starred/AdGuardHome

Fork 0

mirror of https://github.com/AdguardTeam/AdGuardHome.git synced 2026-03-04 00:01:12 -05:00

Ability to override all DNS record answer types with an interactive UI #4117

New issue

Open

opened 2026-03-04 04:47:19 -05:00 by deekerman · 9 comments

deekerman commented

2026-03-04 04:47:19 -05:00

Owner

Originally created by @ghost on GitHub (Dec 13, 2022).

Prerequisites

I have checked the Wiki and Discussions and found no answer
I have searched other issues and found no duplicates
I want to request a feature or enhancement and not ask a question

Description

What problem are you trying to solve?

For my use case, I am interested in adding HTTPS records to major websites who don't currently have their own, yet support either H2, H3, H3-29 or another variant of HTTP/3 or QUIC.

This would be useful for Firefox and Chromium based browsers as they now support HTTPS records for faster protocol negotiations.

For other use cases, I have considered the benefits and downsides quite heavily, and I came to the conclusion that other people may indeed benefit from this feature addition as there are no downsides to it that come to mind.

Proposed solution

Add an interactive UI (like Cloudflare has) to interact with DNS rewriting, including a dropdown menu of record types that is autocompleted via user input, and checks the record input against common formats, however if a user wishes to override the error that their record is invalid, this should be respected to account for quirky use cases.

Alternatives considered

I have previously used my own domain to use a CNAME to overwrite these sites and add HTTPS records, but as some change IPs quite often, this is too tedious.

Additional information

Screenshots for reference:

Originally created by @ghost on GitHub (Dec 13, 2022). ### Prerequisites - [X] I have checked the [Wiki](https://github.com/AdguardTeam/AdGuardHome/wiki) and [Discussions](https://github.com/AdguardTeam/AdGuardHome/discussions) and found no answer - [X] I have searched other issues and found no duplicates - [X] I want to request a feature or enhancement and not ask a question ### Description #### What problem are you trying to solve? For my use case, I am interested in adding HTTPS records to major websites who don't currently have their own, yet support either H2, H3, H3-29 or another variant of HTTP/3 or QUIC. This would be useful for Firefox and Chromium based browsers as they now support HTTPS records for faster protocol negotiations. For other use cases, I have considered the benefits and downsides quite heavily, and I came to the conclusion that other people may indeed benefit from this feature addition as there are no downsides to it that come to mind. #### Proposed solution Add an interactive UI (like Cloudflare has) to interact with DNS rewriting, including a dropdown menu of record types that is autocompleted via user input, and checks the record input against common formats, however if a user wishes to override the error that their record is invalid, this should be respected to account for quirky use cases. #### Alternatives considered I have previously used my own domain to use a CNAME to overwrite these sites and add HTTPS records, but as some change IPs quite often, this is too tedious. #### Additional information Screenshots for reference: ![Screenshot_20221213-084018](https://user-images.githubusercontent.com/49875377/207267895-40bd068a-a5b3-416d-967e-36823f9fd65f.jpg) ![Screenshot_20221213-084008](https://user-images.githubusercontent.com/49875377/207267906-6a1bdaec-d701-4e2e-b5db-682e133e2f75.jpg) ![Screenshot_20221213-083952](https://user-images.githubusercontent.com/49875377/207267909-039bd04b-5ed2-4f71-86c6-a976b4ede7b9.jpg) ![Screenshot_20221213-083938](https://user-images.githubusercontent.com/49875377/207267913-3c14824f-977f-4370-b595-393a77891479.jpg)

deekerman added the

feature request

label

2026-03-04 04:47:19 -05:00

deekerman commented

2026-03-04 04:47:22 -05:00

Author

Owner

@ainar-g commented on GitHub (Dec 13, 2022):

You can already do that right now with dnsrewrite filtering rules.

As for the UI, we've had thoughts about expanding the current Filters → DNS rewrites screen to add more types, but that is blocked on both #2499 and the v0.108 redesign and refactoring, so realistically it won't be a quick feature.

