"https-dns-proxy" does not start after rebooting the router

NorthP4 · February 23, 2024, 3:25pm

I have problems with "https-dns-proxy"
After rebooting the router "https-dns-proxy" does not start. Starts working only after a forced reboot of the "https-dns-proxy" service in the control panel.

In the previous version of OpenWRT 22.03 everything worked without problems.

After searching I have seen many posts about the exact same problem over the past 2-3 years. dnsmasq and https-dns-proxy compatibility issue. All of them have been fixed.
Config:
TP-Link Archer C6U (ramips/mt7621)
OpenWrt 23.05.2, lastest "https-dns-proxy" package

frollic · February 23, 2024, 3:26pm

Disable the auto start, add a sleep and start, to rc.local.

NorthP4 · February 23, 2024, 3:59pm

Will this help? I don't have the experience to make changes like this.

frollic · February 23, 2024, 4:01pm

Then you learn something in the process.
Let us know afterwards.

NorthP4 · February 23, 2024, 4:03pm

You answered so quickly and confidently, as if you were sure that this was the problem. If this is the case, then why didn't the developers make these changes?

frollic · February 23, 2024, 4:38pm

Because not everyone's using https-dns-proxy.

It's probably a race condition, not seen on all devices.

stangri · February 24, 2024, 1:37am

After rebooting, capture the output of logread -ehttps-dns-proxy and post it here.

NorthP4 · February 26, 2024, 6:19am

user.notice https-dns-proxy: Starting service instances on_boot ✓
user.notice https-dns-proxy: Updating dnsmasq config ✓
user.notice https-dns-proxy: Restarting dnsmasq on_config_update ✓
user.notice https-dns-proxy: Stopping service on_boot ✓```

stangri · February 26, 2024, 11:11pm

Thank you, one more thing to run in this state:
service https-dns-proxy info

So what's happening under the hood is that htttps-dns-proxy is starting on boot, but then it checks name resolution health and in case it started too early (and the network is not up, so no resolution possible), it shuts down and sets the trigger to be restarted in any interface coming up.

Obviously in your case it only works up to shutdown and the trigger either is not set (that's why I need additional output) or not working.

NorthP4 · February 27, 2024, 6:46am

I tried to figure out which command to use, but I couldn't. Could you write the entire command that needs to be used?

stangri · February 27, 2024, 8:37pm

Yes, I did earlier. Reboot your router and in the shell paste:

logread -ehttps-dns-proxy
service https-dns-proxy info

You have already provided the output from the first command, but I also need the output from the second command.

NorthP4 · February 28, 2024, 6:26am

I realized my mistake. I copied the first log from OpenWRT interface. Second command I tried to do it through the command "uci" in Putty. Then I found the correct instructions https://openwrt.org/docs/guide-user/base-system/user.beginner.cli
Sorry and Thank You for your patience

