<div dir="auto">it turns out, after sending stale cache to client (macOS),  dnsmasq tries to query upstream,  but this time, it is sending malformed packet: </div><div dir="auto"><br></div><div dir="auto">
<p style="margin:0px;font-style:normal;font-variant-caps:normal;font-stretch:normal;font-size:12px;line-height:normal;font-family:Helvetica;font-size-adjust:none;font-kerning:auto;font-variant-alternates:normal;font-variant-ligatures:normal;font-variant-numeric:normal;font-variant-east-asian:normal;font-feature-settings:normal">Queries</p>
<p style="margin:0px;font-style:normal;font-variant-caps:normal;font-stretch:normal;font-size:12px;line-height:normal;font-family:Helvetica;font-size-adjust:none;font-kerning:auto;font-variant-alternates:normal;font-variant-ligatures:normal;font-variant-numeric:normal;font-variant-east-asian:normal;font-feature-settings:normal"><a href="http://api.github.com">api.github.com</a>: type A, class IN</p>
<p style="margin:0px;font-style:normal;font-variant-caps:normal;font-stretch:normal;font-size:12px;line-height:normal;font-family:Helvetica;font-size-adjust:none;font-kerning:auto;font-variant-alternates:normal;font-variant-ligatures:normal;font-variant-numeric:normal;font-variant-east-asian:normal;font-feature-settings:normal">Name: <a href="http://api.github.com">api.github.com</a></p>
<p style="margin:0px;font-style:normal;font-variant-caps:normal;font-stretch:normal;font-size:12px;line-height:normal;font-family:Helvetica;font-size-adjust:none;font-kerning:auto;font-variant-alternates:normal;font-variant-ligatures:normal;font-variant-numeric:normal;font-variant-east-asian:normal;font-feature-settings:normal">[Name Length: 14]</p>
<p style="margin:0px;font-style:normal;font-variant-caps:normal;font-stretch:normal;font-size:12px;line-height:normal;font-family:Helvetica;font-size-adjust:none;font-kerning:auto;font-variant-alternates:normal;font-variant-ligatures:normal;font-variant-numeric:normal;font-variant-east-asian:normal;font-feature-settings:normal">[Label Count: 3]</p>
<p style="margin:0px;font-style:normal;font-variant-caps:normal;font-stretch:normal;font-size:12px;line-height:normal;font-family:Helvetica;font-size-adjust:none;font-kerning:auto;font-variant-alternates:normal;font-variant-ligatures:normal;font-variant-numeric:normal;font-variant-east-asian:normal;font-feature-settings:normal">Type: A (Host Address) (1)</p>
<p style="margin:0px;font-style:normal;font-variant-caps:normal;font-stretch:normal;font-size:12px;line-height:normal;font-family:Helvetica;font-size-adjust:none;font-kerning:auto;font-variant-alternates:normal;font-variant-ligatures:normal;font-variant-numeric:normal;font-variant-east-asian:normal;font-feature-settings:normal">Class: IN (0x0001)</p>
<p style="margin:0px;font-style:normal;font-variant-caps:normal;font-stretch:normal;font-size:12px;line-height:normal;font-family:Helvetica;font-size-adjust:none;font-kerning:auto;font-variant-alternates:normal;font-variant-ligatures:normal;font-variant-numeric:normal;font-variant-east-asian:normal;font-feature-settings:normal">Additional records</p>
<p style="margin:0px;font-style:normal;font-variant-caps:normal;font-stretch:normal;font-size:12px;line-height:normal;font-family:Helvetica;font-size-adjust:none;font-kerning:auto;font-variant-alternates:normal;font-variant-ligatures:normal;font-variant-numeric:normal;font-variant-east-asian:normal;font-feature-settings:normal">[Malformed Packet: DNS]</p>
<p style="margin:0px;font-style:normal;font-variant-caps:normal;font-stretch:normal;font-size:12px;line-height:normal;font-family:Helvetica;font-size-adjust:none;font-kerning:auto;font-variant-alternates:normal;font-variant-ligatures:normal;font-variant-numeric:normal;font-variant-east-asian:normal;font-feature-settings:normal">[Expert Info (Error/Malformed): Malformed Packet (Exception occurred)]</p>
<p style="margin:0px;font-style:normal;font-variant-caps:normal;font-stretch:normal;font-size:12px;line-height:normal;font-family:Helvetica;font-size-adjust:none;font-kerning:auto;font-variant-alternates:normal;font-variant-ligatures:normal;font-variant-numeric:normal;font-variant-east-asian:normal;font-feature-settings:normal">[Malformed Packet (Exception occurred)]</p>
<p style="margin:0px;font-style:normal;font-variant-caps:normal;font-stretch:normal;font-size:12px;line-height:normal;font-family:Helvetica;font-size-adjust:none;font-kerning:auto;font-variant-alternates:normal;font-variant-ligatures:normal;font-variant-numeric:normal;font-variant-east-asian:normal;font-feature-settings:normal">[Severity level: Error]</p></div><div dir="auto"><br></div><div dir="auto">and all the rest of query are sent to upstream like that.</div><div dir="auto"><br></div><div dir="auto">notice: only reproducable if the client is macOS, and upstream is a DoH/DoT proxy like adguard/dnsproxy </div><div dir="auto"><br></div><div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Mon, May 1, 2023 at 03:42 Justin <<a href="mailto:cattyhouse@gmail.com">cattyhouse@gmail.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-style:solid;padding-left:1ex;border-left-color:rgb(204,204,204)"><div>Hello devs<br></div><div><div class="gmail_quote" dir="auto"><div dir="auto"><br></div><div dir="auto">in order to use DOH/DOT, a proxy upstream is configured, when dnsmasq enables use-stale-cache, some upstream may return error when dnsmasq tries to refresh the record from upstream after stale cache is sent to client. </div><div dir="auto"><br></div><div dir="auto">i reported the issue here in dnsproxy project, as this is the DOH proxy i am currently using. however i've tried many other Go/Rust DOH proxy ( namely doh-client, dns-over-https, dnss, cloudflared) , they all return error when dnsmasq tries to refresh the record.</div><div dir="auto"><br></div><div dir="auto"><div><a href="https://github.com/AdguardTeam/dnsproxy/issues/328" target="_blank">https://github.com/AdguardTeam/dnsproxy/issues/328</a></div><div dir="auto"><br></div><div dir="auto">only reproducible :  if the requesting client is macOS and the upstream is a DOH proxy, Linux does not have this issue. using a udp upstream like 1.1.1.1 does not have this issue either.</div><div dir="auto"><br></div><div dir="auto">hope you could take a look at the issue posted.</div></div></div></div></blockquote></div></div><span class="gmail_signature_prefix">-- </span><br><div dir="ltr" class="gmail_signature" data-smartmail="gmail_signature"><br>Regards<br>Justin He</div>