Client ID does not work in DoT and DoQ

[ZeroClover]

Prerequisites

• I am running the latest version
• I checked the documentation and found no answer
• I checked to make sure that this issue has not already been filed

Issue Details

• Version of AdGuard Home server:
  v0.108.0-b.10
• How did you install AdGuard Home:
  GitHub Release
• How did you setup DNS configuration:
  Dedicated server
• If it's a router or IoT, please write device model:
  Dedicated server
• CPU architecture:
  AMD64
• Operating system and version:
  Debian 11

Expected Behavior

When requesting DNS via tls://<client-id>.domain.tld and quic://<client-id>.domain.tld, AdGuard Home should be able to correctly identify the Client ID and display it in the statistics.

Actual Behavior

The statistics do not show the Client ID, but only the IP address of the requesting party. Only DoH (https://domain.tld/dns-query/<client-id>) can be correctly counted as Client ID.

AdGuard Home has a wildcard certificate containing SAN *.domain.tld and has properly added wildcard DNS resolution.

The Server Name in the encryption settings has been left blank.

Tests performed using dnslookup as a client.

Screenshots

Screenshot:

[ainar-g]

Hello.

The Server Name in the encryption settings has been left blank.

This is the mistake. AdGuard Home uses the data from that field to separate the ClientIDs from the rest of the ClientHello TLS message.

We should probably mention that both in the UI as well as in the Wiki.

[ZeroClover]

Sorry, it's my bad. I misunderstood the meaning of the prompt.

The Server Name field prompts that leaving it blank will accept incoming TLS connections for any domains, which I thought I needed to leave blank in order for the wildcard domain to work properly.

Should I keep this issue open?

[ainar-g]

Yes, we'll close it once the UI and the docs are updated.