root@OpenWrt:~# service https-dns-proxy info
{
        "https-dns-proxy": {
                "instances": {
                        "instance1": {
                                "running": true,
                                "pid": 2637,
                                "command": [
                                        "/usr/sbin/https-dns-proxy",
                                        "-r",
                                        "https://dns0.eu/",
                                        "-a",
                                        "127.0.0.1",
                                        "-p",
                                        "5053",
                                        "-b",
                                        "1.1.1.1,1.0.0.1,8.8.8.8,8.8.4.4",
                                        "-4",
                                        "-u",
                                        "nobody",
                                        "-g",
                                        "nogroup"
                                ],
                                "term_timeout": 5,
                                "data": {
                                        "firewall": [
                                                {
                                                        "type": "redirect",
                                                        "target": "DNAT",
                                                        "src": "lan",
                                                        "proto": "tcp udp",
                                                        "src_dport": "53",
                                                        "dest_port": "53",
                                                        "family": "any",
                                                        "reflection": false
                                                },
                                                {
                                                        "type": "rule",
                                                        "src": "lan",
                                                        "dest": "*",
                                                        "proto": "tcp udp",
                                                        "dest_port": "853",
                                                        "target": "REJECT"
                                                }
                                        ],
                                        "mdns": {
                                                "https-dns-proxy_5053": {
                                                        "service": "_https-dns-p                                                                                                                     roxy._udp.local",
                                                        "port": 5053,
                                                        "txt": [
                                                                "DNS over HTTPS                                                                                                                      proxy"
                                                        ]
                                                }
                                        }
                                },
                                "respawn": {
                                        "threshold": 3600,
                                        "timeout": 5,
                                        "retry": 5
                                }
                        }
                },
                "triggers": [
                        [
                                "interface.*.up",
                                [
                                        [
                                                "run_script",
                                                "/etc/init.d/https-dns-proxy",
                                                "restart",
                                                "on_interface_up"
                                        ]
                                ],
                                3000
                        ],
                        [
                                "config.change",
                                [
                                        "if",
                                        [
                                                "eq",
                                                "package",
                                                "https-dns-proxy"
                                        ],
                                        [
                                                "run_script",
                                                "/etc/init.d/https-dns-proxy",
                                                "reload",
                                                "on_config_change"
                                        ]
                                ],
                                1000
                        ]
                ]
        }
}

stangri · February 28, 2024, 3:14pm

Thank you for providing the service info output. Are you sure it was ran right after reboot? From that output it looks like the https-dns-proxy is running normally with dns0.eu instance.

NorthP4 · February 28, 2024, 3:37pm

Yes, this is right after the reboot. And DoH didn't work.
I noticed that the log shows 1.1.1.1,1.0.0.1,8.8.8.8,8.8.4.4.4 DNS addresses, although in the settings I changed it to another.

stangri · February 29, 2024, 6:05pm

The system log and the output from service info contradict each other. If service is stopped, there could be no instances running.

Also, when you say "DoH is not working", please clarify exactly what you mean/how you test.

NorthP4 · March 1, 2024, 6:40am

I see it on https://browserleaks.com/dns or https://1.1.1.1/help (if Cloudflare)
In the WAN settings I changed DNS address to 193.110.81.0 (dns0.eu server)
After router rebooting browserleaks website shows servers from the Netherlands. After restarting https-dns-proxy browserleaks shows the correct servers (country where I am).
Before this I used Cloudflare. In this case it's even easier.
After router rebooting:
Connected to 1.1.1.1 - Yes
Using DNS over HTTPS (DoH) - No
After https-dns-proxy restarting:
Connected to 1.1.1.1 - Yes
Using DNS over HTTPS (DoH) - Yes

Partial log, where, as it seems to me, it is clear what the reason is.
"using nameserver" switches several times between 127.0.0.1#5053 and 193.110.81.0#53

