diff --git a/dns/Makefile b/dns/Makefile
index daf0b7055422..18c8aac235dc 100644
--- a/dns/Makefile
+++ b/dns/Makefile
@@ -1,248 +1,249 @@
     COMMENT = Domain Name Service tools
 
     SUBDIR += acme-dns
     SUBDIR += adns
     SUBDIR += adsuck
     SUBDIR += amass
     SUBDIR += axfr2acl
     SUBDIR += bind-tools
     SUBDIR += bind9-devel
     SUBDIR += bind916
     SUBDIR += bind918
     SUBDIR += bindgraph
     SUBDIR += blocky
     SUBDIR += c-ares
     SUBDIR += cli53
     SUBDIR += coredns
     SUBDIR += crossip
     SUBDIR += curvedns
     SUBDIR += ddclient
     SUBDIR += ddns
     SUBDIR += denominator
     SUBDIR += dhisd
     SUBDIR += dlint
     SUBDIR += dnrd
     SUBDIR += dns-ui
     SUBDIR += dns2blackhole
     SUBDIR += dns2tcp
     SUBDIR += dns_balance
     SUBDIR += dnsblast
     SUBDIR += dnscap
     SUBDIR += dnscheckengine
     SUBDIR += dnscontrol
     SUBDIR += dnscrypt-proxy2
     SUBDIR += dnscrypt-wrapper
     SUBDIR += dnsdbck
     SUBDIR += dnsdbflex
     SUBDIR += dnsdbq
     SUBDIR += dnsdist
     SUBDIR += dnsenum
     SUBDIR += dnsflood
     SUBDIR += dnsforwarder
     SUBDIR += dnshistory
     SUBDIR += dnsjava
     SUBDIR += dnsjit
     SUBDIR += dnsmasq
     SUBDIR += dnsmasq-devel
     SUBDIR += dnsmax-perl
     SUBDIR += dnsperf
     SUBDIR += dnsproxy
     SUBDIR += dnsrecon
     SUBDIR += dnsreflector
     SUBDIR += dnstable
     SUBDIR += dnstable-convert
     SUBDIR += dnstop
     SUBDIR += dnstracer
     SUBDIR += dnsutl
     SUBDIR += dnsviz
     SUBDIR += dnswalk
     SUBDIR += dnswall
     SUBDIR += dnsx
     SUBDIR += doc
     SUBDIR += dog
     SUBDIR += doggo
     SUBDIR += doh-proxy
     SUBDIR += dq
     SUBDIR += drool
     SUBDIR += dsc
     SUBDIR += dsp
     SUBDIR += dynip
     SUBDIR += encrypted-dns-server
     SUBDIR += fastresolve
     SUBDIR += firedns
     SUBDIR += flamethrower
     SUBDIR += fpdns
     SUBDIR += gdnsd2
     SUBDIR += gdnsd3
     SUBDIR += gen6dns
     SUBDIR += getdns
     SUBDIR += godns
     SUBDIR += hesiod
     SUBDIR += hetzner_ddns
     SUBDIR += hostdb
+    SUBDIR += https_dns_proxy
     SUBDIR += idnkit
     SUBDIR += idnkit2
     SUBDIR += inadyn
     SUBDIR += ipcheck
     SUBDIR += kadnode
     SUBDIR += kf5-kdnssd
     SUBDIR += kf6-kdnssd
     SUBDIR += knock
     SUBDIR += knot-resolver
     SUBDIR += knot3
     SUBDIR += knot3-lib
     SUBDIR += ldapdns
     SUBDIR += ldns
     SUBDIR += letsdns
     SUBDIR += libbind
     SUBDIR += libidn
     SUBDIR += libidn2
     SUBDIR += libmicrodns
     SUBDIR += libnspsl
     SUBDIR += libpsl
     SUBDIR += linux-c7-libasyncns
     SUBDIR += lua-resty-dns
     SUBDIR += luaunbound
     SUBDIR += mDNSResponder_nss
     SUBDIR += maradns
     SUBDIR += mdnsd
     SUBDIR += mosdns
     SUBDIR += namesilo_ddns
     SUBDIR += nextdns
     SUBDIR += noip
     SUBDIR += nsd
     SUBDIR += nslint
     SUBDIR += nsnotifyd
     SUBDIR += nsping
     SUBDIR += nss_mdns
     SUBDIR += nss_resinit
     SUBDIR += opendnssec2
     SUBDIR += openresolv
     SUBDIR += p5-AnyEvent-CacheDNS
     SUBDIR += p5-AnyEvent-DNS-EtcHosts
     SUBDIR += p5-App-DSC-DataTool
     SUBDIR += p5-BIND-Conf_Parser
     SUBDIR += p5-BIND-Config-Parser
     SUBDIR += p5-DNS-Config
     SUBDIR += p5-DNS-EasyDNS
     SUBDIR += p5-DNS-Ldns
     SUBDIR += p5-DNS-Zone
     SUBDIR += p5-DNS-ZoneParse
