Solved Can't unblock Reddit

[BooBox]

Solution was to disable URL filter even though there were no URL filter entries. Something to do with the DNS block on the domain but I don't know why. Blocking outbound DNS would add a firewall filter for inbound IP, but I'm not a network operator or familiar with Merlin. Thanks for the help.

Long story short, recently rage quit Reddit. I won't go into the y or the what because it is not relevant to the problem but I wasn't blocked or anything like that. What I found though was you need reddit.com for a lot of things like using Google in general even for figuring out problems like this, but I didn't consider that before blocking it.

What I did was set up adguard home on my Asus RT-ax86u (not pro) running Merlin 3004.388.9_2 through the DNS gui under wan. I thought I set up an account and set a custom filter for reddit.com. it worked. Whenever anyone on my network would try to go to reddit.com, it would give you a DNS probe error. It still does that even when I switch to a totally different DNS provider like quad DNS and reboot the router. Can't go to reddit.com and can't ping reddit.com. router can ping reddit.com through diagnostics GUI but device connected to router through DHCP can't. Nslookup fails on both my phone pixel 7. Running latest Android 16 and wired Windows 11 desktop. Factory reset fixes problem but restoring configuration file restores problem. Even when I set DNS ISP DHCP it still fails. I don't have any parental controls set up and I can't think of anywhere I would have blocked it. I guess I can just do a factory reset and set everything back up but can anyone think of anything I might be missing? Some kind of DNS cache? I could go into the adguard home account but I'm not sure of how to get there now since I think I got there through the router interface but I can't find that. This is probably just a learning curve because I am new to Merlin. Do I need to go into CLI? Thank you for any suggestions or input you may have.

Here is NS lookup from router
Server: 74.40.74.40
Address 1: 74.40.74.40 dns1.anycast.frontiernet.net

Name: reddit.com
Address 1: 151.101.65.140
Address 2: 151.101.193.140
Address 3: 151.101.1.140
Address 4: 151.101.129.140
Address 5: 2a04:4e42::396
Address 6: 2a04:4e42:400::396
Address 7: 2a04:4e42:600::396
Address 8: 2a04:4e42:200::3
96
Attached is failed Ping from wireless phone.

PS I'm also having some odd issues with WPA/ wpa2 with tkip versus AES. But I'm not sure how that would be relevant since the problem is affecting wired too.

 

[dave14305]

Look in the URL Filter in the Firewall section of the GUI to see if you added Reddit there also.

 

[BooBox]

Thank you but I don't see anything. I don't remember setting that up either. Also wouldn't that block the IP but not the domain or DNS? See screenshot below. I also checked AI protection. I will post more later. Any other ideas?

 

[dave14305]

That’s not the URL Filter screen. It’s the next tab over. Is that where you checked?

 

[BooBox]

By the way, does anyone know how you access the adguard home service. Like what website or domain to go to. When I Google it, I find at least five separate websites or domain all claiming to be related to adguard home. They can't all be right and I suspect some might be malicious forgeries. What is the official process or domain to remove a custom filter from adgualrd home when using Merlin firmware on asus router?

 

[dave14305]

Oh, maybe you forgot the AdGuardHome url, which is usually something like http://192.168.50.1:3000/

 

[BooBox]

What exactly is adguard home? Is it an adguard service or something? Adguard came up with with Asus? Should I be trying to access a local IP or a domain on the internet for adguard home. I remember clicking on a link in the router UI and I think I remember signing in with my Google account to create a new account but I'm having a hard time because I'm not sure if I did it on my phone or my computer and I have a couple different browsers and I'm also trying to set up bitwarden for password manager and 2fa so it's all kind of complicated.

That link you gave didn't work though. Could it be a different port? Should I dig through the UI more? Cli? I'm trying to figure out how much effort is worth it versus just doing the factory reset and setting it back up. My setup isn't very complicated. Pretty much the only complicated thing about it was adguard which doesn't seem to be working all that well. If I can't change or add new filters, what's the point? Thanks again for your help though

That’s not the URL Filter screen. It’s the next tab over. Is that where you checked?

Sorry I checked there too but didn't include a screenshot. See below. I disabled URL filter all together just to be safe. I also went through every setting I could find basically anywhere. I saw a green button I could turned off. I made sure was turned off. I rebooted and now the problem is fixed. I guess the problem is even though I didn't have any URL filter entries. I still had the filter on and there must have been some entry or cache not in the UI that still applied. Or something else happened that I turned off or I'm not thinking of. Either way, this is making me a little gun shy of Marlin firmware. The fact that the reboot took 3 to 4. Using stock firmware. I think it took 15 to 30 seconds. I will have to test to see if this is still the case with a physical reboot or reboot using the power switch. I don't reboot often, but if it takes several minutes to reboot I will have to take that under consideration before each reboot. Also the one of the main reasons I upgraded to merlin firmware was for better adguard support. If adguard doesn't work well and Merlin has quirks, maybe I should revert to stock. Another reason I upgraded was for better security but with Merlin I'm having issues with WPA tkip. I'm having to Nerf my entire 2.4 band which I guess is okay since most of it is for iot but why? Is this a Merlin issue? A Asus issue or an adguard issue. Or was this just user error?

