[Beta] Asuswrt-Merlin 384.6 beta is now available

[inaroundroom]

Deployed and rolled-back due to DNS issues syslog example:
Jul 19 15:03:40 dnsmasq[323]: Insecure DS reply received, do upstream DNS servers support DNSSEC?

 

[AndreiV]

Deployed and rolled-back due to DNS issues syslog example:
Jul 19 15:03:40 dnsmasq[323]: Insecure DS reply received, do upstream DNS servers support DNSSEC?

You rolled back because the firmware informed you that the DNS servers upstream are not using DNSSEC ???????

Either change to a secure DNS provider or turn off "use DNSSEC"

Did you read the first post in this thread ?

• When enabled, DNSSEC validation is now enforced on DNS replies (due to a change in dnsmasq's behaviour). If you are no longer able to do do name resolution on various domains while DNSSEC is enabled, it means your upstream DNS servers do not support DNSSEC. You should either disable it, or switch to DNSSEC compatible servers.

 

[b cheang]

Deployed and rolled-back due to DNS issues syslog example:
Jul 19 15:03:40 dnsmasq[323]: Insecure DS reply received, do upstream DNS servers support DNSSEC?

I had the same log message but i am pretty sure that Cloudfare (1.1.1.1) supports DNSSEC....

Am i missing something?

 

[inaroundroom]

You rolled back because the firmware informed you that the DNS servers upstream are not using DNSSEC ???????

Either change to a secure DNS provider or turn off "use DNSSEC"

Did you read the first post in this thread ?

I was not aware until further googling that OpenDNS does not support DNSSEC and as I don't believe i enabled it unclear on how to disable it.

Edit: LAN/DHCP Server/Enable DNSSEC support & check No - re-flash and all is fine.

 

[inaroundroom]

I had the same log message but i am pretty sure that Cloudfare (1.1.1.1) supports DNSSEC....

Am i missing something?

Unfortunately OpenDNS do not support DNSSEC so if I'd been a Cloudflare or Google DNS user wouldn't have had a any issues.

 

[AndreiV]

I had the same log message but i am pretty sure that Cloudfare (1.1.1.1) supports DNSSEC....

Am i missing something?

Cloudflare does cause these log entries , whilst they may use DNSSEC the way they are set up breaks access to many sites, personally I wouldn't allow anyone to use that service.

They manipulate DNS and collect data which is shared with many other parties , if you value your privacy stay away from them.

 

[b cheang]

Cloudflare does cause these log entries , whilst they may use DNSSEC the way they are set up breaks access to many sites, personally I wouldn't allow anyone to use that service.

They manipulate DNS and collect data which is shared with many other parties , if you value your privacy stay away from them.

Ok. Which 3rd party DNS would you recommend then?

 

[netmik3]

Ok. Which 3rd party DNS would you recommend then?

quad9

 

[AndreiV]

I was not aware until further googling that OpenDNS does not support DNSSEC and as I don't believe i enabled it unclear on how to disable it.

Edit: LAN/DHCP Server/Enable DNSSEC support & check No - re-flash and all is fine.

They have never supported DNSSEC and are to me they are a big privacy concern, the amount of data they log is a nightmare.

If you want DNSSEC and privacy you could choose servers from one or more of these :
https://dns.watch
https://blog.uncensoreddns.org
https://www.opennic.org
I use one server from dns.watch and one from uncensoreddns.

 

[AndreiV]

quad9

Only if you are aware that they share data and dns queries with 3rd parties.

Anyway, this is derailing Merlin's thread, to discuss DNS requires another thread.

 

[Twiglets]

AC56U updated approx 12 hrs ago from 384.5.
All running well, in fact browsing is snappier ...... probably the reboot of the router helped !!!

 

[HowIFix]

Only if you are aware that they share data and dns queries with 3rd parties.

Anyway, this is derailing Merlin's thread, to discuss DNS requires another thread.

what information do you have about this DNS that I am using in DNSCrypt?

aaflalo-me: DNS-over-HTTPS server running rust-doh with PiHole for Adblocking. Non-logging, AD-filtering, supports DNSSEC. Hosted in Netherlands on a RamNode VPS.

https://dnscrypt.info/public-servers/

 

[gen87u]

Only if you are aware that they share data and dns queries with 3rd parties.

From what they wrote in march 2018, they dont share : https://quad9.net/quad9-yourdata/

 

[Mutzli]

Cloudflare does cause these log entries , whilst they may use DNSSEC the way they are set up breaks access to many sites, personally I wouldn't allow anyone to use that service.

They manipulate DNS and collect data which is shared with many other parties , if you value your privacy stay away from them.

I never had any issues with Cloudflare and DNSSEC, nor did I ever experience any problems with access to any sites. Cloudflare shares its data with APNIC Labs only to further improve privacy. No one else has access to any of the logs or data. I would certainly recommend it to anyone, especially over Googles' 8.8.8.8 which is a boon for them when it comes to analyzing data.

 

[GHammer]

Can we take the oh so interesting DNSSEC to a DNSSEC thread?

I'm much more interested in the betas.

 

[Marin]

My RT-AC86U will not take the beta update over WiFi. I restarted it several times and every time I uploaded the new file I would get the window with "Please wait. Applying settings" but that would not progress to the usual update one (with the percentage bar). I guess I will re-try it via Ethernet cable.

Was able to download the beta release via Ethernet cable and it went smoothly. Everything works great and have not come across any issues so far.

 

[wiz]

I've updated my AC5300 to beta1 from the alpha version. Nothing out of the ordinary. All things I use work as expected. Great job Merlin!

 

[wiz]

RT-AC5300, dirty upgrade from 384.5 - everything seems to work but the main screen shows

Internet status:
Disconnected​

Yet, all devices are connected to the internet.
When I click on the Network Map, while the web page is loading, I can briefly see:

Checking connection, IP, etc including my DDNS name and Let's Encrypt cert logo​

...but that quickly goes away and insists - Internet status: Disconnected.

Mine works correctly:

I use a self signed cert though

 

[Clark Griswald]

Was able to download the beta release via Ethernet cable and it went smoothly. Everything works great and have not come across any issues so far.

I wouldn't recommend updating via wireless. Too many issues can occur, which are easily avoidable via a wired connection.

 

[dvohwinkel]

Flashed a RT-AC68U and RT-AC86U, no issues.