Diversion DNS issues when Diversion is enabled.....

zekesdad

Regular Contributor
Screenshot (2).png

I get this page all the time when Diversion is enabled on my RT-AX86U with the latest Merlin FW, AMTM and Diversion updated, pixelserv-tls on 192.168.1.2. Pages just constantly time out. Only thing that fixes is it is disabling Diversion. Anything I can do?
 

dave14305

Part of the Furniture
Your screenshot is so large that the URL is hard to read but I think it’s drudgereport.com.

Are you sure those roadrunner DNS servers are working? Your log doesn’t show any replies when those queries are sent. Try different DNS servers.

edit: there’s so much happening at 15:05:38 that the replies are much lower down. So maybe it’s fine.
 

EmeraldDeer

Very Senior Member
I get the same IPv4 addresses as in the pastebin and I can browse drudgereport.com just fine. Since the lookups are correct, I don't see how the problem could be Diversion.
 

EmeraldDeer

Very Senior Member
For some reason Skynet is whitelisting those two IPv4 addresses. Double check that Skynet is up to date via amtm?
Code:
Warning: 172.67.12.140 is in set Skynet-Whitelist.
172.67.12.140 is NOT in set Skynet-Blacklist.
172.67.12.140 is NOT in set Skynet-BlockedRanges.

Whitelist Reason;
-*-

Associated Domain(s);
drudgereport.com


[i] IP Location - United States (CLOUDFLARENET / AS13335)
 

zekesdad

Regular Contributor
For some reason Skynet is whitelisting those two IPv4 addresses. Double check that Skynet is up to date via amtm?
Code:
Warning: 172.67.12.140 is in set Skynet-Whitelist.
172.67.12.140 is NOT in set Skynet-Blacklist.
172.67.12.140 is NOT in set Skynet-BlockedRanges.

Whitelist Reason;
-*-

Associated Domain(s);
drudgereport.com


[i] IP Location - United States (CLOUDFLARENET / AS13335)

Skynet is up to date. And turning off skynet or leaving it on, the only thing I've found that resolves the issue is disabling Diversion.
 

zekesdad

Regular Contributor
I get the same IPv4 addresses as in the pastebin and I can browse drudgereport.com just fine. Since the lookups are correct, I don't see how the problem could be Diversion.
The issue is EVERY webpage when Diversion is enabled. It'll timeout about 70% of the time. If you give it long enough it might refresh and work, but not always. Drudgereport is just an example I posted so you can see when Im getting, but it happens on Facebook, Reddit, Yahoo, everything.
 

dave14305

Part of the Furniture
What blocking list are you using (small, standard, medium, large, etc.)? Is DNSFilter enabled? Did you try another browser that might not try to sneak in encrypted DNS? Show some readable screenshots of WAN DNS and LAN DNS and DNSFilter settings pages from the router. Show a screenshot of the main Diversion menu. Is IPv6 enabled?
 

zekesdad

Regular Contributor
1) Medium block list. 2)DNSfilter is not enabled. 3)Other browsers reproduce the the same issues (tried FF and Chrome, usually I use edge) 4) IPV6 isnt enabled, I dont believe.
 

Attachments

  • Screenshot (4).png
    Screenshot (4).png
    284.5 KB · Views: 53
  • Screenshot (5).png
    Screenshot (5).png
    367.2 KB · Views: 54
  • Screenshot (6).png
    Screenshot (6).png
    330.5 KB · Views: 53

zekesdad

Regular Contributor
So I don't know what to do. I cant enable this addon or the the internet just becomes unusable. Any help would be really appreciated. I can give whatever logs someone would need.
 

thelonelycoder

Part of the Furniture
So I don't know what to do. I cant enable this addon or the the internet just becomes unusable. Any help would be really appreciated. I can give whatever logs someone would need.
Your dnsmasq.log only shows nine domains blocked for all the 496 queries performed:
Code:
app-measurement.com
sdk.iad-01.braze.com
app-measurement.com
quantcast.mgr.consensu.org
sdk.iad-01.braze.com
device-metrics-us.amazon.com
c.bing.com
c.msn.com
sb.scorecardresearch.com
That means that only these would be blocked by Diversion.

You seem to have another issue with your router that comes into play when enabling Diversion.
Please post the content of /tmp/etc/dnsmasq.conf with and without Diversion enabled.
 

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top