     SUBDIR += p5-DNS-nsdiff
     SUBDIR += p5-DSC
     SUBDIR += p5-Data-Validate-Domain
     SUBDIR += p5-IO-Async-Resolver-DNS
     SUBDIR += p5-Mozilla-PublicSuffix
     SUBDIR += p5-Net-Amazon-Route53
     SUBDIR += p5-Net-Bonjour
     SUBDIR += p5-Net-DNS
     SUBDIR += p5-Net-DNS-Async
     SUBDIR += p5-Net-DNS-Check
     SUBDIR += p5-Net-DNS-Codes
     SUBDIR += p5-Net-DNS-Lite
     SUBDIR += p5-Net-DNS-Match
     SUBDIR += p5-Net-DNS-Paranoid
     SUBDIR += p5-Net-DNS-RR-SRV-Helper
     SUBDIR += p5-Net-DNS-Resolver-Mock
     SUBDIR += p5-Net-DNS-Resolver-Programmable
     SUBDIR += p5-Net-DNS-SEC
     SUBDIR += p5-Net-DNS-TestNS
     SUBDIR += p5-Net-DNS-ToolKit
     SUBDIR += p5-Net-DNS-Zone-Parser
     SUBDIR += p5-Net-DNS-ZoneFile-Fast
     SUBDIR += p5-Net-DNSBL-MultiDaemon
     SUBDIR += p5-Net-DNSBL-Statistics
     SUBDIR += p5-Net-DRI
     SUBDIR += p5-Net-Domain-ExpireDate
     SUBDIR += p5-Net-Domain-TLD
     SUBDIR += p5-Net-LibIDN
     SUBDIR += p5-Net-LibIDN2
     SUBDIR += p5-Net-Nslookup
     SUBDIR += p5-Net-RBLClient
     SUBDIR += p5-Net-RNDC
     SUBDIR += p5-POE-Component-Client-DNS
     SUBDIR += p5-POE-Component-Client-DNS-Recursive
     SUBDIR += p5-POE-Component-Client-DNSBL
     SUBDIR += p5-POE-Component-Resolver
     SUBDIR += p5-POE-Component-Server-DNS
     SUBDIR += p5-POE-Filter-DNS-TCP
     SUBDIR += p5-Tie-DNS
     SUBDIR += p5-URBL-Prepare
     SUBDIR += packetq
     SUBDIR += pdnsd
     SUBDIR += pear-File_DNS
     SUBDIR += pear-Horde_Idna
     SUBDIR += pear-Net_DNS2
     SUBDIR += powerdns
     SUBDIR += powerdns-recursor
     SUBDIR += prometheus-dnssec-exporter
     SUBDIR += public_suffix_list
     SUBDIR += py-adns
     SUBDIR += py-aiodns
     SUBDIR += py-cloudflare
     SUBDIR += py-dns-crawler
     SUBDIR += py-dns-lexicon
     SUBDIR += py-dnslib
     SUBDIR += py-dnspython
     SUBDIR += py-dnspython1
     SUBDIR += py-easyzone
     SUBDIR += py-idna
     SUBDIR += py-idna_ssl
     SUBDIR += py-ldns
     SUBDIR += py-localzone
     SUBDIR += py-ns1-python
     SUBDIR += py-publicsuffix
     SUBDIR += py-publicsuffix2
     SUBDIR += py-publicsuffixlist
     SUBDIR += py-py3dns
     SUBDIR += py-pybonjour
     SUBDIR += py-pycares
     SUBDIR += py-pydnstable
     SUBDIR += py-pywdns
     SUBDIR += py-tld
     SUBDIR += py-tldextract
     SUBDIR += q-dns
     SUBDIR += qmdnsengine
     SUBDIR += radns
     SUBDIR += rbldnsd
     SUBDIR += rbllookup
     SUBDIR += rbllookup-ng
     SUBDIR += rdap
     SUBDIR += renewck
     SUBDIR += rpsl2acl
     SUBDIR += rubygem-dnsruby
     SUBDIR += rubygem-gitlab-net-dns
     SUBDIR += rubygem-google-apis-dns_v1
     SUBDIR += rubygem-google-cloud-dns
     SUBDIR += rubygem-idn-ruby
     SUBDIR += rubygem-net-dns
     SUBDIR += rubygem-public_suffix
     SUBDIR += rubygem-public_suffix_service
     SUBDIR += rubygem-resolv
     SUBDIR += rubygem-resolv-replace
     SUBDIR += rubygem-simpleidn
     SUBDIR += rubygem-validates_hostname
     SUBDIR += rubygem-zonefile
     SUBDIR += samba-nsupdate
     SUBDIR += scavenge
     SUBDIR += sheerdns
     SUBDIR += sleuth
     SUBDIR += subfinder
     SUBDIR += totd
     SUBDIR += udns
     SUBDIR += unbound
     SUBDIR += utdns
     SUBDIR += vhostcname
     SUBDIR += vizone
     SUBDIR += void-zones-tools
     SUBDIR += walker
     SUBDIR += wdns
     SUBDIR += whoseip
