starred/AdGuardHome
1
0
Fork 0
mirror of https://github.com/AdguardTeam/AdGuardHome.git synced 2026-03-04 00:01:12 -05:00
Code Issues 1.2k Projects Packages Wiki Activity

DNS rewrite of CNAME record does not follow upstream chain #2899

New issue
Open
opened 2026-03-04 02:36:32 -05:00 by deekerman · 6 comments
deekerman commented 2026-03-04 02:36:32 -05:00
Owner
Copy link

Originally created by @Freekers on GitHub (Jul 13, 2021).

I have a CNAME record on my domain set up as follows:
bob.domain.com --> alice.domain.com --> 123.123.123.123

I've setup Adguard to rewrite all DNS queries to alice.domain.com to 127.0.0.1, hence I expect bob.domain.com to resolve to 127.0.0.1 as well. However, bob.domain.com still resolves to 123.123.123.123

Is this intended behavior? I would expect bob.domain.com to resolve to 127.0.0.1 since it points to alice.domain.com, which has a DNS rewrite in place to 127.0.0.1

Thank you.

Running Adguard Home Version: v0.106.3 in Docker (tag: latest).

Originally created by @Freekers on GitHub (Jul 13, 2021). I have a CNAME record on my domain set up as follows: bob.domain.com --> alice.domain.com --> 123.123.123.123 I've setup Adguard to rewrite all DNS queries to alice.domain.com to 127.0.0.1, hence I expect bob.domain.com to resolve to 127.0.0.1 as well. However, bob.domain.com still resolves to 123.123.123.123 Is this intended behavior? I would expect bob.domain.com to resolve to 127.0.0.1 since it points to alice.domain.com, which has a DNS rewrite in place to 127.0.0.1 Thank you. ----- Running Adguard Home Version: v0.106.3 in Docker (tag: latest).
deekerman commented 2026-03-04 02:36:40 -05:00
Author
Owner
Copy link

@agneevX commented on GitHub (Jul 13, 2021):

Directly related to #3342, which I opened yesterday.

@agneevX commented on GitHub (Jul 13, 2021): Directly related to #3342, which I opened yesterday.
deekerman commented 2026-03-04 02:36:48 -05:00
Author
Owner
Copy link

@Freekers commented on GitHub (Jul 13, 2021):

I saw your issue indeed but wasn't sure if they were the same. Feel free to merge/close this one.

@Freekers commented on GitHub (Jul 13, 2021): I saw your issue indeed but wasn't sure if they were the same. Feel free to merge/close this one.
deekerman commented 2026-03-04 02:36:48 -05:00
Author
Owner
Copy link

@ainar-g commented on GitHub (Jul 13, 2021):

Hello, could you please add the following information:

  1. How did you add a CNAME record for bob.domain.com that leads to alice.domain.com: through the “Filters → DNS rewrites” form or using $dnsrewrite?
  2. Same with the rewrite of alice.domain.com to 127.0.0.1: did you use the form, $dnsrewrite, or /etc/hosts-style rules in custom rules?
  3. Can you configure AdGuard Home to collect more logs and post the logs related to queries for bob.domain.com and alice.domain.com here?

Thanks!

@ainar-g commented on GitHub (Jul 13, 2021): Hello, could you please add the following information: 1. How did you add a `CNAME` record for `bob.domain.com` that leads to `alice.domain.com`: through the “Filters → DNS rewrites” form or using [`$dnsrewrite`]? 2. Same with the rewrite of `alice.domain.com` to `127.0.0.1`: did you use the form, `$dnsrewrite`, or `/etc/hosts`-style rules in custom rules? 3. Can you [configure] AdGuard Home to collect more logs and post the logs related to queries for `bob.domain.com` and `alice.domain.com` here? Thanks! [`$dnsrewrite`]: https://github.com/AdguardTeam/AdGuardHome/wiki/Hosts-Blocklists#dnsrewrite [configure]: https://github.com/AdguardTeam/AdGuardHome/wiki/FAQ#verboselog
deekerman commented 2026-03-04 02:36:48 -05:00
Author
Owner
Copy link

@Freekers commented on GitHub (Jul 14, 2021):

Hi @ainar-g

  1. Since I own the domain domain.com, I added the CNAME record bob.domain.com that leads to alice.domain.com directly in the DNS of the domain itself (i.e. Cloudflare).

