DNS-over-TLS - RT-AC86U - 384.15 ...

  • ATTENTION! As of November 1, 2020, you are not able to reply to threads 6 months after the thread is opened if there are more than 500 posts in the thread.
    Threads will not be locked, so posts may still be edited by their authors.
    Just start a new thread on the topic to post if you get an error message when trying to reply to a thread.

Alex Tiedemann

Occasional Visitor
Hi,

Trying to set up DNS-over-TLS in my AC86U.

Have managed to add 3 servers to the list and it works very well.

For some reason i can't add the number 4 or 5 server, or actually i can add servers to the list, but when pressing Apply to save the settings, only the previous 3 servers are left in the list.

If i delete one of the 3 in the list and add another server, it's added to the list, after pressing Apply.

However, sometimes, even when one or two servers are in the list, when and adding a server, the added server is not saved.

Anyone have similar problems ?

Would like to have at least 4 servers in the list.

Is there a place i can add servers to a configuration file so that they are loaded when rebooting the router - just to try if it makes a difference ?

Alex T.

RT-AC86U_DNS-over-TLS_Servers.jpg
 

Alex Tiedemann

Occasional Visitor
Ahaa ... :)

When adding four servers:

/$ nvram set dnspriv_rulelist="<37.252.185.232>853>dot1.appliedprivacy.net><89.234.186.112>853>dns.neutopia.org>wTeXHM8aczvhRSi0cv2qOXkXInoDU+2C+M8MpRyT3OI=<89.233.43.71>853>unicast.censurfridns.dk>wikE3jYAA6jQmXYTr/rbHeEPmC78dQwZbQp6WdrseEs=<158.64.1.29>853>kaitain.restena.lu>7ftvIkA+UeN/ktVkovd/7rPZ6mbkhVI7/8HnFJIiLa4="
!!!!!!wl variable:dnspriv_rulelist's value size:291 is bigger than allowed size:255!!!
nvram/value pair: is invalid or bigger than its max length

Alex T.
 

dave14305

Part of the Furniture
Check if you’re almost out of nvram space on the Tools Sysinfo page. If not, the inclusion of SPKI might be exceeding the 1024 char limit.

You can add additional config in /jffs/configs/stubby.yml.add.
 

RMerlin

Asuswrt-Merlin dev
HND enforces max sizes on nvram settings. Any nvram that is not defined by Asus themselves will be limited to 255 chars max.

You don't need 5 servers. You only need one, maybe a second as a backup.
 

dave14305

Part of the Furniture
HND enforces max sizes on nvram settings. Any nvram that is not defined by Asus themselves will be limited to 255 chars max.
Is that just at the command line with nvram?
 

Alex Tiedemann

Occasional Visitor
Hi RMerlin and dave14305,

Thanks for info. :)

Nope, no need for five servers. :)

Was trying out DoT and some servers were not very reliable so wanted more in the list.

Alex T.
 
Last edited:

RMerlin

Asuswrt-Merlin dev
Is that just at the command line with nvram?
No, it's right in libnvram and wlcsm, which is used by anything dealing with nvram. If an nvram setting is not defined in these closed source components, then it will enforce a default limit of 255 bytes (regardless of what you put in defaults.c, because those closed source pieces are compiled with Asus's original copy of defaults.c). This is why I'm forced to implement dirty hacks with the OpenVPN custom field, by allocating and concatenating four separate variables to reach a more reasonable limit for these large fields.

The only alternative is storing in JFFS, which I try as much as possible to avoid because it means these will NOT be included in any backup you make of your settings (unlike Asus's own defined "largenvram" values, because they are transparently handled by libnvram).
 

Similar threads

Top