Summary

Fri Mar  1 08:00:37 2024 user.notice dnsmasq: DNS rebinding protection is active, will discard upstream RFC1918 responses!
Fri Mar  1 08:00:37 2024 user.notice dnsmasq: Allowing 127.0.0.0/8 responses
Fri Mar  1 08:00:37 2024 daemon.info dnsmasq[1]: started, version 2.89 cachesize 1000
Fri Mar  1 08:00:37 2024 daemon.info dnsmasq[1]: DNS service limited to local subnets
Fri Mar  1 08:00:37 2024 daemon.info dnsmasq[1]: compile time options: IPv6 GNU-getopt no-DBus UBus no-i18n no-IDN DHCP no-DHCPv6 no-Lua TFTP no-conntrack no-ipset no-nftset no-auth no-cryptohash no-DNSSEC no-ID loop-detect inotify dumpfile
Fri Mar  1 08:00:37 2024 daemon.info dnsmasq[1]: UBus support enabled: connected to system bus
Fri Mar  1 08:00:37 2024 daemon.info dnsmasq[1]: using nameserver 127.0.0.1#5053
Fri Mar  1 08:00:37 2024 daemon.info dnsmasq[1]: using only locally-known addresses for test
Fri Mar  1 08:00:37 2024 daemon.info dnsmasq[1]: using only locally-known addresses for onion
Fri Mar  1 08:00:37 2024 daemon.info dnsmasq[1]: using only locally-known addresses for localhost
Fri Mar  1 08:00:37 2024 daemon.info dnsmasq[1]: using only locally-known addresses for local
Fri Mar  1 08:00:37 2024 daemon.info dnsmasq[1]: using only locally-known addresses for invalid
Fri Mar  1 08:00:37 2024 daemon.info dnsmasq[1]: using only locally-known addresses for bind
Fri Mar  1 08:00:37 2024 daemon.info dnsmasq[1]: using only locally-known addresses for use-application-dns.net
Fri Mar  1 08:00:37 2024 daemon.info dnsmasq[1]: using only locally-known addresses for mask-h2.icloud.com
Fri Mar  1 08:00:37 2024 daemon.info dnsmasq[1]: using 2 more local addresses
Fri Mar  1 08:00:37 2024 daemon.warn dnsmasq[1]: no servers found in /tmp/resolv.conf.d/resolv.conf.auto, will retry
Fri Mar  1 08:00:37 2024 daemon.info dnsmasq[1]: read /etc/hosts - 12 names
Fri Mar  1 08:00:37 2024 daemon.info dnsmasq[1]: read /tmp/hosts/dhcp.cfg01411c - 0 names

Fri Mar  1 08:00:43 2024 daemon.notice netifd: Interface 'lan' is enabled
Fri Mar  1 08:00:43 2024 daemon.notice netifd: Interface 'lan' is setting up now
Fri Mar  1 08:00:43 2024 daemon.notice netifd: Interface 'lan' is now up

Fri Mar  1 08:00:43 2024 daemon.notice netifd: Interface 'wan' is enabled
Fri Mar  1 08:00:43 2024 daemon.notice netifd: Interface 'wan' is setting up now
Fri Mar  1 08:00:43 2024 daemon.notice netifd: Interface 'wan' is now up
Fri Mar  1 08:00:43 2024 daemon.info dnsmasq[1]: reading /tmp/resolv.conf.d/resolv.conf.auto
Fri Mar  1 08:00:43 2024 daemon.info dnsmasq[1]: using nameserver 127.0.0.1#5053
Fri Mar  1 08:00:43 2024 daemon.notice netifd: Interface 'wan6' is enabled
Fri Mar  1 08:00:43 2024 daemon.info dnsmasq[1]: using nameserver 193.110.81.0#53
Fri Mar  1 08:00:43 2024 daemon.info dnsmasq[1]: using only locally-known addresses for test
Fri Mar  1 08:00:43 2024 daemon.info dnsmasq[1]: using only locally-known addresses for onion
Fri Mar  1 08:00:43 2024 daemon.info dnsmasq[1]: using only locally-known addresses for localhost
Fri Mar  1 08:00:43 2024 daemon.info dnsmasq[1]: using only locally-known addresses for local
Fri Mar  1 08:00:43 2024 daemon.info dnsmasq[1]: using only locally-known addresses for invalid
Fri Mar  1 08:00:43 2024 daemon.info dnsmasq[1]: using only locally-known addresses for bind
Fri Mar  1 08:00:43 2024 daemon.info dnsmasq[1]: using only locally-known addresses for use-application-dns.net
Fri Mar  1 08:00:43 2024 daemon.info dnsmasq[1]: using only locally-known addresses for mask-h2.icloud.com
Fri Mar  1 08:00:43 2024 daemon.info dnsmasq[1]: using 2 more local addresses
Fri Mar  1 08:00:43 2024 daemon.notice netifd: Network device 'eth0' link is up
Fri Mar  1 08:00:43 2024 daemon.notice netifd: Network device 'lo' link is up
Fri Mar  1 08:00:43 2024 daemon.notice netifd: Interface 'loopback' has link connectivity
Fri Mar  1 08:00:43 2024 daemon.notice netifd: radio0 (1993): WARNING: Variable 'data' does not exist or is not an array/object
Fri Mar  1 08:00:43 2024 user.notice firewall: Reloading firewall due to ifup of lan (br-lan)
Fri Mar  1 08:00:43 2024 user.notice https-dns-proxy: Starting service instances on_boot ✓
Fri Mar  1 08:00:43 2024 user.notice https-dns-proxy: Updating dnsmasq config ✓
Fri Mar  1 08:00:44 2024 daemon.info dnsmasq[1]: exiting on receipt of SIGTERM

Fri Mar  1 08:00:45 2024 daemon.notice netifd: Network device 'wan' link is up
Fri Mar  1 08:00:45 2024 daemon.notice netifd: Interface 'wan' has link connectivity
Fri Mar  1 08:00:45 2024 daemon.notice netifd: Interface 'wan6' has link connectivity
Fri Mar  1 08:00:45 2024 daemon.notice wpa_supplicant[1325]: Set new config for phy phy0
Fri Mar  1 08:00:45 2024 daemon.notice hostapd: Set new config for phy phy0: /var/run/hostapd-phy0.conf
Fri Mar  1 08:00:45 2024 daemon.notice hostapd: Restart interface for phy phy0

Fri Mar  1 08:00:45 2024 kern.info kernel: [   20.378802] br-lan: port 5(phy0-ap0) entered blocking state
Fri Mar  1 08:00:45 2024 kern.info kernel: [   20.384474] br-lan: port 5(phy0-ap0) entered disabled state
Fri Mar  1 08:00:45 2024 kern.info kernel: [   20.390724] device phy0-ap0 entered promiscuous mode
Fri Mar  1 08:00:45 2024 kern.info kernel: [   20.396235] br-lan: port 5(phy0-ap0) entered blocking state
Fri Mar  1 08:00:45 2024 kern.info kernel: [   20.401936] br-lan: port 5(phy0-ap0) entered forwarding state
Fri Mar  1 08:00:45 2024 daemon.notice hostapd: phy0-ap0: interface state UNINITIALIZED->COUNTRY_UPDATE
Fri Mar  1 08:00:45 2024 kern.info kernel: [   20.408078] IPv6: ADDRCONF(NETDEV_CHANGE): br-lan: link becomes ready
Fri Mar  1 08:00:45 2024 daemon.notice netifd: bridge 'br-lan' link is up
Fri Mar  1 08:00:45 2024 daemon.notice netifd: Interface 'lan' has link connectivity
Fri Mar  1 08:00:45 2024 daemon.notice netifd: Network device 'phy0-ap0' link is up
Fri Mar  1 08:00:45 2024 kern.info kernel: [   20.496481] IPv6: ADDRCONF(NETDEV_CHANGE): phy0-ap0: link becomes ready
Fri Mar  1 08:00:45 2024 daemon.notice hostapd: phy0-ap0: interface state COUNTRY_UPDATE->ENABLED
Fri Mar  1 08:00:45 2024 daemon.notice hostapd: phy0-ap0: AP-ENABLED
Fri Mar  1 08:00:45 2024 user.notice firewall: Reloading firewall due to ifup of wan (wan)
Fri Mar  1 08:00:46 2024 daemon.notice netifd: Wireless device 'radio0' is now up
Fri Mar  1 08:00:46 2024 kern.info kernel: [   21.159722] mt7530-mdio mdio-bus:1f lan2: Link is Up - 1Gbps/Full - flow control rx/tx