  2. I used the “Filters → DNS rewrites” to create a rewrite from alice.domain.com to 127.0.0.1

  3. I tried enabling verbose logging, but I cannot get it to work. I've enabled verbose logging as follows in the AdGuardHome.yaml

log_file: "/opt/adguardhome/work/log.txt"
verbose: true

It doesn't write anything. I created an empty log.txt file using touch, but AdGuard still does not log anything. AdGuard has permissions to write to the file.

Thanks!

@Freekers commented on GitHub (Jul 14, 2021): Hi @ainar-g 1. Since I own the domain `domain.com`, I added the CNAME record `bob.domain.com` that leads to `alice.domain.com` directly in the DNS of the domain itself (i.e. Cloudflare). 2. I used the “Filters → DNS rewrites” to create a rewrite from `alice.domain.com` to `127.0.0.1` 3. I tried enabling verbose logging, but I cannot get it to work. I've enabled verbose logging as follows in the `AdGuardHome.yaml` ``` log_file: "/opt/adguardhome/work/log.txt" verbose: true ``` It doesn't write anything. I created an empty log.txt file using touch, but AdGuard still does not log anything. AdGuard has permissions to write to the file. Thanks!
deekerman commented 2026-03-04 02:36:48 -05:00
Author
Owner
Copy link

@ainar-g commented on GitHub (Jul 23, 2021):

@Freekers Sorry for the delayed response. I'm not sure what is wrong with the log file not being written (perhaps the volume mounted as readonly?), but after some discussions with other developers it seems like such recursive CNAMEchecking is currently outside of the scope of AGH. There is some very basic recursion checking in the “DNS Rewrites” feature, so if you duplicate the bob.domain.com --> alice.domain.com CNAME there, it should work, but that is a temporary workaround, as these rewrites are about to be merged into the $dnsrewrite rules, see #2499.

This is a systematic issue of the current implementation of AGH, and I'm not sure if we can fix this in the current architecture. Perhaps we can return to this after the big refactorings that are coming in v0.108.0 and v0.109.0.

@ainar-g commented on GitHub (Jul 23, 2021): @Freekers Sorry for the delayed response. I'm not sure what is wrong with the log file not being written (perhaps the volume mounted as readonly?), but after some discussions with other developers it seems like such recursive `CNAME`checking is currently outside of the scope of AGH. There is some very basic recursion checking in the “DNS Rewrites” feature, so if you duplicate the `bob.domain.com --> alice.domain.com` `CNAME` there, it should work, but that is a temporary workaround, as these rewrites are about to be merged into the `$dnsrewrite` rules, see #2499. This is a systematic issue of the current implementation of AGH, and I'm not sure if we can fix this in the current architecture. Perhaps we can return to this after the big refactorings that are coming in v0.108.0 and v0.109.0.
deekerman commented 2026-03-04 02:36:48 -05:00
Author
Owner
Copy link

@Freekers commented on GitHub (Jul 25, 2021):

Thanks for the explanation, @ainar-g
No worries, now that I know it's a limitation and not a bug, I can live with that :)

