mirror of
https://github.com/AdguardTeam/AdGuardHome.git
synced 2026-03-04 00:01:12 -05:00
No local DNS resolution & Froze UI when no internet connection #5156
Labels
No labels
P1: Critical
P2: High
P3: Medium
P4: Low
UI
bug
cannot reproduce
compatibility
dependencies
docker
documentation
duplicate
enhancement
enhancement
external libs
feature request
good first issue
help wanted
infrastructure
invalid
localization
needs investigation
performance
potential-duplicate
question
recurrent
research
snap
waiting for data
wontfix
No milestone
No project
No assignees
1 participant
Notifications
Due date
No due date set.
Dependencies
No dependencies set.
Reference
starred/AdGuardHome#5156
Loading…
Add table
Add a link
Reference in a new issue
No description provided.
Delete branch "%!s()"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
Originally created by @TheFou on GitHub (Apr 15, 2024).
Prerequisites
I have checked the Wiki and Discussions and found no answer
I have searched other issues and found no duplicates
I want to report a bug and not ask a question or ask for help
I have set up AdGuard Home correctly and configured clients to use it. (Use the Discussions for help with installing and configuring clients.)
Platform (OS and CPU architecture)
Darwin (aka macOS), ARM64
Installation
Docker
Setup
Other (please mention in the description)
AdGuard Home version
0.107.46
Action
Hi,
I had an internet connection failure today, probably some maintenance at my ISP.
While this happened, AGH behaved really erratically.
Let me explain :
My home mimics an enterprise setup, with an Active Directory, and DNS integrated zones.
AGH is set up as my main DNS on all clients, and is is set up to send all queries related to my local DNS to the domain controllers, while handling all internet DNS.
It always worked like a charm, for many years.
However, while disconnected today, it didn't handled anything anymore, not even the local domains.
I kept having "...i/o timeout" on every line in the log.
At first, it was behaving so buggy that I thought it was the culprit for my connection issues... I tried changing upstream DNS, and adding a failover, and each time I tried to apply the UI froze completely, without updating the settings.
Expected result
At least to forward local domains / PTR to the AD controllers
Actual result
See above.
Everything turned back to normal as soon as my connection came back up.
Additional information and/or screenshots
AGH v0.107.46 installed as a docker container on an Ubuntu 22.04.4 LTS
PFSense router.
Active Directory with DNS integrated zones (no forwarding), and DHCP handled by Domain Controllers.
@matth0727 commented on GitHub (Apr 15, 2024):
I can also confirm this is still an issue... All of my DNS Rewrites in AGH did not resolve when the Internet was out today.
I've reviewed a lot of these posts and it seems like the Author has a tough time re-producing the issue... the easiest way I've found is to just set the Upstream DNS Servers in AGH to something like 1.2.3.4 (not DNS resolvable) and this allows you to see that DNS Rewrites or internal look ups start to fail.
It seems like the only ones that work (somewhat) are the ones that are cached; which is easily tested by adding a new DNS Rewrite and the issue will continue, with the lookup failing to query AGH properly, while the "Internet is out".
While I know this doesn't resolve your issue @TheFou I hope it helps the author to dig a bit further and find a resolution to this for all of us.
@TheFou commented on GitHub (Apr 15, 2024):
I posted because it caused some chaos today, I rely heavily — maybe too much — on local DNS for all my different services UI, so it made it difficult to even diagnose the issue. I hope I don't have another outage anytime soon.
The thing that really bothered me is that I wasted a lot of time because, as some connections were still working (cached ones probably), my router was still showing WAN as up, and the UI behaved so buggy, I thought AGH was the culprit.
And of course I couldn't figure out anything wrong, as it was not.
Anyway, thanks for the details you added @matth0727, every little bit counts.
I'll try with a dummy address, to check how I could improve things on my network in case of outage.
To anyone in AdguardTeam : please tell us how we can help to resolve the issue, if you need specific logs or anything.
