Invalid Domain Name Events in Windows Server DNS when Forwarded to AdGuardHome

[Daedelos]

Issue Details

• Version of AdGuard Home server:
  • v0.99.0
• How did you setup DNS configuration:
  • Windows Server 2016 Essentials DNS with Forwarder to AdGuardHome IP
• If it's a router or IoT, please write device model:
  • Raspberry Pi Zero (on 192.168.1.10)
• Operating system and version:
  • 2019-09-26-raspbian-buster-lite

Expected Behavior

No Invalid Domain Events (5504) created in Windows Server Event DNS Log

Actual Behavior

Every DNS request by a client generates two identical 5504 Events on Windows Server.

Event 5504:
"The DNS server encountered an invalid domain name in a packet from 192.168.1.10. The packet will be rejected. The event data contains the DNS packet."

Looking at the binary data of the event I can see the requested domain names in the event that match those in AdGuardHome's log.

If I change the Windows Server DNS Forwarder to 1.1.1.1 no 5504 events are produced.

[ameshkov]

To troubleshoot this issue we need to see AdGuard Home logs.

1. Configure AdGuard Home to collect logs:
   • Specify log_file
   • Set verbose to True
2. Restart AdGuard Home and reproduce the issue
3. Post the log file here.

We'll also need to see what's inside the corresponding windows event log records

[Daedelos]

5504 events.txt
mylog2.txt

[ameshkov]

@Daedelos could you please check one thing -- is there any change if you use plain DNS resolver (1.1.1.1) instead of Cloudflare DOH?

[Daedelos]

If I use a plain DNS resolver (1.1.1.1) the 5504 events are no longer created.

[ameshkov]

Thought so:)

The problem seems to be in the Cloudfare DOH resolver. It adds an EDNS padding extension to all DNS answers; apparently, the Windows server does not understand this extension.

I suggest you switch to a different resolver -- use tls://1.1.1.1 for instance.