Https-dns-proxy; bug confirmation, pls

During my testing/usage of https-dns-proxy, in noticed quite a few 'Error' messages in
https-dns-proxy.log
which seem to be caused by arrival of second request, when another one still being processed.
I filed official issue report already, but to be on safe side, can somebody confirm this problem ?
Quite easy to verify: Add following lines to /etc/config/https-dns-proxy
option logfile '/tmp/https-dns-proxy.log'
option verbosity '3'

/etc/init.d/https-dns-proxy restart

and, after some time, 'grep Error /tmp/https-dns-proxy.log'

Quite a few lines,too, like
[W] 1776410279.175912 https_client.c:366 C4AF: curl request failed with 16: Error
which cause the dns-request to be dropped. Will be recovered with a retry from client, most likely, but introducing some delay.
I am using 'fast-dns-retry' for dnsmasq.conf, to force retry, in case the issue hits my openwrt.

Testing right now.

root@R7800-2:/tmp# ubus call system board
{
        "kernel": "6.12.79",
        "hostname": "R7800-2",
        "system": "ARMv7 Processor rev 0 (v7l)",
        "model": "Netgear Nighthawk X4S R7800",
        "board_name": "netgear,r7800",
        "rootfs_type": "squashfs",
        "release": {
                "distribution": "OpenWrt",
                "version": "25.12-SNAPSHOT",
                "firmware_url": "https://downloads.openwrt.org/",
                "revision": "r32863-12e56ac8d4",
                "target": "ipq806x/generic",
                "description": "OpenWrt 25.12-SNAPSHOT r32863-12e56ac8d4",
                "builddate": "1776155576"
        }
}

root@R7800-2:/tmp# https-dns-proxy -V
2025.12.29-r4
Using: ev/4.33 c-ares/1.34.6 libcurl/8.19.0 OpenSSL/3.5.6 nghttp2/1.66.0
Features: HTTP2 HTTPS-proxy IPv6

Until now no errors but just started:

root@R7800-2:/tmp# ls -la https-dns-proxy.log
-rw-r-----    1 root     root        969760 Apr 21 12:22 https-dns-proxy.log

root@R7800-2:/tmp# grep Error /tmp/https-dns-proxy.log
root@R7800-2:/tmp#

Thank you for your effort. Looks like an environment-specific issue, because according to your log-size the issue should have shown up already. Only difference at first glance is your SNAPSHOT, as I am using 25.12.2 release. And slower hardware. Below you find one typical occurence of my issue.

