What's new

DNSSEC suddenly stopped working on Asus RT-AC66U (running on Merlin v380.70)

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Ook

New Around Here
Hi,

I have my Asus RT-AC66U running Merlin v380.70. The DNSSEC option (under LAN > DHCP) has been enabled for as long as I can remember but yesterday it suddenly started acting up. I could no longer resolve any DNS host names which were enabled for DNSSEC. Same results on all my DHCP clients (Win10 PCs, phone etc), but also on the router's "Network Tools" section it didn't resolve those hosts anymore. Regular DNS host names were fine, but the ones with DNSSEC enabled just could not be resolved when I queried my Asus router. Didn't matter whether I setup my router to use Google DNS (8.8.8.8), Cloudflare (1.1.1.1) or the ones for my ISP, it always fails. As soon as I disable DNSSEC, all works fine.

Reboots etc didn't matter, I just can't get it to work with DNSSEC enabled anymore (took a while before I figured that out btw ;))

Any ideas on why this feature could suddenly be 'broken'? I've now disabled it and all clients are fine, but it still bugs me as to why/how this happened..

Thanks;
Ook
 
Hi,

Any ideas on why this feature could suddenly be 'broken'? I've now disabled it and all clients are fine, but it still bugs me as to why/how this happened..

Thanks;
Ook
Last week a trust anchor rollover for DNSSEC was performed.
As your version is pretty old it does not contain the new anchor.
You need to put the new trust anchor in "/jffs/configs/dnsmasq.conf.add".
Add a line:
Code:
trust-anchor=.,20326,8,2,E06D44B80B8F1D39A95C0B0D7C65D08458E880409BBC683457104237C7F8EC8D
 
  • Like
Reactions: Ook
Hi,

Thanks a lot for your quick, spot-on, response! I realize it's been a while since I updated my firmware but I believe it's still the latest version for my Asus RT-AC66U - I believe they are no longer releasing any new updates?! Thanks anyway and glad the fix is this easy! Cheers,
Ook
 

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top