     SUBDIR += wrapsrv
     SUBDIR += yadifa
     SUBDIR += yandex-ddns
     SUBDIR += zdns
     SUBDIR += zkt
     SUBDIR += zonenotify
 
 .include <bsd.port.subdir.mk>
diff --git a/dns/https_dns_proxy/Makefile b/dns/https_dns_proxy/Makefile
new file mode 100644
index 000000000000..7a71dddc918d
--- /dev/null
+++ b/dns/https_dns_proxy/Makefile
@@ -0,0 +1,29 @@
+PORTNAME=	https_dns_proxy
+PORTVERSION=	g20231226
+CATEGORIES=	dns net
+
+MAINTAINER=	danfe@FreeBSD.org
+COMMENT=	Light-weight DNS-HTTPS, non-caching translation proxy
+WWW=		https://github.com/aarond10/https_dns_proxy
+
+LICENSE=	MIT
+LICENSE_FILE=	${WRKSRC}/LICENSE
+
+LIB_DEPENDS=	libcares.so:dns/c-ares \
+		libcurl.so:ftp/curl \
+		libev.so:devel/libev
+
+USES=		cmake
+USE_GITHUB=	yes
+GH_ACCOUNT=	aarond10
+GH_TAGNAME=	8afbba7
+
+CMAKE_ARGS=	-DSW_VERSION:STRING=2023.12.26-${GH_TAGNAME}
+
+PLIST_FILES=	bin/${PORTNAME}
+
+do-install:
+	${INSTALL_PROGRAM} ${INSTALL_WRKSRC}/${PORTNAME} \
+		${STAGEDIR}${PREFIX}/bin
+
+.include <bsd.port.mk>
diff --git a/dns/https_dns_proxy/distinfo b/dns/https_dns_proxy/distinfo
new file mode 100644
index 000000000000..5c85b3a2f047
--- /dev/null
+++ b/dns/https_dns_proxy/distinfo
@@ -0,0 +1,3 @@
+TIMESTAMP = 1703626567
+SHA256 (aarond10-https_dns_proxy-g20231226-8afbba7_GH0.tar.gz) = 118c192d97587eeb54dbf40aff2cc919e9bd1d3c78a3c8489fddfe73009f9e4c
+SIZE (aarond10-https_dns_proxy-g20231226-8afbba7_GH0.tar.gz) = 28002
diff --git a/dns/https_dns_proxy/files/patch-CMakeLists.txt b/dns/https_dns_proxy/files/patch-CMakeLists.txt
new file mode 100644
index 000000000000..462aea6deea2
--- /dev/null
+++ b/dns/https_dns_proxy/files/patch-CMakeLists.txt
@@ -0,0 +1,20 @@
+--- CMakeLists.txt.orig	2023-12-26 21:36:07 UTC
++++ CMakeLists.txt
+@@ -67,6 +67,7 @@ endif()
+ 
+ find_path(LIBCARES_INCLUDE_DIR ares.h)
+ find_path(LIBEV_INCLUDE_DIR ev.h)
++cmake_path(GET LIBEV_INCLUDE_DIR PARENT_PATH LOCALBASE)
+ 
+ if(CUSTOM_LIBCURL_INSTALL_PATH)
+   message(STATUS "Using custom libcurl from: ${CUSTOM_LIBCURL_INSTALL_PATH}")
+@@ -108,7 +109,8 @@ set(TARGET_NAME "https_dns_proxy")
+ aux_source_directory(src SRC_LIST)
+ set(SRC_LIST ${SRC_LIST})
+ add_executable(${TARGET_NAME} ${SRC_LIST})
+-set(LIBS ${LIBS} cares curl ev resolv)
++set(LIBS ${LIBS} cares curl ev)
++target_link_directories(${TARGET_NAME} PRIVATE ${LOCALBASE}/lib)
+ target_link_libraries(${TARGET_NAME} ${LIBS})
+ set_property(TARGET ${TARGET_NAME} PROPERTY C_STANDARD 11)
+ 
diff --git a/dns/https_dns_proxy/pkg-descr b/dns/https_dns_proxy/pkg-descr
new file mode 100644
index 000000000000..3820dfcbc367
--- /dev/null
+++ b/dns/https_dns_proxy/pkg-descr
@@ -0,0 +1,15 @@
+https_dns_proxy is light-weight DNS<->HTTPS, non-caching translation
+proxy for the RFC 8484 DNS-over-HTTPS standard.  It receives regular
+(UDP) DNS requests and issues them via DoH.
+
+Using DNS over HTTPS makes eavesdropping and spoofing of DNS traffic
+between you and the HTTPS DNS provider (Google/Cloudflare) much less
+likely, of course so long as you trust your DoH provider.  Features:
+
+  - Tiny size (<45kiB)
+  - Uses cURL for HTTP/2 and pipelining, keeping resolve latencies
+    extremely low
+  - Single-threaded, non-blocking select() server for use on
+    resource-starved embedded systems
+  - Designed to sit in front of dnsmasq or similar caching resolver
+    for transparent use