Some AAAA lookups are not cached

[tescophil]

Have a question or an idea? Please search it on our forum to make sure it was not yet asked. If you cannot find what you had in mind, please submit it here.

Prerequisites

Please answer the following questions for yourself before submitting an issue. YOU MAY DELETE THE PREREQUISITES SECTION.

• I am running the latest version
• I checked the documentation and found no answer
• I checked to make sure that this issue has not already been filed

Issue Details

• Version of AdGuard Home server:
  v0.106.3
• How did you install AdGuard Home:
  GitHub release
• How did you setup DNS configuration:
  AdGuard IP assigned by router in DHCP lease
• If it's a router or IoT, please write device model:
  N/A
• CPU architecture:
  AMD64
• Operating system and version:
  Distributor ID: Debian
  Description: Debian GNU/Linux 11 (bullseye)
  Release: 11
  Codename: bullseye

Expected Behavior

I expect all AAAA DNS lookups to be cached

Actual Behavior

Many AAAA Lookups are not cached. If a AAAA lookup simply returns NOERROR with an empty response or a CNAME entry then it is not cached.

Screenshots

Screenshot:


Additional Information

Don't know if this is a bug or a feature, but I see no reason why these types of request/response should not be cached, unless someone can explain why ?

[ainar-g]

Possibly related to #3598.

Can you please provide an example of DNS query that shows this behaviour? E.g. an nslookup command or a dig?

Thanks.

[tescophil]

Hi,

So, example NSLookup for AAAA record:

phil@Desktop-PC:~$ nslookup -type=aaaa api.octopus.energy
Server:		192.168.100.10
Address:	192.168.100.10#53

Non-authoritative answer:
api.octopus.energy	canonical name = api-servers-514567876.eu-west-1.elb.amazonaws.com.

Hits AdGuard Home, and then do the same query another couple of times. In the AdGuard home log, I can see each query forwarded to an external DNS provider, and not retrived from the cache.

You can see in the response details that a TTL time of 1 hour is set, however the very next query goes out again to external DNS and does not use the cache

[ainar-g]

Thanks, we can reproduce this. We'll try to investigate what's causing this and what the correct behaviour is.

[EugeneOne1]

@tescophil, hello again. We've found and fixed a few gaps between the cache implementation and what RFC 2308 says. The latest build in the edge channel contains our solution so could you please install and check if it caches negative answers properly?

[tescophil]

@EugeneOne1 More than happy to give this a go...., I'm just running the standard build on Debian (no VM's etc), any tips on how to switch to this build ?

[EugeneOne1]

@tescophil, it depends on how did you install the AGH. To download and install the binary manually you may use one of these links from "Edge channel builds" sublist.

Also, you might want to consider creating a backup of data directory, if there is any important information.

[tescophil]

@EugeneOne1 I originally installed using the automated script on the git hub page:

curl -s -S -L https://raw.githubusercontent.com/AdguardTeam/AdGuardHome/master/scripts/install.sh | sh -s -- -v

I've taken a backup of the whole AdGuardHome directory, so is it safe just to then run:

curl -s -S -L https://raw.githubusercontent.com/AdguardTeam/AdGuardHome/master/scripts/install.sh | sh -s -- -c edge

... will this retain all my settings, or just replace it with a clean install ?

[EugeneOne1]

@tescophil, at the first glance, it should detect the existing install and fail. To reinstall the existing AGH you may use something like this:

curl -s -S -L https://raw.githubusercontent.com/AdguardTeam/AdGuardHome/master/scripts/install.sh | sh -s -- -r -c edge

This also purges all the settings, statistics and query logs since the whole AGH's directory is removed during the reinstall.

[tescophil]

@EugeneOne1 OK, well that's not ideal.., I have a lot of settings and options saved (not worried about logs/stats), no way to upgrade and retain the existing settings ? (or a simple way to put them back after the re-install..)

[EugeneOne1]

@tescophil, if you've made a backup of the entire AGH directory, it should be safe to reinstall it. All the configuration data is also stored inside the AGH's directory.