Fri Mar  1 08:00:46 2024 kern.info kernel: [   21.167809] br-lan: port 2(lan2) entered blocking state
Fri Mar  1 08:00:46 2024 kern.info kernel: [   21.173114] br-lan: port 2(lan2) entered forwarding state
Fri Mar  1 08:00:46 2024 daemon.notice netifd: Network device 'lan2' link is up
Fri Mar  1 08:00:48 2024 daemon.info dnsmasq[1]: started, version 2.89 cachesize 1000
Fri Mar  1 08:00:48 2024 daemon.info dnsmasq[1]: DNS service limited to local subnets
Fri Mar  1 08:00:48 2024 daemon.info dnsmasq[1]: compile time options: IPv6 GNU-getopt no-DBus UBus no-i18n no-IDN DHCP no-DHCPv6 no-Lua TFTP no-conntrack no-ipset no-nftset no-auth no-cryptohash no-DNSSEC no-ID loop-detect inotify dumpfile
Fri Mar  1 08:00:48 2024 daemon.info dnsmasq[1]: UBus support enabled: connected to system bus
Fri Mar  1 08:00:48 2024 daemon.info dnsmasq-dhcp[1]: DHCP, IP range 192.168.1.100 -- 192.168.1.249, lease time 12h
Fri Mar  1 08:00:48 2024 daemon.info dnsmasq[1]: using nameserver 127.0.0.1#5053
Fri Mar  1 08:00:48 2024 daemon.info dnsmasq[1]: using only locally-known addresses for test
Fri Mar  1 08:00:48 2024 daemon.info dnsmasq[1]: using only locally-known addresses for onion
Fri Mar  1 08:00:48 2024 daemon.info dnsmasq[1]: using only locally-known addresses for localhost
Fri Mar  1 08:00:48 2024 daemon.info dnsmasq[1]: using only locally-known addresses for local
Fri Mar  1 08:00:48 2024 daemon.info dnsmasq[1]: using only locally-known addresses for invalid
Fri Mar  1 08:00:48 2024 daemon.info dnsmasq[1]: using only locally-known addresses for bind
Fri Mar  1 08:00:48 2024 daemon.info dnsmasq[1]: using only locally-known addresses for use-application-dns.net
Fri Mar  1 08:00:48 2024 daemon.info dnsmasq[1]: using only locally-known addresses for mask-h2.icloud.com
Fri Mar  1 08:00:48 2024 daemon.info dnsmasq[1]: using 2 more local addresses
Fri Mar  1 08:00:48 2024 daemon.info dnsmasq[1]: read /etc/hosts - 12 names
Fri Mar  1 08:00:48 2024 daemon.info dnsmasq[1]: read /tmp/hosts/dhcp.cfg01411c - 4 names
Fri Mar  1 08:00:48 2024 daemon.info dnsmasq-dhcp[1]: read /etc/ethers - 0 addresses
Fri Mar  1 08:00:48 2024 user.notice https-dns-proxy: Restarting dnsmasq on_config_update ✓

