DNSCrypt response is invalid and cannot be decrypted

[renatoyamane]

Prerequisites

• I have checked the Wiki and Discussions and found no answer

• I have searched other issues and found no duplicates

• I want to report a bug and not ask a question or ask for help

• I have set up AdGuard Home correctly and configured clients to use it. (Use the Discussions for help with installing and configuring clients.)

Platform (OS and CPU architecture)

Linux, ARM64

Installation

Custom package (OpenWrt, HomeAssistant, etc; please mention in the description)

Setup

On a router, DHCP is handled by the router

AdGuard Home version

0.107.48

Action

I'm noticing a lot of these errors on my log:

Sat Apr  6 17:57:37 2024 user.notice AdGuardHome[8137]: 2024/04/06 16:57:37.213287 [error] dnsproxy: upstream sdns://AQAAAAAAAAAACjguMjAuMjQ3LjIg0sJUqpYcHsoXmZb1X7yAHwg2xyN5q1J-zaiGG-Dgs7AoMi5kbnNjcnlwdC1jZXJ0LnNoaWVsZC0yLmRuc2J5Y29tb2RvLmNvbQ failed to exchange ;weather.nest.com.	IN	 A in 18.729841ms: exchanging: dnscrypt: DNSCrypt response is invalid and cannot be decrypted

Sat Apr  6 21:00:52 2024 user.notice AdGuardHome[8137]: 2024/04/06 20:00:52.880450 [error] dnsproxy: upstream sdns://AQAAAAAAAAAADjIwOC42Ny4yMjAuMjIwILc1EUAgbyJdPivYItf9aR6hwzzI1maNDL4Ev6vKQ_t5GzIuZG5zY3J5cHQtY2VydC5vcGVuZG5zLmNvbQ failed to exchange ;s3.glbimg.com.	IN	 HTTPS in 226.548648ms: exchanging: dnscrypt: DNSCrypt response is invalid and cannot be decrypted

Sat Apr  6 21:29:39 2024 user.notice AdGuardHome[8137]: 2024/04/06 20:29:39.610791 [error] dnsproxy: upstream sdns://AQIAAAAAAAAAETk0LjE0MC4xNC4xNDo1NDQzINErR_JS3PLCu_iZEIbq95zkSV2LFsigxDIuUso_OQhzIjIuZG5zY3J5cHQuZGVmYXVsdC5uczEuYWRndWFyZC5jb20 failed to exchange ;firebaseremoteconfig.googleapis.com.	IN	 A in 7.66672ms: exchanging: dnscrypt: DNSCrypt response is invalid and cannot be decrypted

Sat Apr  6 23:11:45 2024 user.notice AdGuardHome[8137]: 2024/04/06 22:11:45.401988 [error] dnsproxy: upstream sdns://AQAAAAAAAAAACjguMjAuMjQ3LjIg0sJUqpYcHsoXmZb1X7yAHwg2xyN5q1J-zaiGG-Dgs7AoMi5kbnNjcnlwdC1jZXJ0LnNoaWVsZC0yLmRuc2J5Y29tb2RvLmNvbQ failed to exchange ;colvk.viki.io.	IN	 A in 20.838928ms: exchanging: dnscrypt: DNSCrypt response is invalid and cannot be decrypted

Sun Apr  7 00:12:15 2024 user.notice AdGuardHome[8137]: 2024/04/06 23:12:15.570966 [error] dnsproxy: upstream sdns://AQMAAAAAAAAADDkuOS45Ljk6ODQ0MyBnyEe4yHWM0SAkVUO-dWdG3zTfHYTAC4xHA2jfgh2GPhkyLmRuc2NyeXB0LWNlcnQucXVhZDkubmV0 failed to exchange ;xgapromomanager-pa.googleapis.com.	IN	 A in 9.135598ms: exchanging: dnscrypt: DNSCrypt response is invalid and cannot be decrypted

Sun Apr  7 00:12:15 2024 user.notice AdGuardHome[8137]: 2024/04/06 23:12:15.561725 [error] dnsproxy: upstream sdns://AQIAAAAAAAAAETk0LjE0MC4xNC4xNDo1NDQzINErR_JS3PLCu_iZEIbq95zkSV2LFsigxDIuUso_OQhzIjIuZG5zY3J5cHQuZGVmYXVsdC5uczEuYWRndWFyZC5jb20 failed to exchange ;xgapromomanager-pa.googleapis.com.	IN	 A in 7.550599ms: exchanging: dnscrypt: DNSCrypt response is invalid and cannot be decrypted

Sun Apr  7 12:37:57 2024 user.notice AdGuardHome[8137]: 2024/04/07 11:37:57.442440 [error] dnsproxy: upstream sdns://AQAAAAAAAAAADjIwOC42Ny4yMjAuMjIwILc1EUAgbyJdPivYItf9aR6hwzzI1maNDL4Ev6vKQ_t5GzIuZG5zY3J5cHQtY2VydC5vcGVuZG5zLmNvbQ failed to exchange ;shop.allnetchina.cn.	IN	 A in 18.676623ms: exchanging: dnscrypt: DNSCrypt response is invalid and cannot be decrypted

Sun Apr  7 15:00:03 2024 user.notice AdGuardHome[8137]: 2024/04/07 14:00:03.703077 [error] dnsproxy: upstream sdns://AQAAAAAAAAAACjguMjAuMjQ3LjIg0sJUqpYcHsoXmZb1X7yAHwg2xyN5q1J-zaiGG-Dgs7AoMi5kbnNjcnlwdC1jZXJ0LnNoaWVsZC0yLmRuc2J5Y29tb2RvLmNvbQ failed to exchange ;5aa25954e40ffb18984989b59487dfe054549e213a2e64a12187f8deb5a4cb5.us-east-1.prod.service.minerva.devices.a2z.com.	IN	 A in 17.727306ms: exchanging: dnscrypt: DNSCrypt response is invalid and cannot be decrypted