I didn't include any at this time as I didn't think to record them at the time, but if I can help with some tests, please tell me.
And thanks for your amazing work, I forgot in the first post 😉
Regards.
@TheFou commented on GitHub (Jun 29, 2024):
Hi,
Another outage yesterday... and still the same issue.
I see there has been no reaction to this issue so far.
Does anyone at AdGuard care ?
I can help for tests if needed, just ask.
@maretodoric commented on GitHub (Jul 9, 2024):
I can configure the same behavior on my end. It's quite annoying considering I have many other services running in LAN requiring DNS to work.
UDP connection to Adguard port 53 is working when testing via netcat.
But when I issue dig against it, it's timing out. And I've even set timeout to 60 seconds, no reply within the timeout.
@Taverius commented on GitHub (Jul 27, 2024):
Hit this today, wow its annoying. My whole network ground to a halt.
@Taverius commented on GitHub (Jul 27, 2024):
Further research shows multiple issues regarding this, and I found 2 solutions in #4317:
Disable safe browsing, either:
safebrowsing_enabledtofalsein the YAMLMake an allow rule for your LAN domain, for example:
@@||*.lan^$importantin the custom filtering rules.The reason is the timeout on the request to the AdGuard service is longer than the DNS timeout, so all non-cached, not explicitly allowed requests get timed out.
I wonder if it would be a good idea to add the allow rule thing to the configuration wiki where it talks about local domains, so we don't send our internal domain requests to the AG service for a useless check.
@Zerorigin commented on GitHub (Sep 5, 2024):
In some specific environments, AdGuard's service interfaces are blocked, which can also lead to this issue, so we need some alternate solutions to this problem.
@bfg100k commented on GitHub (Apr 2, 2025):
I too have this problem since implementing AGH 6 months ago. My Internet has been pretty stable (only a handful of times in the 6 months period and normally recovers within minutes) hence I wasn't bothered to investigate and fix this. However today the outage was a lot longer and I was severely inconvenienced as a result. In my settings, safe browsing was not enabled so I tried putting my local dnsmasq (which provides local DHCP and hostname resolution anyway) as fallback DNS and it works! I figured I should mention it here so others may benefit from yet another alternative solution.
@bvandevliet commented on GitHub (Apr 6, 2025):
Why was #2657 ever closed anyway..? AGH team should really look into this. I would say it's quite a critical bug and can't be ignored! If it will never be fixed, I'd like to know too, then I'll start looking for alternatives to ADH.
@RonaldJerez commented on GitHub (Apr 6, 2025):
This worked for me!
I had the same issue during an outage, setting this filter for my local domains fixed it. This should be in the documentation.
@TheFou commented on GitHub (Jun 7, 2025):
This worked fine for me every time my connection went down... until today.
The difference being that this time, the router was down. When it came back up, everything started to work again.
This issue should really be investigated, it's a really high priority one, and it hasn't even been reviewed !
Any way to gain some attention from the AGH devs ?
@maretodoric commented on GitHub (Jun 10, 2025):
Yeah, that rule doesn't work for me at all. I always get issues when the internet is down. Terrible.
@RonaldJerez commented on GitHub (Jun 10, 2025):
Did you update the “lan” portion to match your local tld?
@maretodoric commented on GitHub (Jun 11, 2025):
"lan" is my local tld in this case so no need to update
@norgan commented on GitHub (Jul 3, 2025):
This is still outstanding?? such a simple feature, a forwarding DNS server should serve from local cache of upstream servers are not contactable.
@mjabaay commented on GitHub (Oct 12, 2025):
Can confirm this is not resolved and the fixes proposed do not work.
@GentleHoneyLover commented on GitHub (Oct 28, 2025):
I had to go ahead and setup an unbound instance as an upstream dns for AGH to work around this issue. Nobody should be needing to do this, though, if they want to use an external upstream dns and have local resolution working regardless of WAN being down...
A lot of homelabbers and self-hosters use AGH for local DNS resolution and it seems such a no-brainer use case...
@norgan commented on GitHub (Nov 19, 2025):
This is what I have done.
This means adguard always has that last dns server to get a response from, even if it isn't looking up rea records, and the adguard home servers continue to work.
@TheFou commented on GitHub (Nov 30, 2025):
Hi,
After more than 1.5 year without even a review, I'm gonna ping @ainar-g and @EugeneOne1
Sorry for bothering you, but I see feature requests being filled milestone after milestone, while such a critical bug doesn't get any attention...
Can you guys, or anybody else on the team, check this out please ?
As previously stated, I'm available to help on the issue if needed.
Regards.
@bukizzz commented on GitHub (Dec 5, 2025):
ISP did maintenance last night, can't recover Adguard this morning.
Guys, this is unacceptable. I can't take time out of my day randomly just to fix adguard every time ISP cuts internet for a second. All of this should just work otherwise what's the point of this software?
This problem goes back years too...
To clarify Adguard does not recover after internet recovers. It will serve requests to any external website but always bricks the local rewrites. This happened many times so far but I only just found out its related to internet cutouts because it was scheduled maintenance last night.
@bobloadmire commented on GitHub (Dec 10, 2025):
oh man, i've been wrestling with this all day. all of my dns rewrites to nginx proxy manager stopped working when the internet goes down, sending me on a goose chase. any updates to this?
@bobloadmire commented on GitHub (Dec 10, 2025):
Ok I made progress on my end, none of the suggestions in this thread helped, internet down, still all of my local rewrites failed. However, disabling TLS DNS servers and switching to plain fixed my problem. My upstreams now are this:
#tls://one.one.one.one
#tls://dns.google
1.1.1.1
8.8.4.4
[/lan/]192.168.0.1
and this config works when the internet is down. Uncommenting the TLS servers, all local rewrites no longer resolve.
@norgan commented on GitHub (Dec 10, 2025):
I would suggest using the fallback for this, not the upstream. Try putting an ip into that field. This is how I solved this, well worked around it. I put unbound DNS on port 5353 on my firewall and point my adguard home instances to it as a fallback.
[cid:09dbef1e-d705-4eeb-83f5-9871e70ab440]
From: bobloadmire @.>
Sent: Thursday, 11 December 2025 11:45 AM
To: AdguardTeam/AdGuardHome @.>
Cc: Nathan Organ @.>; Comment @.>
Subject: Re: [AdguardTeam/AdGuardHome] No local DNS resolution & Froze UI when no internet connection (Issue #6920)
[https://avatars.githubusercontent.com/u/4238740?s=20&v=4]bobloadmire left a comment (AdguardTeam/AdGuardHome#6920)https://github.com/AdguardTeam/AdGuardHome/issues/6920#issuecomment-3639543909
Ok I made progress on my end, none of the suggestions in this thread helped, internet down, still all of my local rewrites failed. However, disabling TLS DNS servers and switching to plain fixed my problem. My upstreams now are this:
#tls://one.one.one.one
#tls://dns.google
1.1.1.1
8.8.4.4
[/lan/]192.168.0.1
and this config works when the internet is down. Uncommenting the TLS servers, all local rewrites no longer resolve.
—
Reply to this email directly, view it on GitHubhttps://github.com/AdguardTeam/AdGuardHome/issues/6920#issuecomment-3639543909, or unsubscribehttps://github.com/notifications/unsubscribe-auth/AAIJYKOB6LFZKDLKLOYINJL4BC5CZAVCNFSM6AAAAAB2LDAB4CVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZTMMZZGU2DGOJQHE.
You are receiving this because you commented.Message ID: @.***>
@mjabaay commented on GitHub (Dec 10, 2025):
Technitium works offline, I setup unbound, a different DHCP service with
actual options to specify.
Removing adguard fixed all of my issues and preserved TLS function.
On Wed, Dec 10, 2025, 20:48 Norgan @.***> wrote: