Release Asuswrt-Merlin 386.7 is now available for all models

Status
Not open for further replies.

Wolfclaw

Regular Contributor
RT-AX86U hardware reset and install and config yesterday, no issues to report, today upgraded to Gig1 VM, smooth sailing.

Off topic, what IPv6 should I use for VM 6to4, native etc ?
 

BuTTuS

Regular Contributor
The internet speed test page no longer displays packet loss?
That's a bummer for me that is fighting with my ISP over a bad quality connection atm...
 

Safemode

Regular Contributor
Thanks again Rmerlin for a great build on my rt-ax88u. Just a quick observation under WAN / Dns server under Privacy respecting for quad9 you have 9.9.9.9 and 149.112.112.11, shouldn't this be 9.9.9.11 and 149.112.112.11 which is for Secured w/ECS: Malware blocking, DNSSEC Validation, ECS enabled. Just wondering if it was a typo or good reasoning behind this. Thanks again.
 

ZebMcKayhan

Very Senior Member
It didn’t help, unfortunately. There’s so little written about issues DNATting IPv6 UDP packets, that I’m starting to believe it’s another Broadcom “gift”. Disabling DNS Filter will avoid it.
Maybee a long shot and no viable solution but what if you install Entware iptables? If the problem persists then atleast its not merlins backport of DNAT the cause of it.

I've been running Entware iptables on my ac86u for acouple of month (just to get ipv6 DNAT on previous firmwares) without noticeable problems, but just to be safe, install, test then remove it.
 

RMerlin

Asuswrt-Merlin dev
Thanks again Rmerlin for a great build on my rt-ax88u. Just a quick observation under WAN / Dns server under Privacy respecting for quad9 you have 9.9.9.9 and 149.112.112.11, shouldn't this be 9.9.9.11 and 149.112.112.11 which is for Secured w/ECS: Malware blocking, DNSSEC Validation, ECS enabled. Just wondering if it was a typo or good reasoning behind this. Thanks again.
9.9.9.11 enables EDNS, which can reduce your privacy as you need to share part of your subnet info with your query. So having 9.9.9.9 listed under Privacy is correct.
 

Makaveli

Very Senior Member
The internet speed test page no longer displays packet loss?
That's a bummer for me that is fighting with my ISP over a bad quality connection atm...
Can't you just get the same info from a command prompt with ping? or running the speedtest.net app? or its CLI version?
 

Treadler

Very Senior Member
IPv6 is still an overengineered solution to a problem that also tries to address 10 other problems that sometimes weren't even problems.

But then, this is a recurring issue with other Internet novelties as well. The Internet was initially designed to be simple yet very robust in its design. Most protocols were even text-based, making it easy to debug and troubleshoot. What has been done to simple protocols such as HTTP, SMTP or DNS these past 5 years has been mind boggling. Developing any application that can handle sending email notifications has become quite complicated now that providers like Google expect you to use OAUTH2 for authentication. DNS has forked into four or five different protocols over the past three years.

Sometimes it does improve things or address a specific problem. But they also go out of their way to find other problems to solve at the same time. This added complexity only makes things harder to debug, and less robust and reliable.
Over many years, in all aspects of life, I’ve become a fan of Occam’s Razor.
The least complex solution is generally the best.:cool:
 

Akore

Occasional Visitor
Can't you just get the same info from a command prompt with ping? or running the speedtest.net app? or its CLI version?
Most like to run it on the router itself as you then eliminate other variables like WiFi interference, etc... For those that are hardwired from the PC to router with a verified good patch cable though can go that route.
 

dave14305

Part of the Furniture
Maybee a long shot and no viable solution but what if you install Entware iptables? If the problem persists then atleast its not merlins backport of DNAT the cause of it.

I've been running Entware iptables on my ac86u for acouple of month (just to get ipv6 DNAT on previous firmwares) without noticeable problems, but just to be safe, install, test then remove it.
I don’t think it’s a matter of the userspace iptables tool, but something deeper in the kernel netfilter code or the darn Broadcom driver.
 