[D] 1776768061.066527 main.c:91 Received response for id: 263C, len: 67
[D] 1776768065.964921 main.c:126 Received request for id: EA1A, len: 42
[D] 1776768065.964998 https_client.c:260 EA1A: Requesting HTTP/2
[D] 1776768065.965507 https_client.c:218 EA1A: > POST /dns-query HTTP/2
[D] 1776768065.965521 https_client.c:218 EA1A: > Host: dns10.quad9.net
[D] 1776768065.965527 https_client.c:218 EA1A: > User-Agent: https_dns_proxy/0.4
[D] 1776768065.965532 https_client.c:218 EA1A: > Accept: application/dns-message
[D] 1776768065.965537 https_client.c:218 EA1A: > Content-Type: application/dns-message
[D] 1776768065.965542 https_client.c:218 EA1A: > Content-Length: 42
[D] 1776768065.965682 https_client.c:169 EA1A: > 0000: ea 1a 01 00 00 01 00 00 00 00 00 01 09 68 74 6d .............htm
[D] 1776768065.965731 https_client.c:169 EA1A: > 0010: 6c 2d 6c 6f 61 64 03 63 6f 6d 00 00 01 00 01 00 l-load.com......
[D] 1776768065.965754 https_client.c:169 EA1A: > 0020: 00 29 04 d0 00 00 00 00 00 00                   .)........
[D] 1776768065.966034 https_client.c:639 Reserved new io event: 0x7fc8f766a8
[D] 1776768065.966713 main.c:126 Received request for id: 1F4, len: 44
[D] 1776768065.966756 https_client.c:260 01F4: Requesting HTTP/2
[D] 1776768065.967344 https_client.c:218 01F4: > POST /dns-query HTTP/2
[D] 1776768065.967357 https_client.c:218 01F4: > Host: dns10.quad9.net
[D] 1776768065.967363 https_client.c:218 01F4: > User-Agent: https_dns_proxy/0.4
[D] 1776768065.967368 https_client.c:218 01F4: > Accept: application/dns-message
[D] 1776768065.967373 https_client.c:218 01F4: > Content-Type: application/dns-message
[D] 1776768065.967379 https_client.c:218 01F4: > Content-Length: 44
[D] 1776768065.967407 https_client.c:169 01F4: > 0000: 01 f4 01 00 00 01 00 00 00 00 00 01 08 6d 61 73 .............mas
[D] 1776768065.967466 https_client.c:169 01F4: > 0010: 74 6f 64 6f 6e 06 73 6f 63 69 61 6c 00 00 01 00 todon.social....
[D] 1776768065.967491 https_client.c:169 01F4: > 0020: 01 00 00 29 04 d0 00 00 00 00 00 00             ...)........
[D] 1776768065.996216 main.c:126 Received request for id: EA1A, len: 42
[D] 1776768065.996259 https_client.c:260 EA1A: Requesting HTTP/2
[D] 1776768065.996880 https_client.c:218 EA1A: > POST /dns-query HTTP/2
[D] 1776768065.996894 https_client.c:218 EA1A: > Host: dns10.quad9.net
[D] 1776768065.996899 https_client.c:218 EA1A: > User-Agent: https_dns_proxy/0.4
[D] 1776768065.996905 https_client.c:218 EA1A: > Accept: application/dns-message
[D] 1776768065.996910 https_client.c:218 EA1A: > Content-Type: application/dns-message
[D] 1776768065.996915 https_client.c:218 EA1A: > Content-Length: 42
[D] 1776768065.996944 https_client.c:169 EA1A: > 0000: ea 1a 01 00 00 01 00 00 00 00 00 01 09 68 74 6d .............htm
[D] 1776768065.996972 https_client.c:169 EA1A: > 0010: 6c 2d 6c 6f 61 64 03 63 6f 6d 00 00 01 00 01 00 l-load.com......
[D] 1776768065.997013 https_client.c:169 EA1A: > 0020: 00 29 04 d0 00 00 00 00 00 00                   .)........
[D] 1776768065.997677 main.c:126 Received request for id: 1F4, len: 44
[D] 1776768065.997735 https_client.c:260 01F4: Requesting HTTP/2
[D] 1776768065.998274 https_client.c:218 01F4: > POST /dns-query HTTP/2
[D] 1776768065.998290 https_client.c:218 01F4: > Host: dns10.quad9.net
[D] 1776768065.998295 https_client.c:218 01F4: > User-Agent: https_dns_proxy/0.4
[D] 1776768065.998300 https_client.c:218 01F4: > Accept: application/dns-message
[D] 1776768065.998305 https_client.c:218 01F4: > Content-Type: application/dns-message
[D] 1776768065.998310 https_client.c:218 01F4: > Content-Length: 44
[D] 1776768065.998339 https_client.c:169 01F4: > 0000: 01 f4 01 00 00 01 00 00 00 00 00 01 08 6d 61 73 .............mas
[D] 1776768065.998414 https_client.c:169 01F4: > 0010: 74 6f 64 6f 6e 06 73 6f 63 69 61 6c 00 00 01 00 todon.social....
[D] 1776768065.998440 https_client.c:169 01F4: > 0020: 01 00 00 29 04 d0 00 00 00 00 00 00             ...)........
[D] 1776768066.006154 https_client.c:218 EA1A: < HTTP/2 200 
[D] 1776768066.006183 https_client.c:218 EA1A: < content-type: application/dns-message
[D] 1776768066.006200 https_client.c:218 EA1A: < cache-control: max-age=221
[D] 1776768066.006211 https_client.c:218 EA1A: < content-length: 74
[D] 1776768066.006221 https_client.c:218 EA1A: < x-content-type-options: nosniff
[D] 1776768066.006230 https_client.c:218 EA1A: < access-control-allow-origin: *
[D] 1776768066.006241 https_client.c:218 EA1A: < alt-svc: h3=":443"
[D] 1776768066.006284 https_client.c:169 EA1A: < 0000: ea 1a 81 80 00 01 00 02 00 00 00 01 09 68 74 6d .............htm
[D] 1776768066.006312 https_client.c:169 EA1A: < 0010: 6c 2d 6c 6f 61 64 03 63 6f 6d 00 00 01 00 01 c0 l-load.com......
[D] 1776768066.006340 https_client.c:169 EA1A: < 0020: 0c 00 01 00 01 00 00 00 dd 00 04 68 12 15 1f c0 ...........h....
[D] 1776768066.006368 https_client.c:169 EA1A: < 0030: 0c 00 01 00 01 00 00 00 dd 00 04 68 12 14 1f 00 ...........h....
[D] 1776768066.006391 https_client.c:169 EA1A: < 0040: 00 29 04 d0 00 00 00 00 00 00                   .)........
[D] 1776768066.006544 https_client.c:353 EA1A: curl request succeeded
[D] 1776768066.006553 https_client.c:452 EA1A: CURLINFO_NUM_CONNECTS: 0
[D] 1776768066.006559 https_client.c:464 EA1A: CURLINFO_EFFECTIVE_URL: https://dns10.quad9.net/dns-query
[D] 1776768066.006564 https_client.c:471 EA1A: CURLINFO_HTTP_VERSION: 2
[D] 1776768066.006572 https_client.c:501 EA1A: Times: 0.000000, 0.000000, 0.000000, 0.000697, 0.041083, 0.041385
[D] 1776768066.006599 main.c:91 Received response for id: EA1A, len: 74
[D] 1776768066.045168 https_client.c:218 EA1A: < HTTP/2 200 
[D] 1776768066.045198 https_client.c:218 EA1A: < content-type: application/dns-message
[D] 1776768066.045213 https_client.c:218 EA1A: < cache-control: max-age=220
[D] 1776768066.045226 https_client.c:218 EA1A: < content-length: 74
[D] 1776768066.045236 https_client.c:218 EA1A: < x-content-type-options: nosniff
[D] 1776768066.045244 https_client.c:218 EA1A: < access-control-allow-origin: *
[D] 1776768066.045255 https_client.c:218 EA1A: < alt-svc: h3=":443"
[D] 1776768066.045319 https_client.c:169 EA1A: < 0000: ea 1a 81 80 00 01 00 02 00 00 00 01 09 68 74 6d .............htm
[D] 1776768066.045347 https_client.c:169 EA1A: < 0010: 6c 2d 6c 6f 61 64 03 63 6f 6d 00 00 01 00 01 c0 l-load.com......
[D] 1776768066.045375 https_client.c:169 EA1A: < 0020: 0c 00 01 00 01 00 00 00 dc 00 04 68 12 15 1f c0 ...........h....
[D] 1776768066.045404 https_client.c:169 EA1A: < 0030: 0c 00 01 00 01 00 00 00 dc 00 04 68 12 14 1f 00 ...........h....
[D] 1776768066.045426 https_client.c:169 EA1A: < 0040: 00 29 04 d0 00 00 00 00 00 00                   .)........
[D] 1776768066.047544 https_client.c:626 Released used io event: 0x7fc8f766a8
[D] 1776768066.047773 https_client.c:130 curl closed socket: 9
[W] 1776768066.048026 https_client.c:366 01F4: curl request failed with 16: Error
[W] 1776768066.048054 https_client.c:382 01F4: Connecting and sending request to resolver was successful, but no response was sent back
[D] 1776768066.048065 https_client.c:452 01F4: CURLINFO_NUM_CONNECTS: 0
[D] 1776768066.048071 https_client.c:464 01F4: CURLINFO_EFFECTIVE_URL: https://dns10.quad9.net/dns-query
[D] 1776768066.048079 https_client.c:501 01F4: Times: 0.000000, 0.000000, 0.000000, 0.000673, 0.000000, 0.078630
[I] 1776768066.048105 https_client.c:523 01F4: Response was faulty, skipping DNS reply
[D] 1776768066.048110 main.c:91 Received response for id: 1F4, len: 0