Sun Apr  7 17:49:49 2024 user.notice AdGuardHome[8137]: 2024/04/07 16:49:49.174139 [error] dnsproxy: upstream sdns://AQAAAAAAAAAADjIwOC42Ny4yMjAuMjIwILc1EUAgbyJdPivYItf9aR6hwzzI1maNDL4Ev6vKQ_t5GzIuZG5zY3J5cHQtY2VydC5vcGVuZG5zLmNvbQ failed to exchange ;fitbitvestibuleshim-pa.googleapis.com.	IN	 A in 15.355386ms: exchanging: dnscrypt: DNSCrypt response is invalid and cannot be decrypted

Upstream servers (load balancing mode):
The 3rd (from bottom to top) is an ADGuard DNSCrypt server, which is also resulting in an error reported above.
To reproduce the error quickier, remove the HTTPS, TLS and QUIC servers from the list below.

https://dns.google/dns-query
https://dns.quad9.net/dns-query
https://dns.twnic.tw/dns-query
https://doh.opendns.com/dns-query
https://security.cloudflare-dns.com/dns-query
tls://security.cloudflare-dns.com
quic://dns.adguard-dns.com
quic://zero.dns0.eu
https://dns.adguard-dns.com/dns-query
tls://dns.adguard-dns.com
sdns://AQAAAAAAAAAADjIwOC42Ny4yMjAuMjIwILc1EUAgbyJdPivYItf9aR6hwzzI1maNDL4Ev6vKQ_t5GzIuZG5zY3J5cHQtY2VydC5vcGVuZG5zLmNvbQ
sdns://AQMAAAAAAAAADDkuOS45Ljk6ODQ0MyBnyEe4yHWM0SAkVUO-dWdG3zTfHYTAC4xHA2jfgh2GPhkyLmRuc2NyeXB0LWNlcnQucXVhZDkubmV0
sdns://AQMAAAAAAAAAEjEwMy44Ny42OC4xOTQ6ODQ0MyAxXDKkdrOao8ZeLyu7vTnVrT0C7YlPNNf6trdMkje7QR8yLmRuc2NyeXB0LWNlcnQuZG5zLmJlYmFzaWQuY29t
sdns://AQIAAAAAAAAAETk0LjE0MC4xNC4xNDo1NDQzINErR_JS3PLCu_iZEIbq95zkSV2LFsigxDIuUso_OQhzIjIuZG5zY3J5cHQuZGVmYXVsdC5uczEuYWRndWFyZC5jb20
sdns://AQAAAAAAAAAACjguMjAuMjQ3LjIg0sJUqpYcHsoXmZb1X7yAHwg2xyN5q1J-zaiGG-Dgs7AoMi5kbnNjcnlwdC1jZXJ0LnNoaWVsZC0yLmRuc2J5Y29tb2RvLmNvbQ
sdns://AgMAAAAAAAAADDk0LjE0MC4xNS4xNSCaOjT3J965vKUQA9nOnDn48n3ZxSQpAcK6saROY1oCGQ9kbnMuYWRndWFyZC5jb20KL2Rucy1xdWVyeQ

Bootstrap servers:

208.67.222.222
1.1.1.1
208.67.220.220
9.9.9.9
8.8.8.8
149.112.112.10
2620:fe::10
2620:fe::fe:10
94.140.15.15
2a10:50c0::ad1:ff
94.140.14.14
2a10:50c0::ad2:ff
[2a10:50c0::ad1:ff]:5443

Same errors also noticed on previous versions (0.107.45 -- 0.107.46 -- 0.107.47)

Expected result

No errors

Actual result

Noticed some errors as reported

Additional information and/or screenshots

No response

[ghost]

Hi @renatoyamane, thanks for the report.
I am unable to reproduce this on my own build.

Could you please get me the verbose-level logs with the issue reproduced so we might be able to see better what's happening here?

[renatoyamane]

Hi @jslawler-gh,

Please see the log attached (dnscrypt_log.txt)

You can see the error at the line:

Mon Apr 8 18:13:18 2024 user.notice AdGuardHome[27886]: 2024/04/08 17:13:18.275573 27886#2310 [error] dnsproxy: upstream sdns://AQIAAAAAAAAAETk0LjE0MC4xNC4xNDo1NDQzINErR_JS3PLCu_iZEIbq95zkSV2LFsigxDIuUso_OQhzIjIuZG5zY3J5cHQuZGVmYXVsdC5uczEuYWRndWFyZC5jb20 failed to exchange ;nxdomain-75wuuuay5j8.biz. IN A in 9.666776ms: exchanging: dnscrypt: DNSCrypt response is invalid and cannot be decrypted

[geraistec]

Some problem: Versão: v0.107.48

2024/04/09 11:36:50.586816 [error] dnsproxy: https://dns12.quad9.net:443/dns-query: response received over tcp: "requesting https://dns12.quad9.net:443/dns-query: Get "https://dns12.quad9.net:443/dns-query?dns=AAABAAABAAAAAAABBXdob2lzBGFyaW4DbmV0AAABAAEAACkIAAAAgAAAAA\": net/http: request canceled while waiting for connection (Client.Timeout exceeded while awaiting headers)"

[marcelloinfoweb]

Same problem v0.107.48

[renatoyamane]

How can I remove this tag "waiting for data", as I already submited it?

[renatoyamane]

It's also weird because even with a very short response time, DNSCrypt servers are not selected by Adguard:

[renatoyamane]

Can be something related to the timezone?

I'm on Summer Time (GMT +1)

My computer and my router are on the correct time and timezone, but I noticed this: