-
Notifications
You must be signed in to change notification settings - Fork 190
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
dae work with adguardhome #31
Comments
Notice that if your adguardhome is in the same machine of dae, please bind to WAN to make the adguardhome's https traffic to google go through proxy. In this case, |
Thank you for your quick reply. dns { routing { Some log message |
The log shows your AdGuardHome is requesting 127.0.0.1:53(itself, I guess). This should not happen. |
Yes, dae seems to have intercepted the dns request, but local host and the PC that connected to the transparent gateway can't get the IP address. A new error PS. the WAN port and the LAN port are both bound to enp1s0, is this the problem? |
You are right. I'll look into it. Maybe there is something wrong with dae's new code. |
Please send me a message if you need test or log information. Thanks again and have a nice day. |
It should be fixed in 207c343. Thank you so much for your issue! Please test it again.
It doesn't matter. dae supports this. |
Thank you for fast update. The good news is the local host works! But the PC connected to the transparent gateway still does not work. no error message appear. |
I think you can configure your DHCP to use a public DNS (such as 8.8.8.8 and 223.5.5.5 but whatever it is); the requests will be intercepted by dae and forwarded to adguardhome. Because if you configure it as |
Still not work, should I need change resolv.conf in local host? The current settings is 127.0.0.1 (adguardhome) The public DNS configure in adguardhome is DoH https://1.1.1.1/dns-query |
No. It should be OK. I committed a new patch ea568eb. Hope it can resolve it. After this patch. I noticed that it is also feasible to set the IP of dae machine as DNS server in DHCP settings even if the port 53 is listened on by another program. |
Sorry, I have recompiled the latest version but no luck. No matter if I set DNS to adguardhome ip or public dns it doesn't work Can you share your full configuration file? the error message appears when I set the client DNS to 8.8.8.8 |
OK.. But what is the naive process? I notice that the naive proxy is in the log. Are logs generated quickly now? |
I don't think it's a problem with naiveproxy. On the local host, the proxy works fine. But the client still can't get the IP address. root@debian:~# wget qq.com index.html.10 [ <=> ] 26.67K --.-KB/s in 0.02s 2023-03-13 23:37:31 (1.30 MB/s) - ‘index.html.10’ saved [27307] root@debian:~# wget google.com index.html.11 [ <=> ] 15.73K --.-KB/s in 0.02s 2023-03-13 23:37:38 (772 KB/s) - ‘index.html.11’ saved [16103] |
OK. Do you have a linux machine? You can set log_level to trace in the dae configuration file, then:
I'm not sure whether you can do this on Windows with similar tools. |
I will creat a VM to test tomorrow. |
Thanks for your help. Good night. |
dig and curl output ; <<>> DiG 9.16.37-Debian <<>> qq.com root@test:~# dig google.com ; <<>> DiG 9.16.37-Debian <<>> google.com root@test:~# curl -f qq.com DAE Log |
what about curl 1.1.1.1 |
I think it may be a NIC problem. Try to listen AdGuardHome on a non-53 port. Don't fotget to modify corresponding upstream settings in dae config. |
root@test:~# curl 1.1.1.1 <title>301 Moved Permanently</title>301 Moved Permanentlycloudflare |
Modified the adguardhome port but still the same result dns { |
So weird. I have the same configuration but cannot reproduce. |
What if you do not use adguardhome? Will it perform fine? |
Will adguardhome work (test it on port 53) when dae is stopped? |
I have changed dns settings in dae and client to 1.1.1.1, same result. If remove the dns section in ade, it works. dns { nameserver 1.1.1.1 |
Yes, adguardhome works fine. The problem only occurs after added dns section to dae |
Ok... Good change... So if you change fallback:adgaurdhome to fallback:asis, will it remain failure? |
changed dns to 1.1.1.1 and fallback to asis, I got these errors Mar 14 11:50:23 debian dae[481]: level=trace msg="Request to DNS upstream" question=[{qq.com. TypeA ClassINET}] upstream=asis |
Please change your dns to 223.5.5.5 and try again. |
Changed dns on both client and dae but no luck. Mar 14 11:58:26 debian dae[483]: level=trace msg="Request to DNS upstream" question=[{qq.com. TypeA ClassINET}] upstream=asis here is the full config file |
There is a weird point. If your proxy does not support UDP, why after removing DNS section it can forward traffic to 1.1.1.1:53 successfully? |
I see. You mean that DNS server uses adguardhome in this case. |
I think dae should act like a normal dns server when port 53 is not in use. Can you reach me on telegram? @mzz2017 |
Sorry, my telegram account is currently unavailable If the dns setting is added to dae, does that mean dae will listening on port 53? Maybe I should stop the adguradhome service and try again |
Dae will not actually listen on port 53. It uses a magic method to simulate. Use |
I have disabled Adguardhome then changed dae dns and client dns to 223.5.5.5, it works now! |
Generally, it works fine regardless of whether other programs listen on 53. However, it will fail when you have some other program listen on port 53 and your NIC does not support to disable checksum verification in the production environment. If you encounter this problem, the solution is to not occupy port 53. You should change your adguardhome listening port. |
Disable NIC checksum verification, do you mean this command? |
No, it has nothing with offload. Do not disable it. |
Maybe I should give up using adguardhome if dae also supports the dns caching feature |
Yes. You can do this. Now dae only supports tcp/udp. DoH, DoT, DoQ are in TODO list. And if you still want to use adguardhome, I think trying changing the listening port is a good method. Anyway, thanks for help with debugging. |
Can I using Doh in dae like this 1111dns: 'https://1.0.0.1/dns-query:443' |
Not yet. dae does not support DoH yet. |
Of course, this feature is important, and I think it should be supported in the first half of this year. |
I will continue testing in the evening. Thank you very much for your patience! |
Thank you! Have a good day! |
I'll close this issue as completed. If you have other problems. Please open another issue. |
I am using adguardhome as upstream DNS but it is not working with dae, the domain traffic split not work. Could you please give me a sample config file. Many thanks!
Node is naiveproxy socks5
adguardhome:china website 223.5.5.5 upd dns,other site Google DoH dns
My current configuration file is below
global {
tproxy_port: 12345
log_level: info
#tcp_check_url: 'http://keep-alv.google.com/generate_204'
#udp_check_dns: 'dns.google:53'
#check_interval: 30s
#check_tolerance: 50ms
lan_interface: enp1s0
# wan_interface: enp1s0
allow_insecure: false
dial_mode: domain
}
node {
fast_node: 'socks5://127.0.0.1:10000'
cloud_node: 'socks5://127.0.0.1:10001'
}
dns {
upstream {
adguardhomedns: 'tcp+udp://127.0.0.1:53'
}
#routing {
#request {
#fallback: asis
#}
#response {
#upstream(localdns) -> accept
# !qname(geosite:cn) && ip(geoip:private) -> googledns
#fallback: accept
#}
#}
}
Node group (outbound).
group {
fast_group {
policy: fixed(0)
}
cloud_group {
policy: fixed(1)
}
}
routing {
### Preset rules.
pname(AdGuardHome) -> must_direct
# pname(NetworkManager, systemd-resolved) -> direct
dip(224.0.0.0/3, 'ff00::/8') -> direct
dip(geoip:private) -> direct
}
The text was updated successfully, but these errors were encountered: