An important PSA for everyone using the https_dns_proxy package!
Aaron Drew, the maintainer for the original package has recently accepted the pull request to support RFC8484 resolvers and retire support for the outdated JSON API resolvers. That resulted in no longer compatible resolver urls (and no longer compatible OpenWrt config files). To avoid broken DNS resolution, the decision was made to rename the OpenWrt package from https_dns_proxy to https-dns-proxy which would use a different config file now (/etc/config/https-dns-proxy).
That also resulted in a significantly larger number of supported resolvers and the luci app (Web UI) lists the ones I've tried. Adding new resolvers to Web UI is easy and requires no changes of the code, as resolvers are pluggable (thanks to @feckert for the suggestion).
Both the https-dns-proxy and luci-app-https-dns-proxy have been merged in master, 19.07 and 18.06 trees and should be available as packages shortly.
Last but not least, existing Web UI translations have been preserved despite the package name change (thanks @hnyman), but there are many new resources, so I'd like to ask all the translators to update their translations!
Is than an option? It looks like the opkg is directly dependent on libcurl4, which is in turn dependent on libwolfssl4.7.0.66253b90. I'm not sure there's any way to force libcurl4 to use openssl, is there?
Oh, you're right, I've noticed that libwolfssl is installed on my router, most likely due to dependency. But I also have the libopenssl and libustream-openssl installed, and never had any issues. Can you try the same and post back?
I've updated the WebUI to properly process HTTP/2-only resolvers (with version 2021-07-29-1). On most OpenWrt installs, curl doesn't support HTTP/2 (yet) so there would be no big changes.
If you have a custom libcurl build or custom OpenWrt build with HTTP/2 support in libcurl, I'd appreciate testing. You will then see extra HTTP/2-only resolvers in the list.
The WebUI shows the instances sorted by the instance ID (not by any of the instance options). If you have manually changed the port number of the first instance to be higher than that of the second instance, that's how things will be shown.
If you had just checked the README and omitted the port numbers they would be assigned from lower to higher.
No, I mean on the contrary, I don't want / don't care about ipv6 replies, but still getting them.
Where that use_ipv6_resolvers_only setting should go?
Tried adding to /etc/config/https-dns-proxy option use_ipv6_resolvers_only '0' option use_ipv4_resolvers_only '1'
but that didn't change anything.
By default, the PROCD script still starts the instances with the -4 parameter which (at least on my system) used to indicate we only want legacy addresses. How much have you disabled IPv6 on your system?
As I first replied in your other thread here let's keep the conversation there, but looks like you've already troubleshooted it to the point where dnssec is to blame.