@Freekers commented on GitHub (Jul 25, 2021): Thanks for the explanation, @ainar-g No worries, now that I know it's a limitation and not a bug, I can live with that :)
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
master
AGDNS-3523-upd-dnsproxy-middlewares
ADG-11407-add-docker-release
AGDNS-3535-upd-urlfilter
AGDNS-3684-fix-tls-status
beta-v0.107
release-v0.107.72
ADG-10306
beta-v0.108
ADG-10291
upd-url-filter
release-v0.107.71
release-v0.107.70
ADG-10301
ADG-8560-react-update
ADG-8560-graph-fix
release-v0.107.69
release-v0.107.68
release-v0.107.67
release-v0.107.66
ADG-10295
release-v0.107.65
release-v0.107.64
release-v0.107.63
release-v0.107.62
release-v0.107.61
release-v0.107.60
release-v0.107.59
release-v0.107.58
ADG-9783
ADG-1-utils-bundle-update
ADG-9415
release-v0.107.57
ADG-9565
release-v0.107.56
release-v0.107.55
release-v0.107.54
release-v0.107.53
infra-fix
upd-locales
release-v0.107.52
release-v0.107.51
AGDNS-2184-adguard-home
AG-32410-upd-dnsproxy
release-v0.107.50
release-v0.107.49
release-v0.107.48
release-v0.107.47
release-v0.107.46
release-v0.107.45
release-v0.107.44
release-v0.107.43
release-v0.107.42
6263-custom-ups-cache
release-v0.107.41
6399-fix-ups-check
release-v0.107.40
release-v0.107.39
release-v0.107.38
release-v0.107.37
6099-check-port-install
release-v0.107.36
release-v0.107.35
6006-refactor-client-lookup
release-v0.107.34
AG-23822
release-v0.107.33
3389-querylog-export
release-v0.107.32
fix-templates
release-v0.107.31
release-v0.107.30
5799-allowed-clients
5347-wildcard-interference
release-v0.107.29
AG-21485
release-v0.107.28
release-v0.107.27
release-v0.107.26
release-v0.107.25
release-v0.107.24
4728-cap-check
release-v0.107.23
release-v0.107.22
2499-rewrites-3
release-v0.107.21
release-v0.107.20
release-v0.107.19
4927-refactor-tls
release-v0.107.18
release-v0.107.17
release-v0.107.16
release-v0.107.15
websvc-confin-manager
release-v0.107.14
2926-lla-ipv6
4926-scroll
release-v0.107.13
release-v0.107.12
release-v0.107.11
release-v0.107.10
release-v0.107.9
WIP-upd-urls
release-v0.107.8
release-v0.107.7
release-v0.107.6
release-v0.107.5
release-v0.107.4
release-v0.107.3
release-v0.107.2
release-v0.107.1
release-v0.107.0
fix-stats-layout
beta-v0.106
release-v0.106.3
release-v0.106.2
release-v0.106.1
fix-client2-generator
dsheets-ipset-subs
fix-context
2044-gc
1691-clear-leases-v2
v0.107.72
v0.108.0-b.82
v0.108.0-b.81
v0.107.71
v0.108.0-b.80
v0.107.70
v0.108.0-b.79
v0.107.69
v0.108.0-b.78
v0.107.68
v0.108.0-b.77
v0.107.67
v0.108.0-b.76
v0.107.66
v0.108.0-b.75
v0.107.65
v0.108.0-b.74
v0.108.0-b.73
v0.107.64
v0.108.0-b.72
v0.107.63
v0.108.0-b.71
v0.107.62
v0.108.0-b.70
v0.108.0-b.69
v0.107.61
v0.108.0-b.68
v0.108.0-b.67
v0.107.60
v0.108.0-b.66
v0.107.59
v0.108.0-b.65
v0.107.58
v0.108.0-b.64
v0.107.57
v0.108.0-b.63
v0.107.56
v0.108.0-b.62
v0.107.55
v0.108.0-b.61
v0.108.0-b.60
v0.107.54
v0.108.0-b.59
v0.107.53
v0.108.0-b.58
v0.107.52
v0.108.0-b.57
v0.107.51
v0.108.0-b.56
v0.107.50
v0.107.49
v0.108.0-b.55
v0.107.48
v0.107.47
v0.107.46
v0.108.0-b.54
v0.107.45
v0.108.0-b.53
v0.107.44
v0.108.0-b.52