root@R7800-2:/tmp# ls -la https-dns-proxy.log
-rw-r-----    1 root     root       5639787 Apr 21 13:08 https-dns-proxy.log

root@R7800-2:/tmp# grep Error /tmp/https-dns-proxy.log
root@R7800-2:/tmp#

root@R7800-2:/tmp# curl -V
curl 8.19.0 (arm-openwrt-linux-gnu) libcurl/8.19.0 OpenSSL/3.5.6 nghttp2/1.66.0
Release-Date: 2026-03-11
Protocols: file ftp ftps http https mqtt mqtts
Features: alt-svc HSTS HTTP2 HTTPS-proxy IPv6 Largefile SSL threadsafe UnixSockets
root@R7800-2:/tmp#

Maybe related to the mbedtls problem?

I use only OpenSSL and recent build of 25.12 Snapshot

I tried openssl already. Same issue. I always hesitate to use SNAPSHOT, because running into “special effects” too often Have to give it a try, now.

25.12-Snapshot is reasonably safe as that should only have backported known working good commits, but there always is a risk.

I am not running Main-Snapshots on my production systems

Looks like, I narrowed down my issue. Could you re-test, and use quad9 only as DoH provider in https-dns-proxy ?

Sure will do that but will be tomorrow.

I just did a quick test and have one error:

root@R7800-2:~# ls -la /tmp/https-dns-proxy.log
-rw-r-----    1 root     root        613343 Apr 21 21:09 /tmp/https-dns-proxy.log

root@R7800-2:~# grep Error /tmp/https-dns-proxy.log
[W] 1776798543.332425 https_client.c:366 5C04: curl request failed with 16: Error
root@R7800-2:~#

config main 'config'
	option dnsmasq_config_update '*'
	option force_dns '0'
	list force_dns_port '53'
	list force_dns_port '853'
	list force_dns_src_interface 'lan'
	option procd_trigger_wan6 '0'
	option heartbeat_domain 'heartbeat.melmac.ca'
	option heartbeat_sleep_timeout '10'
	option heartbeat_wait_timeout '10'
	option user 'nobody'
	option group 'nogroup'
	option listen_addr '127.0.0.1'
	option logfile '/tmp/https-dns-proxy.log'
	option verbosity '3'

config https-dns-proxy
	option resolver_url 'https://dns.quad9.net/dns-query'
	option bootstrap_dns '9.9.9.9,149.112.112.112,2620:fe::fe,2620:fe::9'
	option listen_port '5053'

Did some more testing and it looks to be quad9 which is the culprit, I did some heavy querying with quad9 and now more errors are surfacing.

I original had cloudflare and google, I went back to that and even after a lot of heavy querying no errors at all

Yep. I will update my official issue on git, regarding https-dns-proxy, and send some notice to quad9 support. I preferred quad because of privacy, but now I need to switch to cloudflare, obviously. Thank you very much for your support.