query log incomplete

[Bugz000]

Prerequisites

• I have checked the Wiki and Discussions and found no answer

possibly related: #5434

• I have searched other issues and found no duplicates

• I want to report a bug and not ask a question or ask for help

• I have set up AdGuard Home correctly and configured clients to use it. (Use the Discussions for help with installing and configuring clients.)

Platform (OS and CPU architecture)

browsing from:
Windows, 32-bit Intel (aka 386)

adguard installed on:
debian container on proxmox

Installation

docker i think, it's been a few years

Setup

debian container on proxmox, DHCP is handled by AdGuard Home

AdGuard Home version

v0.107.35

Action

query log incomplete

i am having issues with services not loading, i have flushed dns multiple times, i have sat and loaded the service again and again while repeatedly refreshing the query log (SET TO ALL QUERIES) looking for anything that might be blocked, flush, restart application, refresh refresh refresh, service still does not load correctly, i have to manually go and find a list of domains to whitelist, i whitelist them and they suddenly appear on the query log as green/passed

same thing happens on various websites, to unblock github, i had to add

@@||github.com^

then the page still did not load, flush DNS clear cache, watch query log, it showed nothing relating to github whatsoever, i had to inspect the browser log to see what specifically was failing, githubassets.com - so i added this

@@||githubassets.com^

then user images were not loading, i flush dns, clear cache, watch query log, again, nothing github blocked, inspected, githubusercontent.com... manually added

@@||githubusercontent.com^

now it appears in the list as avatars.githubusercontent.com

it's very frustrating, why is the query log so incomplete, yet it DOES show some/many services as blocked, just seemingly the ones i need to unblock are not shown at all, it's like these entries are going to a different file that is not monitored or something, many services don't have a comprehensive list of domains to unblock, so i'm having to unblock all subdomains per domain for each service and hope that fixes it but even that doesn't work for some services, warthunder for instance i cannot get working i must disable adguard entirely for it to work because i cannot see what specifically is being blocked by adguard because the query log that should show what adguard is blocking is not showing everything that adguard is blocking...

upstream DNS are as follows:

8.8.8.8
8.8.4.4
1.1.1.1
1.0.0.1

set to parallel requests

windows DNS is set to automatic (dhcp) which issues the adguard dns server as the DNS server
everything else works fine, great infact, but the query log is a trainwreck and effectively useless
i've disabled all caching in adguard for good measure and cleared cache, flushed DNS, it should 100% be trying to resolve new addresses for the domains
i've removed githubusercontent.com from the allow list for testing
cannot resolve githubusercontent
cleared all cache, flushed dns, try browsing to it and ping, does not show in the query log, set to ALL QUERIES

ignored domains list:

d.joinhoney.com
events.gfe.nvidia.com
www.google-analytics.com
self.events.data.microsoft.com

logs are ENABLED

searching githubusercontent only shows the last successful resolves - despite failing to load before and after

[ainar-g]

Hello and thanks for the thorough report. The most likely reason is that your Windows machine isn't properly set up to only use AdGuard Home.

windows DNS is set to automatic (dhcp) which issues the adguard dns server as the DNS server

Are you sure that AGH's IP address hasn't changed since then? The best way to check would be through nslookup by performing these from the Windows machine:

nslookup -debug -type=a www.github.com.

and

nslookup -debug -type=a www.github.com. <AGH_IP_ADDRESS>

And see if there's any difference.

You could also enable the verbose log on your AGH to see if there are any clues there.

[Bugz000]

Hello and thanks for the thorough report. The most likely reason is that your Windows machine isn't properly set up to only use AdGuard Home.

it is set up correctly, ipconfig returns

Ethernet adapter Ethernet:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : HPE Ethernet 1Gb 2-port 361i Adapter
   Physical Address. . . . . . . . . : 38-EA-A7-A0-E6-C4
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::79f8:d7dd:d739:4683%18(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.2.168(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 192.168.2.254
   DHCPv6 IAID . . . . . . . . . . . : 104393383
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-2B-88-2E-17-38-EA-A7-A0-E6-C4
   DNS Servers . . . . . . . . . . . : 192.168.2.241
   NetBIOS over Tcpip. . . . . . . . : Disabled

2.241 being adguard home

Are you sure that AGH's IP address hasn't changed since then? The best way to check would be through nslookup by performing these from the Windows machine:

yes, it is dhcp but i've set lease to infinite for all devices so they never move; but let's do it anyway

nslookup -debug -type=a www.github.com.

