AdGuardDNS/doc/debugdns.md

AdGuard DNS query debugging API

You can debug AdGuard DNS queries by performing a query with the CHAOS class:

dig CH A 'example.com' @dns.adguard-dns.com

An example of the reply from AdGuard DNS:

;; Warning: Message parser reports malformed message packet.

; <<>> DiG 9.10.6 <<>> @127.0.0.1 -p 8182 example.com CH
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 40344
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 3

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags: do; udp: 4096
;; QUESTION SECTION:
;example.com.			CH	A

;; ANSWER SECTION:
example.com.		17597	IN	A	93.184.216.34

;; ADDITIONAL SECTION:
client-ip.adguard-dns.com. 10	CH	TXT	"127.0.0.1"
server-ip.adguard-dns.com. 10	CH	TXT	"94.140.14.14"
resp.res-type.adguard-dns.com. 10 CH TXT	"normal"

;; Query time: 26 msec
;; SERVER: dns.adguard-dns.com#53(127.0.0.1)
;; WHEN: Wed Oct 27 16:54:47 MSK 2021
;; MSG SIZE  rcvd: 166

In the ANSWER SECTION, the usual IN reply is returned.

In the ADDITIONAL SECTION, the following debug information is returned:

• client-ip: The IP address of the client. The full name is client-ip.adguard-dns.com.

  Example:

  client-ip.adguard-dns.com. 10	CH	TXT	"127.0.0.1"
  

• server-ip: The IP address of the server. The full name is server-ip.adguard-dns.com.

  Example:

  server-ip.adguard-dns.com. 10	CH	TXT	"127.0.0.1"
  

• device-id: The ID of the device as detected by the server, if any. The full name is device-id.adguard-dns.com.

  Example:

  device-id.adguard-dns.com. 10	CH	TXT	"dev1234"
  

• profile-id: The ID of the profile (aka “DNS server” on the UI) of the AdGuard DNS server. The full name is profile-id.adguard-dns.com.

  Example:

  profile-id.adguard-dns.com. 10	CH	TXT	"prof1234"
  

• country: User's country code. The full name is country.adguard-dns.com.

  Example:

  country.adguard-dns.com.	10 CH	TXT	"CY"
  

• asn: User's autonomous system number (ASN). The full name is asn.adguard-dns.com.

  Example:

  asn.adguard-dns.com.	10 CH	TXT	"1234"
  

• subdivision: User's location subdivision code. This field could be empty even if user's country code is present. The full name is subdivision.adguard-dns.com.

  Example:

  country.adguard-dns.com.	10 CH	TXT	"US"
  subdivision.adguard-dns.com. 10 CH	TXT	"CA"
  

The following debug records can have one of two prefixes: req or resp. The prefix depends on whether the filtering was applied to the request or the response.

• res-type: The type of response. The full name is (req|resp).res-type.adguard-dns.com. Can be the following types:

  • normal: The request or response was not filtered.

  • blocked: The request or response was blocked by a filter list or parental protection.

  • allowed: The request or response was allowed by an exception rule.

  • modified: The query has been rewritten by a rewrite rule or parental protection.

  Example:

  req.res-type.adguard-dns.com. 10 CH	TXT	"blocked"
  

• rule: The rule that was applied to the query. The full name is (req|resp).rule.adguard-dns.com. Rules that are longer than 255 bytes are split into several consecutive strings.

  Example:

  Rule shorter than 255 bytes:

  req.rule.adguard-dns.com.	10 CH	TXT	"||example.com^"
  

  Rule longer than 255 bytes:

  req.rule.adguard-dns.com. 0 CH TXT "||heregoesthefirstpartoftherule"
  "heregoesthesecondpartoftherule"
  

• rule-list-id: The ID of the rule list that was applied, if any. The full name is (req|resp).rule-list-id.adguard-dns.com.

  Example:

  req.rule-list-id.adguard-dns.com.	10 CH	TXT	"adguard_dns_filter"
  

The TTL of these responses is taken from parameter filters.response_ttl in the configuration file.