Dnsmasq, adblocking and Chrome

Doing my own, vanilla adblocking with dnsmasq, having in /etc/dnsmasq.conf
...
no-poll
servers-file=/tmp/ad_servers
no-resolv
server=127.0.0.1#5053 !https-dns-proxy, referring to 9.9.9.10
...

I noticed some strange behaviour, when using Chrome (NOT applicable to Firefox) on my Win10 client.
It looks like Chrome somehow automatically switches DNS-UDP to DNS-TCP after short period of time, and stays there.

nft list ruleset | grep 53
tcp dport 53 counter packets 11437 bytes 594724 redirect to :53 comment ...
udp dport 53 counter packets 18547 bytes 1234864 redirect to :53 comment ...

or running
tcpdump tcp port 53 -X #Shows lot of traffic

This slows down name resolution, because of forking dnsmasq childs and more intensive network activities.
I saw "child processes for TCP requests: in use 0, highest since last SIGUSR1 20, max allowed 20." in dnsmasq.log

Can this behaviour be confirmed on other installs ?

(Note: I have upstream connection via SOCKS5 to German VPS, which might cause slow DNS resolution or some packet loss.)

Issue mentioned above seems to be the consequence of a new feature of Chrome: Using its own, integrated dns-client, instead of relying on the OS provided one.. Which can not be disabled, in recent Chrome versions. And this integrated dns-client does something called “supervise UDP-entropy”. Which checks the entropy of used UDP-ports. If considered to be too low, switch to TCP. And on my Win 10 (and on Win 11, too, I guess), this check hits. Thus, either to drop Chrome, or to live with it. BUT then, max no. of parallel TCP conns for dnsmasq to be increased, i.e. “max-tcp-connections=30”, cause I see in my logs:

Apr 15 03:00:00 dnsmasq[15177]: child processes for TCP requests: in use 0, highest since last SIGUSR1 23, max allowed 30.