SomeWhereOverTheRainBow

Part of the Furniture
I think this is related to the new IPv6 DNAT for DNS Filter.

I can recreate this by manually setting DNS on my iPad to Cloudflare IPv6 (2606:4700:4700::1112), having DNS Filter in Router mode, and then running the test at https://cmdns.dev.dns-oarc.net/

I imagine the rewrite of the udp ipv6 headers probably triggers this problem.
That is completely odd. I just ran the same test, on the RT-AX88U and same firmware. Same method but I changed the DNS on a desktop computer and not an IPAD. Here are my results.

1656463451742.png


I have No logs like that in my syslog.
 

Tech9

Part of the Furniture
IPv4 exhaustion is really coming in quick and fast in Australia.

I don't think so. 47,573,248 IPs on ~26mln population. About the same ratio in Canada. And we don't worry here. :)
 

anonimo

Occasional Visitor
9.9.9.11 enables EDNS, which can reduce your privacy as you need to share part of your subnet info with your query. So having 9.9.9.9 listed under Privacy is correct.

I reread the QUAD9 site and it notes the same as above, but looking at WAN -> Internet Connection -> DNS Server the drop down is different (below).

Capture.JPG
 

shabbs

Very Senior Member
how many pihole instances are you running? I want to run two but I am thinking more and more that its not possible
It sure is. My DHCP handout gives out the two IP addresses for my two main Pi-holes. I have a third Pi-hole instance on an older RPi that I stood up to goof around with PiVPN on.
 

RMerlin

Asuswrt-Merlin dev
I don't think so. 47,573,248 IPs on ~26mln population. About the same ratio in Canada. And we don't worry here. :)
One thing to note is that a lot of devices are moving to mobile. These can more easily be on IPv6 as the most common use for them is accessing remote email or web services. Less legacy equipment there as well. So CGNAT + IPv6 is fine for mobiles, which frees up IPs for cable/FTTN/FTTH connections. So the doomsday clock has slowed down quite a bit over the past few years.
 

dave14305

Part of the Furniture
9.9.9.11 enables EDNS, which can reduce your privacy as you need to share part of your subnet info with your query. So having 9.9.9.9 listed under Privacy is correct.
So is your repo copy of DNS_List.json for Privacy Quad9 (item 21) deliberately out of sync with ASUS’ online version? You use .9 and they use .11.

JSON:
    "21":{
            "FilterMode": "Privacy-respecting",
            "DNSService": "Quad9",
            "ServiceIP1": "9.9.9.9",
            "ServiceIP2": "149.112.112.11",
            "Description": "Collects no information about users, and is governed by Swiss privacy law.",
            "url": "https://quad9.net/asus/private",
            "confirmed": "Yes",
            "ping_target": "No"
        },

JSON:
    "21":{
            "FilterMode": "Privacy-respecting",
            "DNSService": "Quad9",
            "ServiceIP1": "9.9.9.11",
            "ServiceIP2": "149.112.112.11",
            "Description": "Collects no information about users, and is governed by Swiss privacy law.",
            "url": "https://quad9.net/asus/private",
            "confirmed": "Yes",
            "ping_target": "No"
        },
 

RMerlin

Asuswrt-Merlin dev
So is your repo copy of DNS_List.json for Privacy Quad9 (item 21) deliberately out of sync with ASUS’ online version? You use .9 and they use .11.
Then it means they changed it since last time I synced it.

I typically only resync those json files every few releases. And I don't want to directly use their online version, for multiple reasons.

Tho in this case, it looks to me as their updated version is wrong. 9.9.9.11 sends EDNS info.
 

RMerlin

Asuswrt-Merlin dev
That is completely odd. I just ran the same test, on the RT-AX88U and same firmware. Same method but I changed the DNS on a desktop computer and not an IPAD. Here are my results.
Test with the query posted by Dave. I was able to reproduce the issue on an RT-AX86U with just that single query.
 
Status
Not open for further replies.

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top