DNS Rewrites: support wildcard domain name exceptions

[nomandera]

Problem Description

Version of AdGuard Home server: Docker container version 0.101.0

DNS Rewrites: support wildcard domain name was added in Dec 2019 and works perfectly. However it would be useful if exceptions could be made.

Often you will want to rewrite all subdomains except for a small number. e.g. you self host a number of subdomains but a couple of exceptions such as mail are hosted elsewhere on the internet.

Proposed Solution

Allow named specific exceptions to be ignored from wildcard DNS Rewrites.
One other related scenario covered here #922 (comment)

Alternatives Considered

None

Additional Information

c553796 added DNS Rewrites: support wildcard domain name

[ameshkov]

Hm, you can add a rewrite for that subdomain that rewrites it to itself.

Smth like:
*.example.org -> example.com
test.example.org -> test.example.org

[nomandera]

OK I have tried and cannot make this work.

First I created test.example.org DNS CNAME on the internet (using my own domain name) and confirmed it resolved to a public IP.

Then in Adguard #dns_rewrites I created in order:

• *.example.org -> local LAN IP
• test.example.org -> test.example.org

This resulted in test.example.org being incorrectly resolved as the local LAN IP.

I then deleted the Adguard #dns_rewrites and created them again in reverse order

• test.example.org -> test.example.org
• *.example.org -> local LAN IP

This also resulted in test.example.org being incorrectly resolved as the local LAN IP.

I then deleted the Adguard #dns_rewrites and created just one

• test.example.org -> test.example.org

This resulted in test.example.org being correctly resolved as the public.

There seems to be no combination that allows for wildcard domain name exceptions currently.

[szolin]

@anoma Thank you for the precise description of the problem!
We don't support the exceptions in DNS rewrites currently.

name.domain -> CNAME
*.domain -> IP

In this case we always use IP from *.domain because there's no IP for name.domain.
We can make an exception for the same names, e.g. name.domain -> name.domain will no longer search for A/AAAA from the wildcard entry.

[nomandera]

We can make an exception for the same names, e.g. name.domain -> name.domain will no longer search for A/AAAA from the wildcard entry.

This seems like a very slick solution. I will keep an eye out for the change and will report back after testing.

Very much appreciated.

[ameshkov]

@szolin Additionally, we should provide a way to resolve issues like this one: #1569

For instance, we could allow adding two rewrites like this:

netflix.com -> ::
netflix.com -> netflix.com

The first one would work for AAAA, the second one will cover other request types.

[FrancYescO]

Hello is there a way to exclude sub-subdomains from the wildcard? basically in this example, i don't want that 1.1.1.1 is an IP for this domain

[nomandera]

Just a final comment to confirm that this now works in AdGuard Home v0.103.1 and to say a big thanks for implementing this feature which has greatly simplified my setup.