"*.lan" filter in DNS-Settings->Disallowed domains blocking lookups for FQDN beginning with www.lan* and causing a dig connection timeout

[MichaelS75]

Prerequisites

• I have checked the Wiki and Discussions and found no answer

• I have searched other issues and found no duplicates

• I want to report a bug and not ask a question or ask for help

• I have set up AdGuard Home correctly and configured clients to use it. (Use the Discussions for help with installing and configuring clients.)

Platform (OS and CPU architecture)

Linux, ARMv7

Installation

GitHub releases or script from README

Setup

On one machine

AdGuard Home version

v0.107.43

Action

dig "www.landsend.de" A

Expected result

dig "www.landsend.de" A

; <<>> DiG 9.10.6 <<>> www.landsend.de A
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 59647
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.landsend.de.		IN	A

;; ANSWER SECTION:
www.landsend.de.	300	IN	CNAME	www.landsend.de.cdn.cloudflare.net.
www.landsend.de.cdn.cloudflare.net. 300	IN A	104.17.27.191
www.landsend.de.cdn.cloudflare.net. 300	IN A	104.17.28.191

;; Query time: 113 msec
;; SERVER: 192.168.25.6#53(192.168.25.6)
;; WHEN: Wed Jan 03 11:54:29 CET 2024
;; MSG SIZE  rcvd: 124

Actual result

dig "www.landsend.de" A

; <<>> DiG 9.10.6 <<>> www.landsend.de A
;; global options: +cmd
;; connection timed out; no servers could be reached

Additional information and/or screenshots

I use the default filter rules for local domains in DNS-Settings -> Disallowed domains (german: Nicht zugelassene Domains) with the following config:

version.bind
id.server
hostname.bind
*.localdomain
*.local
*.lan

But this is blocking i.e www.landsend.de in my case, too.
Additionaly AdGuard Home is not responding at all to the query: DIG connection timeout!

It took me a while to figure this out because the verbose log said the domain is in the block list. And the check filter tool said it's not.
2024/01/03 11:24:48.603433 3224#8621 [debug] access: request A www.landsend.de is in access blocklist

Even the custom rule "@@||www.landsend.de^$important" does not override the behavior.

Hope this helps the development team.
Happy new year to everybody and keep up the great work! Thanks

[fernvenue]

That's expected behavior, you may need ||lan^ instead.

[MichaelS75]

Thanks for the hint. That worked for me.

But in this case the "check filter tool" should take it into account by saying i.e "Blocked by DNS Settings".
That might reduce confusion and one can find errors in the filter rules much faster...