C:\Users\bugzy>nslookup -debug -type=a githubusercontent.com
------------
Got answer:
    HEADER:
        opcode = QUERY, id = 1, rcode = NOERROR
        header flags:  response, want recursion, recursion avail.
        questions = 1,  answers = 2,  authority records = 0,  additional = 0

    QUESTIONS:
        241.2.168.192.in-addr.arpa, type = PTR, class = IN
    ANSWERS:
    ->  241.2.168.192.in-addr.arpa
        name = Adguard.co.uk
        ttl = 10 (10 secs)
    ->  241.2.168.192.in-addr.arpa
        name = Adguard
        ttl = 10 (10 secs)

------------
Server:  Adguard.co.uk
Address:  192.168.2.241

DNS request timed out.
    timeout was 2 seconds.
timeout (2 secs)
DNS request timed out.
    timeout was 2 seconds.
timeout (2 secs)
*** Request to Adguard.co.uk timed-out

nslookup -debug -type=a www.github.com. <AGH_IP_ADDRESS>

C:\Users\bugzy>nslookup -debug -type=a githubusercontent.com 192.168.2.241
------------
Got answer:
    HEADER:
        opcode = QUERY, id = 1, rcode = NOERROR
        header flags:  response, want recursion, recursion avail.
        questions = 1,  answers = 2,  authority records = 0,  additional = 0

    QUESTIONS:
        241.2.168.192.in-addr.arpa, type = PTR, class = IN
    ANSWERS:
    ->  241.2.168.192.in-addr.arpa
        name = Adguard.co.uk
        ttl = 10 (10 secs)
    ->  241.2.168.192.in-addr.arpa
        name = Adguard
        ttl = 10 (10 secs)

------------
Server:  Adguard.co.uk
Address:  192.168.2.241

DNS request timed out.
    timeout was 2 seconds.
timeout (2 secs)
DNS request timed out.
    timeout was 2 seconds.
timeout (2 secs)
*** Request to Adguard.co.uk timed-out

and for completeness;

C:\Users\bugzy>nslookup -debug -type=a google.com 192.168.2.241
------------
Got answer:
    HEADER:
        opcode = QUERY, id = 1, rcode = NOERROR
        header flags:  response, want recursion, recursion avail.
        questions = 1,  answers = 2,  authority records = 0,  additional = 0

    QUESTIONS:
        241.2.168.192.in-addr.arpa, type = PTR, class = IN
    ANSWERS:
    ->  241.2.168.192.in-addr.arpa
        name = Adguard.co.uk
        ttl = 10 (10 secs)
    ->  241.2.168.192.in-addr.arpa
        name = Adguard
        ttl = 10 (10 secs)

------------
Server:  Adguard.co.uk
Address:  192.168.2.241

------------
Got answer:
    HEADER:
        opcode = QUERY, id = 2, rcode = NOERROR
        header flags:  response, want recursion, recursion avail.
        questions = 1,  answers = 1,  authority records = 0,  additional = 0

    QUESTIONS:
        google.com, type = A, class = IN
    ANSWERS:
    ->  google.com
        internet address = 142.250.200.46
        ttl = 1 (1 sec)

------------
Non-authoritative answer:
Name:    google.com
Address:  142.250.200.46

i've enabled verbose logging - now it appears querying githubusercontent with nslookup results in this in the log

though i'm unsure if it did this before, trying to browse to githubusercontent (my profile image url specifically) still fails and still does not show in the log, cleared all cache and flushed dns

checking the adguard files in /var/log/ shows no entries, except when i rebooted earlier today

==> ./AdGuardHome.err <==
2023/08/01 11:12:02.213926 [info] dhcp: stored 32 leases in "/opt/AdGuardHome/data/leases.json"
[dhcpv4] 2023/08/01 11:12:07 Handling request from 0.0.0.0:68
2023/08/01 11:12:07.179423 [info] dhcp: stored 32 leases in "/opt/AdGuardHome/data/leases.json"
2023/08/01 11:12:07.825226 [info] Received signal "terminated"
2023/08/01 11:12:07.825260 [info] stopping AdGuard Home
2023/08/01 11:12:07.825274 [info] stopping http server...
2023/08/01 11:12:07.825474 [info] stopped http server
2023/08/01 11:12:07.851537 [info] dnsproxy: stopping dns proxy server
2023/08/01 11:12:07.851639 [info] dnsproxy: stopped dns proxy server
2023/08/01 11:12:07.860187 [info] service: action run has been done successfully on linux-systemd

==> ./AdGuardHome.out <==

nslookup or browsing doesn't seem to enter anything into these files
tailing the querylog.json files in /opt/AdGuardHome/data also seems to show no new entries on successful resolution or failed

where should i be looking

[ainar-g]

Please make sure that you've actually enabled verbose logging. It concerns the text log, not the query log, and should enable records with [debug] level showing more of what's going on.