Fri Mar  1 08:00:49 2024 daemon.info dnsmasq[1]: exiting on receipt of SIGTERM
Fri Mar  1 08:00:52 2024 daemon.info dnsmasq[1]: started, version 2.89 cachesize 1000
Fri Mar  1 08:00:52 2024 daemon.info dnsmasq[1]: DNS service limited to local subnets
Fri Mar  1 08:00:52 2024 daemon.info dnsmasq[1]: compile time options: IPv6 GNU-getopt no-DBus UBus no-i18n no-IDN DHCP no-DHCPv6 no-Lua TFTP no-conntrack no-ipset no-nftset no-auth no-cryptohash no-DNSSEC no-ID loop-detect inotify dumpfile
Fri Mar  1 08:00:52 2024 daemon.info dnsmasq[1]: UBus support enabled: connected to system bus
Fri Mar  1 08:00:52 2024 daemon.info dnsmasq-dhcp[1]: DHCP, IP range 192.168.1.100 -- 192.168.1.249, lease time 12h
Fri Mar  1 08:00:52 2024 daemon.info dnsmasq[1]: using nameserver 127.0.0.1#5053
Fri Mar  1 08:00:52 2024 daemon.info dnsmasq[1]: using only locally-known addresses for test
Fri Mar  1 08:00:52 2024 daemon.info dnsmasq[1]: using only locally-known addresses for onion
Fri Mar  1 08:00:52 2024 daemon.info dnsmasq[1]: using only locally-known addresses for localhost
Fri Mar  1 08:00:52 2024 daemon.info dnsmasq[1]: using only locally-known addresses for local
Fri Mar  1 08:00:52 2024 daemon.info dnsmasq[1]: using only locally-known addresses for invalid
Fri Mar  1 08:00:52 2024 daemon.info dnsmasq[1]: using only locally-known addresses for bind
Fri Mar  1 08:00:52 2024 daemon.info dnsmasq[1]: using only locally-known addresses for use-application-dns.net
Fri Mar  1 08:00:52 2024 daemon.info dnsmasq[1]: using only locally-known addresses for mask-h2.icloud.com
Fri Mar  1 08:00:52 2024 daemon.info dnsmasq[1]: using 2 more local addresses
Fri Mar  1 08:00:52 2024 daemon.info dnsmasq[1]: reading /tmp/resolv.conf.d/resolv.conf.auto
Fri Mar  1 08:00:52 2024 daemon.info dnsmasq[1]: using nameserver 127.0.0.1#5053
Fri Mar  1 08:00:52 2024 daemon.info dnsmasq[1]: using nameserver 193.110.81.0#53
Fri Mar  1 08:00:52 2024 daemon.info dnsmasq[1]: using only locally-known addresses for test
Fri Mar  1 08:00:52 2024 daemon.info dnsmasq[1]: using only locally-known addresses for onion
Fri Mar  1 08:00:52 2024 daemon.info dnsmasq[1]: using only locally-known addresses for localhost
Fri Mar  1 08:00:52 2024 daemon.info dnsmasq[1]: using only locally-known addresses for local
Fri Mar  1 08:00:52 2024 daemon.info dnsmasq[1]: using only locally-known addresses for invalid
Fri Mar  1 08:00:52 2024 daemon.info dnsmasq[1]: using only locally-known addresses for bind
Fri Mar  1 08:00:52 2024 daemon.info dnsmasq[1]: using only locally-known addresses for use-application-dns.net
Fri Mar  1 08:00:52 2024 daemon.info dnsmasq[1]: using only locally-known addresses for mask-h2.icloud.com
Fri Mar  1 08:00:52 2024 daemon.info dnsmasq[1]: using 2 more local addresses
Fri Mar  1 08:00:52 2024 daemon.info dnsmasq[1]: read /etc/hosts - 12 names
Fri Mar  1 08:00:52 2024 daemon.info dnsmasq[1]: read /tmp/hosts/dhcp.cfg01411c - 4 names
Fri Mar  1 08:00:52 2024 daemon.info dnsmasq-dhcp[1]: read /etc/ethers - 0 addresses
Fri Mar  1 08:00:52 2024 user.notice https-dns-proxy: Stopping service on_boot ✓

And this problem appears after wan6 starting:

Fri Mar  1 08:00:43 2024 daemon.notice netifd: Interface 'wan' is enabled
Fri Mar  1 08:00:43 2024 daemon.notice netifd: Interface 'wan' is setting up now
Fri Mar  1 08:00:43 2024 daemon.notice netifd: Interface 'wan' is now up
Fri Mar  1 08:00:43 2024 daemon.info dnsmasq[1]: reading /tmp/resolv.conf.d/resolv.conf.auto
Fri Mar  1 08:00:43 2024 daemon.info dnsmasq[1]: using nameserver 127.0.0.1#5053
Fri Mar  1 08:00:43 2024 daemon.notice netifd: Interface 'wan6' is enabled
Fri Mar  1 08:00:43 2024 daemon.info dnsmasq[1]: using nameserver 193.110.81.0#53

