You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Hide your search queries, Strip URLs of tracking parameters, Self-destruction of third-party cookies, Disable WebRTC, Block Location API, Block Flash, Disable Windows Telemetry, Turn off Advertising ID, Disable Microsoft Defender automatic samples submission
Support ticket ID
No response
Issue Details
Steps to reproduce:
go to Settings\DNS Protection>
in "Select DNS server from the list" dialog, Add a custom DNS server
add Adguard Home server, Save and select
Actual Behavior
A DNS server with this address already exists. DNS protection is enabled.
Expected Behavior
accept the custom record whatever it is.
ideally without the connectivity check ("Invalid Address"), This help is not needed
Screenshots
No response
Additional Information
Adguard for Windows, unlike Adguard for Android, doesn't allow Adguard Home or any custom DNS server just because it thinks it's duplicit. The steps above work on Android, same server can be added many times no matter if it equals another custom item or equals "system default".
It should be allowed on Windows. "System default", and the failover mechanism, is condusing on both OS, and causes connectivity blocking in years of use. "System default" could be also anything at the moment, which is highly undesirable and means "bypass". The idea is to use Adguard Home all of the time.
DNS filtering or at least logging is desired, but without the cost of Adguard trying to set the DNS address with random success. Solution
a) don't set the DNS upstream. DNS filtering seems to be linked to control of the DNS server setting. Not sure if this is a must but if so, point b)
b) Adguard for Windows fix: be able to set a static forever address as a DNS. Ignore the fact that it is same as "System default" at the moment. Ignore the connectivity check as well.,
c) admin can also try to trick the GUI. Add a unique record to pass the unwanted duplicit and connectivity check (can be challenging in the environment where firewall is blocking allien DNS). Then edit the record and set it to Adguard home IP with port 53. Bingo, checks bypassed.
It takes a blackout or just resume from sleep to be locked out of DNS. In the tested environment, in this case there's only Adguard home allowed as DNS (simple IP). A local server DNS query could be easily found in the "DNS exclusions". With "[ ] Use fallback DNS upstreams" disabled (knowing on Android it forces Adguard public servers = bypass), this causes Adguard for Windows report SERVFAIL back to the user. The Adguard's "filtering log" doesn't show the DNS upstream server in this case, so communication must be recorded in Wireshark:
No. Time Source Destination Protocol Length Info
961 1.885912 localhost.local localhost.local DNS 70 Standard query 0x0002 A web.local.net.local
962 1.886444 localhost.local localhost.local DNS 70 Standard query response 0x0002 Server failure A web.local.net.local
967 1.887530 localhost.local localhost.local DNS 70 Standard query 0x0003 AAAA web.local.net.local
968 1.887931 localhost.local localhost.local DNS 70 Standard query response 0x0003 Server failure AAAA web.local.net.local
973 1.888910 localhost.local localhost.local DNS 63 Standard query 0x0004 A web.local.net
974 1.889284 localhost.local localhost.local DNS 63 Standard query response 0x0004 Server failure A web.local.net
979 1.890766 localhost.local localhost.local DNS 63 Standard query 0x0005 AAAA web.local.net
So Adguard for Windows is no longer asking Adguard home for local records, despite connectivity was resumed. From user point of view, dozens of local servers stop working but they worked before a general network issue.
It seems trying to avoid Adguard's DNS management as much as possible reveals the second issue: existing default DNS exclusion lists collide with the admin's setting. Solution:
a) Adguard for Windows fix: if fallback is disabled, ignore the exclusion lists. Can't force DNS to null.
b) admin don't alter the "Use fallback DNS upstreams" checkbox, instead define custom fallback server = Adguard home IP
The text was updated successfully, but these errors were encountered:
no, i'm adding a unique server IP or hostname (which might be the same as "Automatic" but that's ok) and it's the first custom item (that should allow any entry)
so when adding the first custom entry and that entry happens to be the same what Adguard think is "System default", it will end up like this:
->
To override, it's possible to add port :53. Despite it's literally still the same address as "System Default".
I reckon such duplicity check is completely pointless. We should add our servers as we wish. What is "System Default" right now is not important, The goal is to set your server statically from now.
Duplicity check could perhaps check only custom entries.
Connectivity check is redundant too.
I don't see a point of telling me about Adguard not able to connect. I care about what I will be able to connect, and i know it's that IP. Such assistance is not needed:
But i'd say it's lower priority than the duplicity check.
AdGuard version
7.16.0
Browser version
any
OS version
Windows 11 2023H2
What filters do you have enabled?
AdGuard Base filter
What Stealth Mode options do you have enabled?
Hide your search queries, Strip URLs of tracking parameters, Self-destruction of third-party cookies, Disable WebRTC, Block Location API, Block Flash, Disable Windows Telemetry, Turn off Advertising ID, Disable Microsoft Defender automatic samples submission
Support ticket ID
No response
Issue Details
Steps to reproduce:
Actual Behavior
A DNS server with this address already exists. DNS protection is enabled.
Expected Behavior
accept the custom record whatever it is.
Screenshots
No response
Additional Information
Adguard for Windows, unlike Adguard for Android, doesn't allow Adguard Home or any custom DNS server just because it thinks it's duplicit. The steps above work on Android, same server can be added many times no matter if it equals another custom item or equals "system default".
It should be allowed on Windows. "System default", and the failover mechanism, is condusing on both OS, and causes connectivity blocking in years of use. "System default" could be also anything at the moment, which is highly undesirable and means "bypass". The idea is to use Adguard Home all of the time.
DNS filtering or at least logging is desired, but without the cost of Adguard trying to set the DNS address with random success. Solution
a) don't set the DNS upstream. DNS filtering seems to be linked to control of the DNS server setting. Not sure if this is a must but if so, point b)
b) Adguard for Windows fix: be able to set a static forever address as a DNS. Ignore the fact that it is same as "System default" at the moment. Ignore the connectivity check as well.,
c) admin can also try to trick the GUI. Add a unique record to pass the unwanted duplicit and connectivity check (can be challenging in the environment where firewall is blocking allien DNS). Then edit the record and set it to Adguard home IP with port 53. Bingo, checks bypassed.
It takes a blackout or just resume from sleep to be locked out of DNS. In the tested environment, in this case there's only Adguard home allowed as DNS (simple IP). A local server DNS query could be easily found in the "DNS exclusions". With "[ ] Use fallback DNS upstreams" disabled (knowing on Android it forces Adguard public servers = bypass), this causes Adguard for Windows report SERVFAIL back to the user. The Adguard's "filtering log" doesn't show the DNS upstream server in this case, so communication must be recorded in Wireshark:
So Adguard for Windows is no longer asking Adguard home for local records, despite connectivity was resumed. From user point of view, dozens of local servers stop working but they worked before a general network issue.
It seems trying to avoid Adguard's DNS management as much as possible reveals the second issue: existing default DNS exclusion lists collide with the admin's setting. Solution:
a) Adguard for Windows fix: if fallback is disabled, ignore the exclusion lists. Can't force DNS to null.
b) admin don't alter the "Use fallback DNS upstreams" checkbox, instead define custom fallback server = Adguard home IP
The text was updated successfully, but these errors were encountered: