Document the public vs. private PTR upstreams better

[Haraguroicha]

Have a question or an idea? Please search it on our forum to make sure it was not yet asked. If you cannot find what you had in mind, please submit it here.

Prerequisites

Please answer the following questions for yourself before submitting an issue. YOU MAY DELETE THE PREREQUISITES SECTION.

• I am running the latest version
• I checked the documentation and found no answer
• I checked to make sure that this issue has not already been filed

Issue Details

• Version of AdGuard Home server:
  • v0.106.3
  • v0.107.0-a.82+dbe8b92d
  • v0.107.0-a.95+e113b276
• How did you install AdGuard Home:
  • Docker
• How did you setup DNS configuration:
  • Router
• If it's a router or IoT, please write device model:
• CPU architecture:
  • amd64
• Operating system and version:
  • Ubuntu 20.04

Expected Behavior

resolve IPv6 PTR as well by setting rDNS as following into private reverse dns servers

[/ip6.arpa/]10.121.55.228

and all ip6.arpa address will forwarded to 10.121.55.228

Actual Behavior

resolve address as empty by return SERVFAIL, but if put the config into upstream dns servers, not private reverse dns servers, it expected correct response

Screenshots

Screenshot:

Additional Information

[ainar-g]

Good day! We cannot reproduce this issue. Is the issue only with private networks or with both private and public ones? Because the upstreams that you set in the “Private reverse DNS servers” section are only used for private IP addresses, such as 192.168.12.34 and fe80::1234. If you want all PTR queries to be sent to that upstream, you need to add the upstream to the main “Upstream DNS servers” input as well.

[Haraguroicha]

Sorry for my mis-configuration again! I think I am occurred a little keywords confusing between "Private reverse DNS servers" and "private IP address" in this case, that problem is always need to check by user for configured range of IP address or PTR domain are suitable or not for "Private reverse DNS servers" since v0.106 separate "Private reverse DNS servers" from "Upstream DNS servers"

Following are my suggestions:

• Change section name to "Private address reverse DNS servers" for clarify that section is only suitable for IP addresses which range in IPv4 private area and IPv6 private area
• OR Just let it input all of "Reverse DNS servers" w/o separate private area or public area
• OR Add "Private reverse DNS servers" validation for only allow input for following regex allow-list (I've checked the range of 169.254.0.0/16 and fe80::/10 are not suitable for private area, because that is link-local address)
  • (.+\.)?10\.in-addr\.arpa$ for 10.0.0.0/8
  • (.+\.)?(1[6-9]|2[0-9]|3[01])\.172\.in-addr\.arpa$ for 172.16.0.0/12
  • (.+\.)?168\.192\.in-addr\.arpa$ for 192.168.0.0/16
  • (.+\.)?([cd])\.f\.ip6\.arpa$ for fc00::/7 which defined in RFC4193

[ainar-g]

Yes, the initial labels and documentation were a bit confusing. We've improved them a bit in v0.107.0, but I think we need to explicitly state that if someone wants to set an upstream for all rDNS queries, they should fill both fields.

The idea with the validation is interesting, and we will consider it, thanks!

[ainar-g]

@Haraguroicha, we've completely rewritten the upstream section in our docs, and I've also filed #3381, an issue about validating private upstreams against a set of known networks. I think that that is all for this issue for now?

[Haraguroicha]

@ainar-g yes, it is, i'm excited for that validating function can improve that user experience for config rDNS upstreams

also, document is clearly described the scenario and well example for everyone

I think this issue can close, and I will follow #3381 for additional progress