@ainar-g commented on GitHub (Dec 13, 2022): You can already do that right now with [`dnsrewrite`][1] filtering rules. As for the UI, we've had thoughts about expanding the current *Filters → DNS rewrites* screen to add more types, but that is blocked on both #2499 and the v0.108 redesign and refactoring, so realistically it won't be a quick feature. [1]: https://github.com/AdguardTeam/AdGuardHome/wiki/Hosts-Blocklists#dnsrewrite

deekerman commented

2026-03-04 04:47:25 -05:00

Author

Owner

@ghost commented on GitHub (Dec 13, 2022):

You can already do that right now with dnsrewrite filtering rules.

As for the UI, we've had thoughts about expanding the current Filters → DNS rewrites screen to add more types, but that is blocked on both #2499 and the v0.108 redesign and refactoring, so realistically it won't be a quick feature.

I apologize for my potential ignorance, but you can only rewrite A, AAAA and CNAME records currently via the UI, I have already tried this many times.

Unless there is another way to do so?

@ghost commented on GitHub (Dec 13, 2022): > You can already do that right now with [`dnsrewrite`](https://github.com/AdguardTeam/AdGuardHome/wiki/Hosts-Blocklists#dnsrewrite) filtering rules. > > As for the UI, we've had thoughts about expanding the current _Filters → DNS rewrites_ screen to add more types, but that is blocked on both #2499 and the v0.108 redesign and refactoring, so realistically it won't be a quick feature. I apologize for my potential ignorance, but you can only rewrite A, AAAA and CNAME records currently via the UI, I have already tried this many times. Unless there is another way to do so?

deekerman commented

2026-03-04 04:47:25 -05:00

Author

Owner

@ainar-g commented on GitHub (Dec 13, 2022):

Not via the UI, no, but using custom filtering rules. It's the first link in my previous message. There are examples for HTTPS records as well.

@ainar-g commented on GitHub (Dec 13, 2022): Not via the UI, no, but using custom filtering rules. It's the first link in my previous message. There are examples for `HTTPS` records as well.

deekerman commented

2026-03-04 04:47:25 -05:00

Author

Owner

@ghost commented on GitHub (Dec 13, 2022):

@ainar-g
I noticed a bug.

Using this rewrites EVERY record type.
See below:

This has rendered the domain inaccessible.

@ghost commented on GitHub (Dec 13, 2022): @ainar-g I noticed a bug. Using this rewrites EVERY record type. See below: ![Screenshot_20221213-135759](https://user-images.githubusercontent.com/49875377/207351539-5e11f01a-5c70-4cb7-b246-386b62f24d2d.jpg) This has rendered the domain inaccessible.

deekerman commented

2026-03-04 04:47:25 -05:00

Author

Owner

@ainar-g commented on GitHub (Dec 13, 2022):

That is because this is still a filtering rule, so it assumes that it must only respond to HTTPS queries, responding with NODATA to all others.

To limit the rule's action exclusively to HTTPS queries, you'll need to add the dnstype modifier:

||example.com^$dnsrewrite=NOERROR;HTTPS;32 example.com alpn=h3,dnstype=HTTPS

@ainar-g commented on GitHub (Dec 13, 2022): That is because this is still a filtering rule, so it assumes that it must only respond to `HTTPS` queries, responding with `NODATA` to all others. To limit the rule's action exclusively to `HTTPS` queries, you'll need to add the `dnstype` modifier: ```AdBlock ||example.com^$dnsrewrite=NOERROR;HTTPS;32 example.com alpn=h3,dnstype=HTTPS ```

deekerman commented

2026-03-04 04:47:25 -05:00

Author

Owner

@ghost commented on GitHub (Dec 13, 2022):

That is because this is still a filtering rule, so it assumes that it must only respond to HTTPS queries, responding with NODATA to all others.

To limit the rule's action exclusively to HTTPS queries, you'll need to add the dnstype modifier:
||example.com^$dnsrewrite=NOERROR;HTTPS;32 example.com alpn=h3,dnstype=HTTPS

@ainar-g

Forgive my ignorance, however I believe this result may be unintentional.

Essentially, for some reason, overwriting example.com also overwrites it's subdomains, even if the ^ parameter is not defined.

According to the filter rule documentation, subdomains will only be linked to a rule for a domain if the ^ parameter is applied (or if the rule itself is for the subdomain).

See below:

^ This is preventing the browser from automatically using HTTP/3.

@ghost commented on GitHub (Dec 13, 2022): > That is because this is still a filtering rule, so it assumes that it must only respond to `HTTPS` queries, responding with `NODATA` to all others. > > To limit the rule's action exclusively to `HTTPS` queries, you'll need to add the `dnstype` modifier: > > ``` > ||example.com^$dnsrewrite=NOERROR;HTTPS;32 example.com alpn=h3,dnstype=HTTPS > ``` @ainar-g Forgive my ignorance, however I believe this result may be unintentional. Essentially, for some reason, overwriting example.com also overwrites it's subdomains, even if the ^ parameter is not defined. According to the filter rule documentation, subdomains will only be linked to a rule for a domain if the ^ parameter is applied (or if the rule itself is for the subdomain). See below: ![Screenshot_20221213-145930](https://user-images.githubusercontent.com/49875377/207368118-df3eb1b5-5de4-4972-8bce-0c49c1dc5aff.jpg) ^ This is preventing the browser from automatically using HTTP/3.

deekerman commented

2026-03-04 04:47:25 -05:00

Author

Owner

@ainar-g commented on GitHub (Dec 13, 2022):

^ has nothing to do with the result here, as it's essentially just a separator. || is the part that matches all subdomains. If you want to match a domain exactly, use |.

@ainar-g commented on GitHub (Dec 13, 2022): `^` has nothing to do with the result here, as it's essentially just a separator. `||` is the part that matches all subdomains. If you want to match a domain exactly, use `|`.

deekerman commented

2026-03-04 04:47:25 -05:00

Author

Owner

@ghost commented on GitHub (Dec 15, 2022):

^ has nothing to do with the result here, as it's essentially just a separator. || is the part that matches all subdomains. If you want to match a domain exactly, use |.

Thank you for explaining this, it worked after I used the one '|', however, I was quite confused, as normally '^' is normally used to indicate a rule that matches subdomains.

Perhaps in future this formatting could be refactored to make rewrite rules differentiated but also consistent with standard filter rules?

I therefore would like to propose a format like so:

'|' = initiate a rewrite rule
'^' = match subdomains
'$' = specify parameters
'&' = placed between parameters to separate them (equivalent to whitespace)

Example:

|example.com^$dnsrewrite=NOERROR&HTTPS&32&example.com&alpn=h2&dnstype=HTTPS

@ghost commented on GitHub (Dec 15, 2022): > `^` has nothing to do with the result here, as it's essentially just a separator. `||` is the part that matches all subdomains. If you want to match a domain exactly, use `|`. Thank you for explaining this, it worked after I used the one '|', however, I was quite confused, as normally '^' is normally used to indicate a rule that matches subdomains. Perhaps in future this formatting could be refactored to make rewrite rules differentiated but also consistent with standard filter rules? I therefore would like to propose a format like so: '|' = initiate a rewrite rule '^' = match subdomains '$' = specify parameters '&' = placed between parameters to separate them (equivalent to whitespace) Example: ```|example.com^$dnsrewrite=NOERROR&HTTPS&32&example.com&alpn=h2&dnstype=HTTPS```

deekerman commented

2026-03-04 04:47:25 -05:00

Author

Owner

@ghost commented on GitHub (Jul 19, 2023):

Bump

@ghost commented on GitHub (Jul 19, 2023): Bump

No milestone

No project

No assignees

1 participant

Notifications

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

starred/AdGuardHome#4117

No description provided.

Rows
Columns