[Adguard Home] DNSCrypt response is invalid and cannot be decrypted

Is there anyone else using DNSCrypt servers on Adguard and noticing these errors on the System log?

Fri Apr 19 08:08:19 2024 user.notice AdGuardHome[9197]: 2024/04/19 07:08:19.954779 [error] dnsproxy: upstream sdns://AQMAAAAAAAAADDkuOS45Ljk6ODQ0MyBnyEe4yHWM0SAkVUO-dWdG3zTfHYTAC4xHA2jfgh2GPhkyLmRuc2NyeXB0LWNlcnQucXVhZDkubmV0 failed to exchange ;agnss.goog.	IN	 A in 9.29923ms: exchanging: dnscrypt: DNSCrypt response is invalid and cannot be decrypted

Thu Apr 18 12:21:53 2024 user.notice AdGuardHome[9197]: 2024/04/18 11:21:53.743208 [error] dnsproxy: upstream sdns://AQAAAAAAAAAACjguMjAuMjQ3LjIg0sJUqpYcHsoXmZb1X7yAHwg2xyN5q1J-zaiGG-Dgs7AoMi5kbnNjcnlwdC1jZXJ0LnNoaWVsZC0yLmRuc2J5Y29tb2RvLmNvbQ failed to exchange ;czfe112-front01-iad01.transport.home.nest.com.	IN	 A in 18.621251ms: exchanging: dnscrypt: DNSCrypt response is invalid and cannot be decrypted

Thu Apr 18 12:23:02 2024 user.notice AdGuardHome[9197]: 2024/04/18 11:23:02.974575 [error] dnsproxy: upstream sdns://AQAAAAAAAAAADjIwOC42Ny4yMjAuMjIwILc1EUAgbyJdPivYItf9aR6hwzzI1maNDL4Ev6vKQ_t5GzIuZG5zY3J5cHQtY2VydC5vcGVuZG5zLmNvbQ failed to exchange ;www.bing.com.	IN	 A in 16.18442ms: exchanging: dnscrypt: DNSCrypt response is invalid and cannot be decrypted

Thu Apr 18 15:30:19 2024 user.notice AdGuardHome[9197]: 2024/04/18 14:30:19.273293 [error] dnsproxy: upstream sdns://AQIAAAAAAAAAETk0LjE0MC4xNC4xNDo1NDQzINErR_JS3PLCu_iZEIbq95zkSV2LFsigxDIuUso_OQhzIjIuZG5zY3J5cHQuZGVmYXVsdC5uczEuYWRndWFyZC5jb20 failed to exchange ;titles.prod.mos.microsoft.com.	IN	 A in 102.657302ms: exchanging: dnscrypt: DNSCrypt response is invalid and cannot be decrypted

Thu Apr 18 15:42:19 2024 user.notice AdGuardHome[9197]: 2024/04/18 14:42:19.142310 [error] dnsproxy: upstream sdns://AQIAAAAAAAAAETk0LjE0MC4xNC4xNDo1NDQzINErR_JS3PLCu_iZEIbq95zkSV2LFsigxDIuUso_OQhzIjIuZG5zY3J5cHQuZGVmYXVsdC5uczEuYWRndWFyZC5jb20 failed to exchange ;res-1.cdn.office.net.	IN	 A in 8.680415ms: exchanging: dnscrypt: DNSCrypt response is invalid and cannot be decrypted

Thu Apr 18 16:27:50 2024 user.notice AdGuardHome[9197]: 2024/04/18 15:27:50.725517 [error] dnsproxy: upstream sdns://AQAAAAAAAAAACjguMjAuMjQ3LjIg0sJUqpYcHsoXmZb1X7yAHwg2xyN5q1J-zaiGG-Dgs7AoMi5kbnNjcnlwdC1jZXJ0LnNoaWVsZC0yLmRuc2J5Y29tb2RvLmNvbQ failed to exchange ;android.clients.google.com.	IN	 A in 9.390097ms: exchanging: dnscrypt: DNSCrypt response is invalid and cannot be decrypted

