Is it even possible without manual intervention?

https-dns-proxy modifies the dnsmasq config to route DNS requests through it, including the router itself. When sysupgrade runs, the https-dns-proxy package (and all others, of course) is removed, but when the new build tries to reinstall https-dns-proxy, it can't because all DNS requests fail...a chicken-and-egg problem.

Is there a clean solution for this, short of adding Google DNS or similar temporarily to dnsmasq to allow bare DNS requests to work? How are others handling this?

Only if you set your router to use it as well.
By default, the clients will use it, while the router itself uses the DNSes provided by the ISP.

If not, you can always ssh to it, edit /etc/resolv.conf, and replace 127.0.0.1 with
8.8.8.8, post upgrade.

You can use the image builder to include any extra packages you need.

attended-sysuprade and bring https-dns in image

Theres a few ways to fix this. I suggest the first way.

1. https://github.com/richb-hanover/OpenWrtScripts take and modify his https://github.com/richb-hanover/OpenWrtScripts/blob/main/config-openwrt.sh script.
   Document all your setup tasks for a "new" install and then put them in the script. Then when you sysupgrade all you have to do is SSH in and copy over the script and it will re-setup as you require.

2. as frollic said. Set your router DNS to your ISP or Google or Cloudflare DNS. Your router does not need adblocking or encrypted DNS. This means it will always be able to update NTP or do opkg updates even if your https-dns-proxy is broken. (I also set it that way for AdGuardHome in my thread).

3. Imagebuilder but i believe you'd still have to setup the config files?

I hadn't considered the fact that I'm rejecting ISP DNS to even be a factor here. Thanks for the tip!

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.