Behold - the CIRA Canadian Shield
- Thread starter RMerlin
- Start date
cptnoblivious
Senior Member
I was going to switch to the CIRA DoT setup.
However, CIRA don't provide the port they're using (I'm assuming it's 853) and it looks like my router (AX58U running Merlin 384.19) has settings for SPKI fingerprint. While the CIRA site only has the FQDN listed in their config page (it does match the IPs), I don't see any SPKI information.
Looks like I'm not getting that setup tonight. As we're working from home, I need things to be up and running properly in the AM
However, CIRA don't provide the port they're using (I'm assuming it's 853) and it looks like my router (AX58U running Merlin 384.19) has settings for SPKI fingerprint. While the CIRA site only has the FQDN listed in their config page (it does match the IPs), I don't see any SPKI information.
Looks like I'm not getting that setup tonight. As we're working from home, I need things to be up and running properly in the AM
Will do this week and see what happens and report back.
RMerlin
Asuswrt-Merlin dev
I was going to switch to the CIRA DoT setup.
However, CIRA don't provide the port they're using (I'm assuming it's 853) and it looks like my router (AX58U running Merlin 384.19) has settings for SPKI fingerprint. While the CIRA site only has the FQDN listed in their config page (it does match the IPs), I don't see any SPKI information.
Looks like I'm not getting that setup tonight. As we're working from home, I need things to be up and running properly in the AM
DoT is always port 853 unless stated otherwise.
The SPKI fingerprint is optional.
cptnoblivious
Senior Member
cptnoblivious
Senior Member
Setup is done with no issues and everything works, though confirming it ...
Anyway, not too restrictive:
However, then I went down a bit of a rabbit hole trying to test it.
For your entertainment:
Tried to use tcpdump to see it any udp53 packets were still being sent
tcpdump not installed
No problem looks like I just need to install it via opkg
opkg not installed
Search the site, ahh, need Entware
... but also find that I can test using https://tenta.com/test/
test never completes running
No problem, turn off all browser plugins (makes no difference)
back to installing Entware, some more searching, ahh it installs via amtm, great!
amtm install fails (sure, I mean, why not at this point!)
likely failure is a failing of the USB drive, not formatted properly (I'm not certain, but I think it's FAT32)
At this point, I decided not to go down the route of reformatting and having to re-setup Skynet, YazFi etc. So, I stopped for now.
Everything is working, even if I don't have the tcpdump to verify that it's only using 853
Anyway, not too restrictive:
However, then I went down a bit of a rabbit hole trying to test it.
For your entertainment:
Tried to use tcpdump to see it any udp53 packets were still being sent
tcpdump not installed
No problem looks like I just need to install it via opkg
opkg not installed
Search the site, ahh, need Entware
... but also find that I can test using https://tenta.com/test/
test never completes running
No problem, turn off all browser plugins (makes no difference)
back to installing Entware, some more searching, ahh it installs via amtm, great!
amtm install fails (sure, I mean, why not at this point!)
likely failure is a failing of the USB drive, not formatted properly (I'm not certain, but I think it's FAT32)
At this point, I decided not to go down the route of reformatting and having to re-setup Skynet, YazFi etc. So, I stopped for now.
Everything is working, even if I don't have the tcpdump to verify that it's only using 853
heysoundude
Part of the Furniture
amtm (or diversion, actually, if memory serves correctly) will reformat your USB as ext4 (I think that's the preferred/recommended version) AAAND set you up a swap file - you should do it. the swap file is a big help. You'll get your opportunity to re-do things if/when you upgrade Merlin to v386.Setup is done with no issues and everything works, though confirming it ...
Anyway, not too restrictive:
View attachment 28507
However, then I went down a bit of a rabbit hole trying to test it.
For your entertainment:
Tried to use tcpdump to see it any udp53 packets were still being sent
tcpdump not installed
No problem looks like I just need to install it via opkg
opkg not installed
Search the site, ahh, need Entware
... but also find that I can test using https://tenta.com/test/
test never completes running
No problem, turn off all browser plugins (makes no difference)
back to installing Entware, some more searching, ahh it installs via amtm, great!
amtm install fails (sure, I mean, why not at this point!)
likely failure is a failing of the USB drive, not formatted properly (I'm not certain, but I think it's FAT32)
At this point, I decided not to go down the route of reformatting and having to re-setup Skynet, YazFi etc. So, I stopped for now.
Everything is working, even if I don't have the tcpdump to verify that it's only using 853
cptnoblivious
Senior Member
Not looking to run Diversion actually. Already running the swap file.
And yes, I'm going to make those changes when the next version is released
cptnoblivious
Senior Member
FYI, CIRA also has an andoid app for Canadian Shield so that you can keep using their DNS servers while on the go.
I haven't gotten much experience with it yet, just installed it and will do a bit of testing while 'out and about' soon.
I haven't gotten much experience with it yet, just installed it and will do a bit of testing while 'out and about' soon.
Similar threads