Upstreams DNS:

sdns://AQAAAAAAAAAADjIwOC42Ny4yMjAuMjIwILc1EUAgbyJdPivYItf9aR6hwzzI1maNDL4Ev6vKQ_t5GzIuZG5zY3J5cHQtY2VydC5vcGVuZG5zLmNvbQ
sdns://AQMAAAAAAAAADDkuOS45Ljk6ODQ0MyBnyEe4yHWM0SAkVUO-dWdG3zTfHYTAC4xHA2jfgh2GPhkyLmRuc2NyeXB0LWNlcnQucXVhZDkubmV0
sdns://AQMAAAAAAAAAEjEwMy44Ny42OC4xOTQ6ODQ0MyAxXDKkdrOao8ZeLyu7vTnVrT0C7YlPNNf6trdMkje7QR8yLmRuc2NyeXB0LWNlcnQuZG5zLmJlYmFzaWQuY29t
sdns://AQIAAAAAAAAAETk0LjE0MC4xNC4xNDo1NDQzINErR_JS3PLCu_iZEIbq95zkSV2LFsigxDIuUso_OQhzIjIuZG5zY3J5cHQuZGVmYXVsdC5uczEuYWRndWFyZC5jb20
sdns://AQAAAAAAAAAACjguMjAuMjQ3LjIg0sJUqpYcHsoXmZb1X7yAHwg2xyN5q1J-zaiGG-Dgs7AoMi5kbnNjcnlwdC1jZXJ0LnNoaWVsZC0yLmRuc2J5Y29tb2RvLmNvbQ
sdns://AgMAAAAAAAAADDk0LjE0MC4xNS4xNSCaOjT3J965vKUQA9nOnDn48n3ZxSQpAcK6saROY1oCGQ9kbnMuYWRndWFyZC5jb20KL2Rucy1xdWVyeQ

Bootstrap servers:

208.67.222.222
1.1.1.1
208.67.220.220
9.9.9.9
8.8.8.8
149.112.112.10
2620:fe::10
2620:fe::fe:10
94.140.15.15
2a10:50c0::ad1:ff
94.140.14.14
2a10:50c0::ad2:ff
[2a10:50c0::ad1:ff]:5443

Block list:

# Hagezi Multi PRO+:
https://cdn.jsdelivr.net/gh/hagezi/dns-blocklists@latest/adblock/pro.plus.txt

# Hagezi Threat Intelligence Feeds:
https://cdn.jsdelivr.net/gh/hagezi/dns-blocklists@latest/adblock/tif.txt

# OISD big:
https://big.oisd.nl

# 1hosts (lite)
https://o0.pages.dev/Lite/adblock.txt

Di you follow wiki?

This wiki is a bit old and looks like it’s purposed to run on the server’s side.

I already have the stamps (one of them is also from an Adguard server)

If you add these upstream servers in your AdGuard, you will see they will work, but you will also note some errors on the log system at some time.

I think small problem syntax for next lines. Because you select random or best pick one line on your list upstream.
You could try pick one line and others line add symbol # each

But the problem is happening in all DNSCrypt servers but not all the time.

If I pick just a single server, I can still see the problem.

Can be something related to the time zone?

My computer is on the correct time and timezone.

My router is also on the correct time / timezone.

But I noticed this:

Screenshot_20240422-192526864×289 104 KB

I tried 4.6.0 snapshot with your config and don’t have the error logs.

Test 4.5.16 with the same config and seems fine as well.

I noticed these errors on Flint 2, firmware 4.5.8

Can you keep these settings by at least half hour and check the logs?

Choose “load balancing mode” on upstream servers.

As you can see on the time/date on the log above, the error is not happening always.

If this is relevant: I’m on Summer Time (GMT +1 instead of GMT 0).
As you can see on my previous message, the time reported on the log was wrong.

OK. Let me keep it running for a while.

Hi, has anyone else been able to reproduce this?

My test goes around 1 week and I didn’t have this problem.

I do met other bugs though.

The other bugs was a timeout error?
This can be fixed by GL-inet or it’s a ADH bug and should be reported to them?

It is some combined settings causing dns fail. Not related to this thread though.