 

[dave14305]

Just factory reset. You’ve lost control of your setup for one reason or another.

AdGuardHome is a program that runs on the router. Adguard DNS is a public DNS service.

No one should be using WPA TKIP in 2025 (in my opinion).

 

[BooBox]

First the problem is fixed. Sorry if you missed the update. Got held up by moderator for some reason. Probably because I'm new. Had to turn off URL filter service even though I had no filters set up.

So adguardhome is a public DNS service too? Also why do people keep saying adguardhome vs adguard? Is adguardhome a product of Adguard?

If it runs on the router, where is the UI for it? Is it on Port 3000 Like someone else said? Also, if it runs on the router does that mean it will work even when internet is broken or disabled? I assumed it connected to adguard DNS servers somehow like in the cloud. Is this different than how adguard is implemented on stock Asus firmware? First time using it so don't know.

 

[Tech9]

AdGuard Home is a software like Pi-Hole:

Home

Network-wide ads & trackers blocking DNS server. Contribute to AdguardTeam/AdGuardHome development by creating an account on GitHub.

github.com

It doesn't come pre-installed on Asus routers. Available as custom script:

AdGuardHome - [RELEASE] Asuswrt-Merlin-AdGuardHome-Installer (AMAGHI)

Asuswrt-Merlin-AdGuardHome-Installer The Official Installer of AdGuardHome for Asuswrt-Merlin Requirements: ARM based ASUS routers (not bridges or access points) that use Asuswrt-Merlin Firmware JFFS support and enabled REQUIRES ENTWARE(!) for package management, and a separate USB drive for...

www.snbforums.com

AdGuard DNS is a public DNS server with free filters available:

This does come as an option in WAN DNS settings on Asus routers.

AdGuard Home and AdGuard DNS are products of Adguard Software Ltd.

 

[BooBox]

Just factory reset. You’ve lost control of your setup for one reason or another.

AdGuardHome is a program that runs on the router. Adguard DNS is a public DNS service.

No one should be using WPA TKIP in 2025 (in my opinion).

As for tkip, you're of course right? But tell that to my 2-year-old brother printer that only has 2.4 Wi-Fi AC with WPA tkip. It worked with stock firmware WPA2 with AES but I'm not sure of the exact encryption settings. I thought I just turned it to WPA2. I think it's some subtle difference in how Asus Merlin implements WPA/wpa2 tkip/AES vs stock. It doesn't have ethernet or USB either. I might set up an old Asus router in AP on a nerfed 2.4 band, but I would rather not because then people have to be connected to that or I have to route something for wireless printing to work. I tried using a guest Network SSID with separate security but that's no different really than having a separate AP except I don't have to worry about isolation. I might just get a wired printer but that's throwing money at the problem. This printer is cheap but it's not old and it's working fine. I also can't have a x enabled on the 2.4 band and I think I have to turn some other things off too. But further complicates the problem is I have a 2.4 broadcaster in my oven that I can't turn off and I'm looking at AC's in just about everyone also has a 2.4 GHz broadcaster that you can't turn off for Smart connectivity. Iot is a pita. Probably just going back to stock at this point but may just leave as is since everything is working technically.

 

[Tech9]

But tell that to my 2-year-old brother printer that only has 2.4 Wi-Fi AC with WPA tkip

I have 2x Brother printers and they are >2 years old. There is no 2.4GHz AC standard, they support 2.4GHz N WPA2 AES. Your printer is either much older, either something else around your Wi-Fi it doesn't like. What exact model is the printer?

 

[BooBox]

I have 2x Brother printers and they are >2 years old. There is no 2.4GHz AC standard, they support 2.4GHz N WPA2 AES. Your printer is either much older, either something else around your Wi-Fi it doesn't like. What exact model is the printer?

MFCL2690DW. Maybe it's older than 2 years. That could be just when I bought it. I think Walmart.

I know AC was mostly the 5 GHz band but I thought it still applied to 2.4 GHz. Maybe that's just Wi-Fi 6 to 2.4 band? Either way, as per spec it can do WPA2 with aes but for some reason it prefers WPA with tkip. Probably something to do with the way the router is broadcasting encryption but I'm not entirely sure. All I know is that WPA2 with AES worked normally with stock firmware but seems to not work or at least be temperamental with Merlin.