northis]

@ep0ns Thank you, so I close this issue

[ep0ns]

@northis

Well yesterday it worked but it does only partly. It's noto finished. It's still in alpha phase and also needs to be tested by yourself.

Sometimes the RDP-Connection is not possible, in this case also pinging or nslookup fails. Sometimes a second try to connect works.

Also there seems maybe to be an issue with windows hibernation.

Since Adguard Pro is paid, I would expect that your team takes this serious. Thank you.

[northis]

@ep0ns Have to tried to disable DNS in AdGuard and check? Would it work if you use IP address for the RDP connection instead of domain?

[ep0ns]

@northis yes, i disabled and reanbled DNS in Adguard and yes.

[northis]

@ep0ns try nightly 10. If it still doesn't work, please, grab and send us the logs

[ep0ns]

@ep0ns try nightly 10. If it still doesn't work, please, grab and send us the logs

@northis Issue is still present with nightly 10. I have just submitted the logs and my own records of failed/successfull RDP connect attempts. Thanks for your effort.

[northis]

@ep0ns Have you changed your system DNS during reproducing the issue? AdGuard uses system DNS to resolve addresses from the exclusions. Looks like the first time AdGuard was unable to resolve your local address, Google DNS was used. Obvious, it cannot know about your local addresses. The second time it was your local DNS (from ISP may be) and the attempt was successful.

[ep0ns]

@northis No. I have not changed my system DNS. I have only used ipconfig /flush. The question is why was Google DNS used. I wi ll try to find out.