v0.107.43
v0.108.0-b.51
v0.107.42
v0.108.0-b.50
v0.108.0-b.49
v0.107.41
v0.107.40
v0.108.0-b.48
v0.108.0-b.47
v0.107.39
v0.108.0-b.46
v0.107.38
v0.108.0-b.45
v0.107.37
v0.108.0-b.44
v0.108.0-b.43
v0.107.36
v0.107.35
v0.108.0-b.42
v0.108.0-b.41
v0.107.34
v0.108.0-b.40
v0.108.0-b.39
v0.107.33
v0.108.0-b.38
v0.108.0-b.37
v0.107.32
v0.108.0-b.36
v0.107.31
v0.108.0-b.35
v0.107.30
v0.108.0-b.34
v0.107.29
v0.108.0-b.33
v0.107.28
v0.108.0-b.32
v0.107.27
v0.108.0-b.31
v0.108.0-b.30
v0.107.26
v0.108.0-b.29
v0.108.0-b.28
v0.107.25
v0.108.0-b.27
v0.107.24
v0.108.0-b.26
v0.107.23
v0.108.0-b.25
v0.107.22
v0.108.0-b.24
v0.107.21
v0.108.0-b.23
v0.107.20
v0.108.0-b.22
v0.107.19
v0.108.0-b.21
v0.107.18
v0.108.0-b.20
v0.107.17
v0.108.0-b.19
v0.108.0-b.18
v0.107.16
v0.108.0-b.17
v0.107.15
v0.108.0-b.16
v0.107.14
v0.108.0-b.15
v0.107.13
v0.108.0-b.14
v0.107.12
v0.108.0-b.13
v0.107.11
v0.108.0-b.12
v0.107.10
v0.108.0-b.11
v0.107.9
v0.108.0-b.10
v0.107.8
v0.107.7
v0.108.0-b.9
v0.108.0-b.8
v0.108.0-b.7
v0.108.0-b.6
v0.107.6
v0.108.0-b.5
v0.108.0-b.4
v0.107.5
v0.107.4
v0.108.0-b.3
v0.107.3
v0.108.0-b.2
v0.108.0-b.1
v0.107.2
v0.107.1
v0.107.0
v0.107.0-b.17
v0.107.0-b.16
v0.107.0-b.15
v0.107.0-b.14
v0.107.0-b.13
v0.107.0-b.12
v0.107.0-b.11
v0.107.0-b.10
v0.107.0-b.9
v0.107.0-b.8
v0.107.0-b.7
v0.107.0-b.6
v0.107.0-b.5
v0.107.0-b.4
v0.107.0-b.3
v0.107.0-b.2
v0.107.0-b.1
v0.106.3
v0.106.3-b.1
v0.106.2
v0.106.2-b.1
v0.106.1
v0.106.1-b.1
v0.106.0
v0.106.0-b.5
v0.106.0-b.4
v0.106.0-b.3
v0.106.0-b.2
v0.106.0-b.1
v0.105.2
v0.105.2-beta.1
v0.105.1
v0.105.1-beta.1
v0.105.0
v0.105.0-beta.5
v0.105.0-beta.4
v0.105.0-beta.3
v0.105.0-beta.2
v0.105.0-beta.1
v0.104.3
v0.104.2
v0.104.1
v0.104.0
v0.104.0-beta3
v0.104.0-beta2
v0.104.0-beta1
v0.103.3
v0.103.2
v0.103.1
v0.103.0
v0.103.0-beta3
v0.103.0-beta2
v0.103.0-beta1
v0.102.0
v0.101.0
v0.100.9
v0.100.8
v0.100.7
v0.100.6
v0.100.5
v0.100.4
v0.100.3
v0.100.2
v0.100.1
v0.100.0
v0.99.3
v0.99.2
v0.99.1
v0.99.0
v0.98.1
v0.98.0
v0.97.1
v0.97.0
v0.96-hotfix
v0.96
v0.95-hotfix
v0.95
v0.94
v0.93
v0.92-hotfix2
v0.92-hotfix1
v0.92
v0.91
v0.9-hotfix1
v0.9
v0.1
Labels
Clear labels   
P1: Critical

   
P2: High

   
P3: Medium

   
P4: Low

   
UI

   
bug

   
cannot reproduce

   
compatibility

   
dependencies

   
docker

   
documentation

   
duplicate

   
enhancement

   
enhancement

   
external libs

   
feature request

   
good first issue

   
help wanted

   
infrastructure

   
invalid

   
localization

   
needs investigation

   
performance

   
potential-duplicate

   
question

   
recurrent

   
research

   
snap

   
waiting for data

   
wontfix
No labels
P1: Critical
P2: High
P3: Medium
P4: Low
UI
bug
cannot reproduce
compatibility
dependencies
docker
documentation
duplicate
enhancement
enhancement
external libs
feature request
good first issue
help wanted
infrastructure
invalid
localization
needs investigation
performance
potential-duplicate
question
recurrent
research
snap
waiting for data
wontfix
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
starred/AdGuardHome#2899
No description provided.