Error messages relative to dnscrypt

Menard · July 5, 2024, 7:07am

Since I installed this router, I notice these error messages on the system log in the router (Opal)

Fri Jul  5 07:20:08 2024 user.notice mwan3[5539]: Starting tracker on interface wan (eth0.2)
Fri Jul  5 07:20:08 2024 user.notice mwan3track[4274]: Stopping mwan3track for interface "wan"
Fri Jul  5 07:20:08 2024 cron.err crond[2177]: time disparity of 480 minutes detected
Fri Jul  5 07:20:09 2024 daemon.err dnscrypt-proxy[2014]: dnscrypt-proxy Unable to retrieve server certificates
Fri Jul  5 07:20:11 2024 user.info mwan3rtmon[2528]: Detect rtchange event.
Fri Jul  5 07:20:12 2024 user.notice firewall: Reloading firewall due to ifup of wan (eth0.2)
Fri Jul  5 07:20:12 2024 daemon.info dnscrypt-proxy[2014]: dnscrypt-proxy Refetching server certificates
Fri Jul  5 07:20:13 2024 user.notice relay: Reloading relay due to connected of wan (eth0.2)
Fri Jul  5 07:20:13 2024 user.notice relay: Reloading relay due to ifup of wan (eth0.2)
Fri Jul  5 07:20:27 2024 daemon.err dnscrypt-proxy[2014]: dnscrypt-proxy Unable to retrieve server certificates

and after some time

Fri Jul  5 08:13:30 2024 daemon.err dnscrypt-proxy[2014]: dnscrypt-proxy Unable to retrieve server certificates
Fri Jul  5 08:15:36 2024 daemon.info dnscrypt-proxy[2014]: dnscrypt-proxy Refetching server certificates
Fri Jul  5 08:15:51 2024 daemon.err dnscrypt-proxy[2014]: dnscrypt-proxy Unable to retrieve server certificates
Fri Jul  5 08:18:01 2024 daemon.info dnscrypt-proxy[2014]: dnscrypt-proxy Refetching server certificates
Fri Jul  5 08:18:16 2024 daemon.err dnscrypt-proxy[2014]: dnscrypt-proxy Unable to retrieve server certificates

Is this OK ?

Renato · July 5, 2024, 8:19am

I noticed so many errors when using DNSCrypt and I decided to stop using it, because nobody can reproduce the problem

