I wanted to describe a behaviour I’ve been seeing on my network since installing AdGuard Home (Brilliant add-on BTW) and what I assume is a mis-use of the search domain as a way of resolving domain names. Plus a solution
So, I have a local domain of mydomain.duckdns.org
and before installing AdGuard Home a local DNS service provided by my router which resolved all DNS queries.
After installing AdGuard I noticed that as well as a distinct lack of adverts, some web pages would take over 30 seconds load. I put this down to those pages ‘waiting’ for advertising to load before timing out and loading the rest of the content.
Looking at the DNS query logs in AdGuard I noticed something strange. For a number of blocked DNS requests, there was matching DNS request for the same domain appended with my local domain name. eg.
Blocked query for api.segment.io
Resulted in a matching query for api.segment.io.mydomain.duckdns.org
I’m no expert, but I am aware that DNS requests to non FQDN domains (i.e. those that do not contain DOT’s) will/can have the domain search suffix added to these requests: eg.
A lookup for my-nas
Will be appended to my-nas.mydomain.duckdns.org
So (on the face of it) it looks like this is happening with domain names that do contain DOT’s when the original request is blocked.
So What…?
Well, requests such as api.segment.io.mydomain.duckdns.org
would be passed to my local upstream DNS server. Since this server could not resolve that name, it is then passed to it’s (internet) upstream server. This server then replies with my public IP address (I assume since its mapped to mydomain.duckdns.org).
So a DNS requested to api.segment.io.mydomain.duckdns.org
returns my own public IP, where the requesting page/service then sends its request. Since my public IP would not respond to such requests, I assume this is what was causing the long pauses when loading certain web pages (waiting for these requests to timeout).
I first fixed this by addling the local directive to the DNSMASQ config for my local DNS server:
local=/mydomain.duckdns.org/
This prevents any queries for this domain that cannot be resolved locally from being forwarded to upstream servers.
After this, all those pages which had previously ‘paused’ on loading now loaded instantly. So effectively these domains were also blocked, however they would not appear in the ‘Blocked’ stats within AdGuard. To fix this issue, I added a simple custom filtering rule to AdGuard:
/^.*[\w-]+\.[\w-]+\.mydomain.duckdns.org/
This had two effects. Firstly I can easy see how many DNS requests are actually blocked, so the block stats are more realistic, and secondly its reduced my ‘Average Processing Time’ in Adguard down to 7ms.
I would be interested to see if anyone else sees this on their own network, and could explain a number of the threads I have seen relating to speed issues and ‘Web pages that load eventually…’, and would also recommend all who use this service to add a similar custom filtering rule to their own config.