[tescophil]

@EugeneOne1, OK not kinda what I asked, but never mind..., so imagine I'm 7 and need a list of stuff to do that does not nuke my existing install..., something like:

1. Copy the AdGuardHome directory cp -r AdGuardHome AdGuardHomeStable
2. Reinstall the edge version, curl -s -S -L https://raw.githubusercontent.com/AdguardTeam/AdGuardHome/master/scripts/install.sh | sh -s -- -r -c edge
3. After the install is completed, stop the service ./AdguardHome/AdGuardHome -s stop
4. Replace the config cp ./AdGuardHomeStable/AdGuardHome.yaml ./AdGuardHome
5. Restart the service ./AdguardHome/AdGuardHome -s start

Not sure if this is all that needs to be done, as there is no (or I can't find) any documentation on how to do this.

[EugeneOne1]

@tescophil, looks correct.

[tescophil]

@EugeneOne1, Cool.., so got the new version installed and the previous AAAA queries that were not being cached now are, Hurray.

The only feedback I have is for when 'NOERROR' is the response code to the AAAA query, but there is no actual response, i.e. an IP address. In this case, instead of simply not displaying the response:

It would be useful if it could be more like this:

Where the IP would be replaced by something like 'AAAA:NULL', and the TTL time displayed. (as with the current implementation there is no way to see what the TTL time of the empty response is)

Like the Optimistic Caching option... ;-)

[EugeneOne1]

@tescophil, it seems, the query log actually doesn't consider the TTL values from these responses. We've filed an issue (#3773) about it so you may track the one for the actual state.

However, the original issue seems to be resolved so I'll close it for now. Thanks for testing.

[ClosedPort22]

It seems that this issue has returned in 0.107.3. I'm rolling back to 0.107.2 for the moment.

[EugeneOne1]

@ClosedPort22, could you please provide some examples of requests that aren't cached properly?

[ClosedPort22]

@EugeneOne1 Sure. This issue affects all NOERROR responses. Here are some examples:

• www.ipv6.awfulhak.org (AAAA only)
• duckduckgo.com (A only)
• login.microsoftonline.com (A only; CNAME records are present)

Note that the second A query was served from cache, whereas the AAAA query made its way to the upstream server.

Command output (only the second query is shown):

; <<>> DiG 9.16.24 <<>> duckduckgo.com A @192.168.2.2 duckduckgo.com AAAA @192.168.2.2
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 26646
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags: do; udp: 4096
;; QUESTION SECTION:
;duckduckgo.com.                        IN      A

;; ANSWER SECTION:
duckduckgo.com.         66      IN      A       20.43.161.105

;; Query time: 0 msec
;; SERVER: 192.168.2.2#53(192.168.2.2)
;; WHEN: Thu Feb 17 19:59:36 CST 2022
;; MSG SIZE  rcvd: 59

;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 34878
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags: do; udp: 4096
;; QUESTION SECTION:
;duckduckgo.com.                        IN      AAAA

;; AUTHORITY SECTION:
duckduckgo.com.         1016    IN      SOA     dns1.p05.nsone.net. hostmaster.nsone.net. 1644791193 7200 7200 1209600 14400

;; Query time: 37 msec
;; SERVER: 192.168.2.2#53(192.168.2.2)
;; WHEN: Thu Feb 17 19:59:36 CST 2022
;; MSG SIZE  rcvd: 108

The caching mechanism works perfectly in 0.107.2. AGH uses the TTL value of the SOA record to cache the response. I'm not sure why #3598 wasn't marked as resolved.

[EugeneOne1]

@ClosedPort22, sorry for the late response.

Note that the second A query was served from cache, whereas the AAAA query made its way to the upstream server.

So, aren't these requests marked as "(served from cache)" in the response details section of Query Log?

I'm not able to reproduce it on v0.107.3. Could you please collect a verbose log for us? You may either post it here or send it to [email protected]. Thanks.

[ClosedPort22]

@EugeneOne1 Thanks for the response. I reinstalled AGH after noticing strange errors in the log (version number not showing, etc.) and now everything's working normally. I suspect all this had been caused by a corrupted binary. Sorry for the inconvenience.

[bcseputetto]

在 0.107.38 这个问题依旧存在
The issue still exists in version 0.107.38.


AdGuardHome查询到A记录和AAAA记录，A记录除了cname还有一个IPv4地址，AAAA记录则只有cname(这可能不是发生该问题的标准，我发现一些无record 的NOERROR也会出现该问题)，它不会被缓存
AdGuardHome queries for A records and AAAA records. A records contain an IPv4 address in addition to the CNAME, while AAAA records only contain a CNAME (this may not be the standard for the issue, as I've noticed that some NOERROR responses with no records can also experience this problem), and they are not cached.

@ainar-g @EugeneOne1