github.com/AdguardTeam/AdGuardHome

DNSCrypt response is invalid and cannot be decrypted

opened 07:53PM - 07 Apr 24 UTC

renatoyamane

### Prerequisites - [X] I have checked the [Wiki](https://github.com/AdguardT…eam/AdGuardHome/wiki) and [Discussions](https://github.com/AdguardTeam/AdGuardHome/discussions/categories/q-a) and found no answer - [X] I have searched other issues and found no duplicates - [X] I want to report a bug and not [ask a question or ask for help](https://github.com/AdguardTeam/AdGuardHome/discussions/categories/q-a) - [X] I have set up AdGuard Home correctly and [configured clients to use it](https://github.com/AdguardTeam/AdGuardHome/wiki/Clients). (Use the [Discussions](https://github.com/AdguardTeam/AdGuardHome/discussions/categories/q-a) for help with installing and configuring clients.) ### Platform (OS and CPU architecture) Linux, ARM64 ### Installation Custom package (OpenWrt, HomeAssistant, etc; please mention in the description) ### Setup On a router, DHCP is handled by the router ### AdGuard Home version 0.107.48 ### Action I'm noticing a lot of these errors on my log: ``` Sat Apr 6 17:57:37 2024 user.notice AdGuardHome[8137]: 2024/04/06 16:57:37.213287 [error] dnsproxy: upstream sdns://AQAAAAAAAAAACjguMjAuMjQ3LjIg0sJUqpYcHsoXmZb1X7yAHwg2xyN5q1J-zaiGG-Dgs7AoMi5kbnNjcnlwdC1jZXJ0LnNoaWVsZC0yLmRuc2J5Y29tb2RvLmNvbQ failed to exchange ;weather.nest.com. IN A in 18.729841ms: exchanging: dnscrypt: DNSCrypt response is invalid and cannot be decrypted Sat Apr 6 21:00:52 2024 user.notice AdGuardHome[8137]: 2024/04/06 20:00:52.880450 [error] dnsproxy: upstream sdns://AQAAAAAAAAAADjIwOC42Ny4yMjAuMjIwILc1EUAgbyJdPivYItf9aR6hwzzI1maNDL4Ev6vKQ_t5GzIuZG5zY3J5cHQtY2VydC5vcGVuZG5zLmNvbQ failed to exchange ;s3.glbimg.com. IN HTTPS in 226.548648ms: exchanging: dnscrypt: DNSCrypt response is invalid and cannot be decrypted Sat Apr 6 21:29:39 2024 user.notice AdGuardHome[8137]: 2024/04/06 20:29:39.610791 [error] dnsproxy: upstream sdns://AQIAAAAAAAAAETk0LjE0MC4xNC4xNDo1NDQzINErR_JS3PLCu_iZEIbq95zkSV2LFsigxDIuUso_OQhzIjIuZG5zY3J5cHQuZGVmYXVsdC5uczEuYWRndWFyZC5jb20 failed to exchange ;firebaseremoteconfig.googleapis.com. IN A in 7.66672ms: exchanging: dnscrypt: DNSCrypt response is invalid and cannot be decrypted Sat Apr 6 23:11:45 2024 user.notice AdGuardHome[8137]: 2024/04/06 22:11:45.401988 [error] dnsproxy: upstream sdns://AQAAAAAAAAAACjguMjAuMjQ3LjIg0sJUqpYcHsoXmZb1X7yAHwg2xyN5q1J-zaiGG-Dgs7AoMi5kbnNjcnlwdC1jZXJ0LnNoaWVsZC0yLmRuc2J5Y29tb2RvLmNvbQ failed to exchange ;colvk.viki.io. IN A in 20.838928ms: exchanging: dnscrypt: DNSCrypt response is invalid and cannot be decrypted Sun Apr 7 00:12:15 2024 user.notice AdGuardHome[8137]: 2024/04/06 23:12:15.570966 [error] dnsproxy: upstream sdns://AQMAAAAAAAAADDkuOS45Ljk6ODQ0MyBnyEe4yHWM0SAkVUO-dWdG3zTfHYTAC4xHA2jfgh2GPhkyLmRuc2NyeXB0LWNlcnQucXVhZDkubmV0 failed to exchange ;xgapromomanager-pa.googleapis.com. IN A in 9.135598ms: exchanging: dnscrypt: DNSCrypt response is invalid and cannot be decrypted Sun Apr 7 00:12:15 2024 user.notice AdGuardHome[8137]: 2024/04/06 23:12:15.561725 [error] dnsproxy: upstream sdns://AQIAAAAAAAAAETk0LjE0MC4xNC4xNDo1NDQzINErR_JS3PLCu_iZEIbq95zkSV2LFsigxDIuUso_OQhzIjIuZG5zY3J5cHQuZGVmYXVsdC5uczEuYWRndWFyZC5jb20 failed to exchange ;xgapromomanager-pa.googleapis.com. IN A in 7.550599ms: exchanging: dnscrypt: DNSCrypt response is invalid and cannot be decrypted Sun Apr 7 12:37:57 2024 user.notice AdGuardHome[8137]: 2024/04/07 11:37:57.442440 [error] dnsproxy: upstream sdns://AQAAAAAAAAAADjIwOC42Ny4yMjAuMjIwILc1EUAgbyJdPivYItf9aR6hwzzI1maNDL4Ev6vKQ_t5GzIuZG5zY3J5cHQtY2VydC5vcGVuZG5zLmNvbQ failed to exchange ;shop.allnetchina.cn. IN A in 18.676623ms: exchanging: dnscrypt: DNSCrypt response is invalid and cannot be decrypted Sun Apr 7 15:00:03 2024 user.notice AdGuardHome[8137]: 2024/04/07 14:00:03.703077 [error] dnsproxy: upstream sdns://AQAAAAAAAAAACjguMjAuMjQ3LjIg0sJUqpYcHsoXmZb1X7yAHwg2xyN5q1J-zaiGG-Dgs7AoMi5kbnNjcnlwdC1jZXJ0LnNoaWVsZC0yLmRuc2J5Y29tb2RvLmNvbQ failed to exchange ;5aa25954e40ffb18984989b59487dfe054549e213a2e64a12187f8deb5a4cb5.us-east-1.prod.service.minerva.devices.a2z.com. IN A in 17.727306ms: exchanging: dnscrypt: DNSCrypt response is invalid and cannot be decrypted Sun Apr 7 17:49:49 2024 user.notice AdGuardHome[8137]: 2024/04/07 16:49:49.174139 [error] dnsproxy: upstream sdns://AQAAAAAAAAAADjIwOC42Ny4yMjAuMjIwILc1EUAgbyJdPivYItf9aR6hwzzI1maNDL4Ev6vKQ_t5GzIuZG5zY3J5cHQtY2VydC5vcGVuZG5zLmNvbQ failed to exchange ;fitbitvestibuleshim-pa.googleapis.com. IN A in 15.355386ms: exchanging: dnscrypt: DNSCrypt response is invalid and cannot be decrypted ``` Upstream servers (load balancing mode): The 3rd (from bottom to top) is an ADGuard DNSCrypt server, which is also resulting in an error reported above. **To reproduce the error quickier, remove the HTTPS, TLS and QUIC servers from the list below.** ``` https://dns.google/dns-query https://dns.quad9.net/dns-query https://dns.twnic.tw/dns-query https://doh.opendns.com/dns-query https://security.cloudflare-dns.com/dns-query tls://security.cloudflare-dns.com quic://dns.adguard-dns.com quic://zero.dns0.eu https://dns.adguard-dns.com/dns-query tls://dns.adguard-dns.com sdns://AQAAAAAAAAAADjIwOC42Ny4yMjAuMjIwILc1EUAgbyJdPivYItf9aR6hwzzI1maNDL4Ev6vKQ_t5GzIuZG5zY3J5cHQtY2VydC5vcGVuZG5zLmNvbQ sdns://AQMAAAAAAAAADDkuOS45Ljk6ODQ0MyBnyEe4yHWM0SAkVUO-dWdG3zTfHYTAC4xHA2jfgh2GPhkyLmRuc2NyeXB0LWNlcnQucXVhZDkubmV0 sdns://AQMAAAAAAAAAEjEwMy44Ny42OC4xOTQ6ODQ0MyAxXDKkdrOao8ZeLyu7vTnVrT0C7YlPNNf6trdMkje7QR8yLmRuc2NyeXB0LWNlcnQuZG5zLmJlYmFzaWQuY29t sdns://AQIAAAAAAAAAETk0LjE0MC4xNC4xNDo1NDQzINErR_JS3PLCu_iZEIbq95zkSV2LFsigxDIuUso_OQhzIjIuZG5zY3J5cHQuZGVmYXVsdC5uczEuYWRndWFyZC5jb20 sdns://AQAAAAAAAAAACjguMjAuMjQ3LjIg0sJUqpYcHsoXmZb1X7yAHwg2xyN5q1J-zaiGG-Dgs7AoMi5kbnNjcnlwdC1jZXJ0LnNoaWVsZC0yLmRuc2J5Y29tb2RvLmNvbQ sdns://AgMAAAAAAAAADDk0LjE0MC4xNS4xNSCaOjT3J965vKUQA9nOnDn48n3ZxSQpAcK6saROY1oCGQ9kbnMuYWRndWFyZC5jb20KL2Rucy1xdWVyeQ ``` Bootstrap servers: ``` 208.67.222.222 1.1.1.1 208.67.220.220 9.9.9.9 8.8.8.8 149.112.112.10 2620:fe::10 2620:fe::fe:10 94.140.15.15 2a10:50c0::ad1:ff 94.140.14.14 2a10:50c0::ad2:ff [2a10:50c0::ad1:ff]:5443 ``` Filters: ``` # Phishing army https://adguardteam.github.io/HostlistsRegistry/assets/filter_18.txt # Spanish / Portuguese https://filters.adtidy.org/extension/chromium/filters/9.txt # Annoyances https://filters.adtidy.org/extension/chromium/filters/14.txt # Perflyst and Dandelion Sprout's Smart-TV Blocklist https://adguardteam.github.io/HostlistsRegistry/assets/filter_7.txt # 1Hosts (Lite) https://adguardteam.github.io/HostlistsRegistry/assets/filter_24.txt # OISD Blocklist Big https://adguardteam.github.io/HostlistsRegistry/assets/filter_27.txt # HaGeZi's Gambling Blocklist https://adguardteam.github.io/HostlistsRegistry/assets/filter_47.txt # HaGeZi's Pro++ Blocklist https://adguardteam.github.io/HostlistsRegistry/assets/filter_51.txt # Threat Intelligence Feeds - Medium version https://cdn.jsdelivr.net/gh/hagezi/dns-blocklists@latest/adblock/tif.medium.txt ``` Same errors also noticed on previous versions (0.107.45 -- 0.107.46 -- 0.107.47) ### Expected result No errors ### Actual result Noticed some errors as reported ### Additional information and/or screenshots _No response_

Menard · July 5, 2024, 6:51pm

OK, but I am not in the case where I d try to use DNScrypt... on the router neither on my computer.
I get these errors without to have done anything.
On my computer I use Unbound as DNS local resolver and dnssec is activated. Nothing else.

bruce · July 16, 2024, 8:07am

Without affecting for router working.
Please upgrade 4.3.18 beta1 of the firmware center, improve the syslog report of this feature process.