Listening to TCP is mandatory in some cases

[alexruf]

Running AdGuard Home v0.92 on Raspberry Pi 3 Model B+.
Cloudflare DNS servers are configured as Upstream DNS servers (regular DNS over UDP, since DoT currently causes issues with AdGuard Home).

The problems is that on my Sony Bravia Android-TV Netflix stops working with connections issues to the Netflix Servers as soon as AdGuard Home DNS Servers are used withing my home network.
First I thought that some hosts are blocked by filter lists. But the Query Log didn't show any blocked or empty DNS requests. So I tried to disable everything (protection, all filters and block lists), but still the Netflix app doesn't work.
So I used Cloudflare DNS servers directly in my home network. The Netflix App instantly was working again.

Seems to be an issue with AdGuard Home. I was using Pi-hole before to globally block Ads in my network without problems.

[Vansinnet]

I believe you're experiencing the same issue as #505

If so, it's a known issue that is going to be adressed.

[alexruf]

Don't think it's the same issue as #505
v0.92-hotfix1 has solved many connection issues, but not this one.

[ameshkov]

Could you please run AG Home with -v argument and collect the verbose log?

[alexruf]

Could you please run AG Home with -v argument and collect the verbose log?

Should I send you the logs to your email address?

[ameshkov]

@alexruf hi! I've received your log, thank you!

Just in case, do you have go installed? Can you build a test version of AG Home if I make some changes in a branch?

[alexruf]

Just in case, do you have go installed? Can you build a test version of AG Home if I make some changes in a branch?

I have Go 1.11.4 installed on my MacBook yes.

[ameshkov]

Awesome, I'll get back with instructions then.

Also, it'd be easier to experiment with https://github.com/AdguardTeam/dnsproxy and not AG Home, that's what works under the hood of AG Home anyway.

[ameshkov]

Ah, one more thing, it makes sense to build and run dnsproxy right away and see if there's any issue with this configuration:
./dnsproxy -u tls://1.1.1.1 -v

In this case dnsproxy will run with disabled cache and that might be important for this issue

[ameshkov]

Thanks to @alexruf I can now compare logs from dnsproxy and AGH.

There's one interesting detail about it, some of the DNS requests came to dnsproxy over TCP, and the difference is that AGH does not listen to TCP! That might be important.

[ameshkov]

@alexruf could you please build AGH from this branch and see how it goes?
https://github.com/AdguardTeam/AdGuardHome/tree/fix/521

To build AGH you'll need go v1.11 and node v10+ (and npm v6+).

It's explained here how to build it:
https://github.com/AdguardTeam/AdGuardHome#prerequisites

@ibksturm as I understand you've got some issues with Netflix as well. Could you please check if you still experience it with v0.92-hotfix1?

[ibksturm]

updatet to 0.92-f1 netflix running since 6h stable

my wife too...........

i use a combi from dot, doh and dnsc servers

127.0.2.5:55
tls://dns.switch.ch
tls://unicast.censurfridns.dk
tls://iana.tenta.io
tls://dns.quad9.net
https://doh.powerdns.org
sdns://AgMAAAAAAAAADjE3Ni41Ni4yMzYuMTc1ID4aGg9sU_PpekktVwhLW5gHBZ7gV6sVBYdv2D_aPbg4DmRucy5hYWZsYWxvLm1lCi9kbnMtcXVlcnk
sdns://AQcAAAAAAAAAEzE3OC4xMjguMjU1LjI4OjUzNTMgkr1k-Lp2d9IXiFlXoBAgFGZUCJSPW_x81Ec6ShkPsJYdMi5kbnNjcnlwdC1jZXJ0LmJvdHRsZXBvc3QubWU
sdns://AQMAAAAAAAAAFFsyYTBkOjJhMDA6MTo6XTo4NDQzILysMvrVQ2kXHwgy1gdQJ8MgjO7w6OmflBjcd2Bl1I8pEWNsZWFuYnJvd3Npbmcub3Jn
sdns://AgUAAAAAAAAAACA-GhoPbFPz6XpJLVcIS1uYBwWe4FerFQWHb9g_2j24OAxjb21tb25zLmhvc3QKL2Rucy1xdWVyeQ
sdns://AgMAAAAAAAAADTk0LjEzMC4xODMuMTgAEmRvaDEuZG5zd2FyZGVuLmNvbQEv

[alexruf]

@alexruf could you please build AGH from this branch and see how it goes?
https://github.com/AdguardTeam/AdGuardHome/tree/fix/521

To build AGH you'll need go v1.11 and node v10+ (and npm v6+).

It's explained here how to build it:
https://github.com/AdguardTeam/AdGuardHome#prerequisites

I tried to build it from source, but had trouble to do so. Couldn't figure out what exactly went wrong.

...
GOOS=darwin GOARCH=amd64 GO111MODULE=off go get -v github.com/gobuffalo/packr/...
PATH=[...]: No such file or directory
make: *** [AdGuardHome] Error 127

[ameshkov]

Make sure that you clone the repo not to gopath

You need osx binary? I guess I can build it for you later when I am at the laptop.

[alexruf]

Make sure that you clone the repo not to gopath

You need osx binary? I guess I can build it for you later when I am at the laptop.

Nope 'linux/ARMv7'.
Cloned it to a directory outside of my GOPATH and tried to build with env GOOS=linux GOARCH=arm GOARM=7 make, but still get same error.

[alexruf]

@alexruf could you please build AGH from this branch and see how it goes?
https://github.com/AdguardTeam/AdGuardHome/tree/fix/521

@ameshkov I was finally able to build the fix/521 branch from source and can confirm that it indeed fixed the problems for me. Seems like you were right and for some weird reasons there were DNS requests made over TCP instead of UDP by some applications.
Thanks allot for your effort in analyzing this problem and providing a fix! 👍

[ameshkov]

@alexruf thanks for checking it!

[ghost]

@ameshkov Second confirmation, fixed Netflix on Roku devices too (#534) 😄

[zeus10000]

Looks like this issue is back on v0.96-hotfix. Cannot access netflix app on smart tv. II dont see any DNS query log in the GUI which suggests that domain is blocked.

Works fine when switching back to ISPs DNS servers.

[ameshkov]

@zeus10000 hm, this must be something else, the DNS server currently listens to TCP.

Could you please enable verbose logging and check what's there?