1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.
Dismiss Notice

Welcome To SNBForums

SNBForums is a community for anyone who wants to learn about or discuss the latest in wireless routers, network storage and the ins and outs of building and maintaining a small network.

If you'd like to post a question, simply register and have at it!

While you're at it, please check out SmallNetBuilder for product reviews and our famous Router Charts, Ranker and plenty more!

amtm - the SNBForum Asuswrt-Merlin Terminal Menu

Discussion in 'Asuswrt-Merlin' started by thelonelycoder, Nov 26, 2017.

  1. cmkelley

    cmkelley Very Senior Member

    Joined:
    Aug 11, 2015
    Messages:
    557
    Location:
    Greater Los Angeles Area, California, USizicstania
    See: https://www.reddit.com/r/privacy/comments/89pr15/dnsoverhttps_vs_dns_overtls_vs_dnscrypt/

    Short answer: Stubby = DNS over TLS (DoT). DNSCrypt is not a standard, DoT is.
     
    Zonkd and 2992 like this.
  2. 2992

    2992 Regular Contributor

    Joined:
    Oct 13, 2017
    Messages:
    75
  3. bbunge

    bbunge Very Senior Member

    Joined:
    Aug 11, 2014
    Messages:
    820
    Location:
    Pennsylvania USA
    F.Y.I. DNSSEC is not enabled by default with the current installs.

    Sent from my SM-T380 using Tapatalk
     
  4. Zonkd

    Zonkd Senior Member

    Joined:
    Oct 19, 2014
    Messages:
    460
    Thinking out loud here - With any luck Mozilla and Cloudflare will push DoH to become more than an ugly hack and make it a competing standard for the tens of millions who can't use DoT due to telco blocking and crazy regimes. There is a place for DoT and DoH. There are many people arguing to smother DoH in it's crib but I can't understand the justifications for doing so. Nightmare for network administrators? Yes more difficult to monitor but there's no getting rid of it and malicious actors have it already. It's available in the stable build of Firefox. Worse performance than DoT? Be lazy, let Mozilla and Cloudflare work on it. Besides we already readily accept there is a performance trade-off with all encryption, VPNs, proxies and obfuscation. The point is that sometimes it is necessary.

    The day stubby supports DoH is the day I stotp using DNSCrypt.
     
  5. heysoundude

    heysoundude Senior Member

    Joined:
    Sep 20, 2016
    Messages:
    330
    cmkelley likes this.
  6. Xentrk

    Xentrk Part of the Furniture

    Joined:
    Jul 21, 2016
    Messages:
    2,028
    Location:
    The Land of Smiles
    Here is a nice summary of the DNS solutions available https://dnsprivacy.org/wiki/display/DP/DNS+Privacy+-+The+Solutions

    https://tenta.com/blog/post/2017/12/dns-over-tls-vs-dnscrypt
     
    Grisu, SMS786 and Clark Griswald like this.
  7. Zonkd

    Zonkd Senior Member

    Joined:
    Oct 19, 2014
    Messages:
    460
    Beherit likes this.
  8. thelonelycoder

    thelonelycoder Part of the Furniture

    Joined:
    Jan 23, 2014
    Messages:
    5,242
    Location:
    Switzerland
    That's part of Stubby, not amtm. Post the inconsistency in their thread.
     
    visortgw likes this.
  9. djtech2k

    djtech2k Regular Contributor

    Joined:
    Jan 30, 2012
    Messages:
    151
    I am new to amtm. I used it to install skynet and all seems good. I just used it to install diversion, but I want to uninstall diversion now. Is there an option to do that? I did not realize before I installed it that it requires you to use the router as its DNS server. I have some DNS servers that run on my home network so all of my clients point to them because they host some private DNS zones. So I guess diversion is not going to do anything in my config. I also noticed that diversion has a lot of stuff to it, like files/scripts/post script additions/cron jobs, etc. Its pretty complicated and has a lot of moving parts.

    Anyway, I'd like to completely remove all of the diversion stuff. Can I do it with AMTM or is there another way?
     
  10. skeal

    skeal Part of the Furniture

    Joined:
    Apr 30, 2016
    Messages:
    2,894
    Location:
    /etc
    Launch Diversion from amtm, then select d, under that menu you can uninstall.
     
  11. djtech2k

    djtech2k Regular Contributor

    Joined:
    Jan 30, 2012
    Messages:
    151
    Thanks! I did not know that the "d" option would do that.
     
  12. djtech2k

    djtech2k Regular Contributor

    Joined:
    Jan 30, 2012
    Messages:
    151
    I ran the uninstall but I noticed there are several leftovers. I have extra scripts and modifications to existing scripts.

    In the services-stop script, is this from diversion?:

    /opt/etc/init.d/rc.unslung stop

    I do not know if thats for skynet or diversion.

    I am trying to completely remove diversion. I have gone back and checked all the scripts in /jffs/scripts and deleted ones from diversion and removed all lines I know were from diversion. Where else should I look that diversion puts files?
     
  13. dave14305

    dave14305 Very Senior Member

    Joined:
    May 19, 2018
    Messages:
    504
    I uninstalled Diversion immediately after I originally installed it because I didn’t understand what it was doing. I spent a lot of time reading this thread and the Pixelserv thread and now I won’t ever run my Asus-based network without them.

    Keep reading and learning how they work. Then come back and ask questions. There is probably a way to make it work for your network.
     
    Zonkd and Clark Griswald like this.
  14. dave14305

    dave14305 Very Senior Member

    Joined:
    May 19, 2018
    Messages:
    504
    Entware
     
  15. djtech2k

    djtech2k Regular Contributor

    Joined:
    Jan 30, 2012
    Messages:
    151
    Ok, thanks. Where else should I look to find residual stuff of diversion? I just want to make sure 100% of it is gone. Maybe I will reevaluate down the road, but for now I cannot use the router as my DNS and there are far too many pieces to diversion for me to get a good handle on it before I use it. If it were as simple as skynet, then I would consider digging deeper now, but I just can't do it now. That's why I want to make sure its gone until I do have the time.
     
  16. dave14305

    dave14305 Very Senior Member

    Joined:
    May 19, 2018
    Messages:
    504
    If it’s not in any jffs scripts or configs files and you restart your router it should be gone. It only changes dnsmasq behavior but has other Cron jobs for convenience.
     
  17. Gitsum

    Gitsum Senior Member

    Joined:
    Jan 13, 2012
    Messages:
    228
    Can you add FreshJR QOS script to this?
     
    kernol likes this.
  18. thelonelycoder

    thelonelycoder Part of the Furniture

    Joined:
    Jan 23, 2014
    Messages:
    5,242
    Location:
    Switzerland
    When you installed Diversion it also installed Entware. When you then uninstalled Diversion, it gave you two options:
    - Only remove Diversion and leave Entware installed
    - Completely remove both
    You selected the first option. Be assured that Diversion completely removes itself without a trace when uninstalling.
    You are now left with Entware and the necessary start and stop scripts there for it to work.

    To completely remove Entware, do this:
    - Delete line ". /jffs/scripts/post-mount.div # Added by Diversion" in /jffs/scripts/post-mount
    - Delete file /jffs/scripts/post-mount.div
    - Delete line "/opt/etc/init.d/rc.unslung stop # Added by Diversion" in /jffs/scripts/services-stop
    - Reboot router
    - Delete folder "entware" on your attached USB device
     
  19. thelonelycoder

    thelonelycoder Part of the Furniture

    Joined:
    Jan 23, 2014
    Messages:
    5,242
    Location:
    Switzerland
    That's up to @FreshJR and weather the script is compatible with the minimum amtm requirements to be included.
     
  20. Xentrk

    Xentrk Part of the Furniture

    Joined:
    Jul 21, 2016
    Messages:
    2,028
    Location:
    The Land of Smiles
    @kernol - noted! I'll try to make the correction tomorrow. Thanks you for pointing it out.
     
    kernol likes this.