Cannot configure to only respond to queries from localhost

[KilometerM]

Issue Details

• Version of AdGuard Home server:
  • v0.104.3
• How did you install AdGuard Home:
  • Github releases
• How did you setup DNS configuration:
  • System
• If it's a router or IoT, please write device model:
  • MacBook Air
• Operating system and version:
  • macOS Big Sur 11.1

Expected Behavior

While waiting for the DNS module to arrive in AdGuard for Mac, I decided to install AdGuard Home locally to filter and encrypt DNS while away from home. During initial setup, I selected the loopback interface for both the interface and DNS. In both cases it was indicated that the interface and DNS would be accessible only at 127.0.0.1.

I would expect AGH's interface to only be accessible from localhost and to only respond to DNS queries from localhost (127.0.0.1) since only the loopback interface was selected.

Actual Behavior

AGH responds to DNS queries from other devices on the lan even though only the loopback interface was selected during installation. The interface correctly appears to only be accessible from the local system and not from other devices.

Screenshots

Screenshot:

Additional Information

I have long used dnscrypt-proxy locally in this fashion. When configured to listen to 127.0.0.1 it only responds to queries from localhost and not from external devices from the network. Only if you configure it to listen on 0.0.0.0 or the IP address of an interface (i.e. 192.168.x.x) will it respond to queries from other devices. I expected it to be similar with AdGuard Home.

[ameshkov]

Just in case, you could configure it to drop queries from other IP addresses: settings -> DNS settings -> access settings.

Other than that, looks like a golang (or maybe macOS) issue. @ainar-g have you heard anything like that?

[KilometerM]

Thank you. I forgot about the access settings.

While testing this, I restarted AGH at one point and it correctly only responded to queries from localhost and not other network clients for about 3-4 minutes. Then it randomly started responding to external LAN clients once again.

[ainar-g]

@ameshkov, I haven't been able to reproduce that on my Linux machine, neither with AdGuardHome nor with a simple Go program. A thorougher investigation will require some time. I propose to move this to v0.106.0.

[ameshkov]

This is marked as a question, not a bug. I suppose this might be a Golang issue specific to macOS. If some of us has free time later, we could look into it.

[KilometerM]

I can confirm that this seems specific to the macOS version (or at least it doesn't affect Linux). I configured AdGuard Home on a raspberry pi using the same configuration and it did not exhibit this behavior. It only responded to queries from localhost and not from outside clients on the LAN.