This is part of the log after https-dns-proxy restart:

Fri Mar  1 08:04:06 2024 user.notice https-dns-proxy: Starting service instances ✓
Fri Mar  1 08:04:06 2024 user.notice https-dns-proxy: Updating dnsmasq config ✓
Fri Mar  1 08:04:06 2024 daemon.info dnsmasq[1]: exiting on receipt of SIGTERM
Fri Mar  1 08:04:10 2024 daemon.info dnsmasq[1]: started, version 2.89 cachesize 1000
Fri Mar  1 08:04:10 2024 daemon.info dnsmasq[1]: DNS service limited to local subnets
Fri Mar  1 08:04:10 2024 daemon.info dnsmasq[1]: compile time options: IPv6 GNU-getopt no-DBus UBus no-i18n no-IDN DHCP no-DHCPv6 no-Lua TFTP no-conntrack no-ipset no-nftset no-auth no-cryptohash no-DNSSEC no-ID loop-detect inotify dumpfile
Fri Mar  1 08:04:10 2024 daemon.info dnsmasq[1]: UBus support enabled: connected to system bus
Fri Mar  1 08:04:10 2024 daemon.info dnsmasq-dhcp[1]: DHCP, IP range 192.168.1.100 -- 192.168.1.249, lease time 12h
Fri Mar  1 08:04:10 2024 daemon.info dnsmasq[1]: using nameserver 127.0.0.1#5053
Fri Mar  1 08:04:10 2024 daemon.info dnsmasq[1]: using only locally-known addresses for test
Fri Mar  1 08:04:10 2024 daemon.info dnsmasq[1]: using only locally-known addresses for onion
Fri Mar  1 08:04:10 2024 daemon.info dnsmasq[1]: using only locally-known addresses for localhost
Fri Mar  1 08:04:10 2024 daemon.info dnsmasq[1]: using only locally-known addresses for local
Fri Mar  1 08:04:10 2024 daemon.info dnsmasq[1]: using only locally-known addresses for invalid
Fri Mar  1 08:04:10 2024 daemon.info dnsmasq[1]: using only locally-known addresses for bind
Fri Mar  1 08:04:10 2024 daemon.info dnsmasq[1]: using only locally-known addresses for use-application-dns.net
Fri Mar  1 08:04:10 2024 daemon.info dnsmasq[1]: using only locally-known addresses for mask-h2.icloud.com
Fri Mar  1 08:04:10 2024 daemon.info dnsmasq[1]: using 2 more local addresses
Fri Mar  1 08:04:10 2024 daemon.info dnsmasq[1]: read /etc/hosts - 12 names
Fri Mar  1 08:04:10 2024 daemon.info dnsmasq[1]: read /tmp/hosts/dhcp.cfg01411c - 4 names
Fri Mar  1 08:04:10 2024 daemon.info dnsmasq-dhcp[1]: read /etc/ethers - 0 addresses
Fri Mar  1 08:04:10 2024 user.notice https-dns-proxy: Restarting dnsmasq on_config_update ✓

stangri · March 2, 2024, 3:04am

If you explicitly specify an external non-encrypted server in dhcp settings with the specific port, the https-dns-proxy can't override that.

NorthP4 · March 2, 2024, 6:38am

I would like to clarify where exactly changes need to be made?
Interfaces > wan > DHCP Server > Advanced settings > DHCP Options ?
or
Network > DHCP and DNS > ... ?

stangri · March 4, 2024, 12:51am

Which changes? You get as good an answer as the effort you put in posing the question.

NorthP4 · March 4, 2024, 5:00am

I would like to clarify where exactly changes need to be made?
Interfaces > wan > DHCP Server > Advanced settings > DHCP Options ?
or
Network > DHCP and DNS > ... ?