1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.
Dismiss Notice

Welcome To SNBForums

SNBForums is a community for anyone who wants to learn about or discuss the latest in wireless routers, network storage and the ins and outs of building and maintaining a small network.

If you'd like to post a question, simply register and have at it!

While you're at it, please check out SmallNetBuilder for product reviews and our famous Router Charts, Ranker and plenty more!

[Fork] Asuswrt-Merlin 374.43 LTS releases (V36EA)

Discussion in 'Asuswrt-Merlin' started by john9527, Aug 14, 2014.

  1. clovek1

    clovek1 New Around Here

    Joined:
    Nov 6, 2018
    Messages:
    3
    Ah, there seem to be another DNS server configuration on LAN->DHCP Server ... Confusing.
     
  2. john9527

    john9527 Part of the Furniture

    Joined:
    Mar 28, 2014
    Messages:
    5,782
    Location:
    United States
    The WAN page settings control how the router talks upstream to the DNS servers. The LAN page is how the router talks downstream to the clients via DHCP. So the LAN page servers can override the WAN page if both are set. Usually the LAN page servers are left blank to use WAN dnsmasq, and the advertise router as DNS should be checked.
     
    best.binoculars and clovek1 like this.
  3. clovek1

    clovek1 New Around Here

    Joined:
    Nov 6, 2018
    Messages:
    3
    thanks for the explanation. May be some warning on both,WAN and LAN page if both, LAN and WAN DHCP servers are set to different values, would be nice.
    My current settings seem to be working now. I hope they are correct. They look like this:
    [​IMG] [​IMG]
     
  4. ColinTaylor

    ColinTaylor Part of the Furniture

    Joined:
    Mar 31, 2014
    Messages:
    6,767
    Location:
    UK
    @clovek1 I think you should set "Forward local domain queries to upstream DNS" on the LAN page to "No".

    Everything else looks OK but personally I'd change the Domain Name from "WORKGROUP" to something more normal like "home.lan".
     
  5. mihei78

    mihei78 New Around Here

    Joined:
    Nov 6, 2018
    Messages:
    6
    Thank you very much, I will be very happy :)
     
  6. laracroftonline

    laracroftonline Occasional Visitor

    Joined:
    Jul 25, 2013
    Messages:
    17
    i'm now running merlin 380_70 on a rt-n66u is it beneficial to downgrade to this version?
     
  7. RMerlin

    RMerlin Super Moderator

    Joined:
    Apr 14, 2012
    Messages:
    28,270
    Location:
    Canada
    It's not a downgrade, it's a crossgrade. The version number might be lower, but it was developed in parallel to mine, so it's not going backward.
     
  8. john9527

    john9527 Part of the Furniture

    Joined:
    Mar 28, 2014
    Messages:
    5,782
    Location:
    United States
    Not running this as a 'formal' beta, but for those who would like to try my latest development version...Have fun!

    BETA/TEST RELEASE: Update-37B4 (based on 'E' Build stream)
    6-November-2018
    Merlin fork 374.43_37B4j9527
    Download https://1drv.ms/f/s!Ainhp1nBLzMJghNQwAwWEq2LJxtd
    ============================

    • Support for Double-NAT for DDNS (some additional tweaks from 37B1)
    • Updated ca-bundle to 2018 October 17th version
    • Applied some upstream commits for DoT getdns/stubby which should help reduce DNSSEC errors
    • Updated dnsmasq to 2.80-122392e snapshot with some performance and DNSSEC fixes
    • Misc OpenVPN and OpenSSL backports from Merlin
    • Updated udpxy to build 23 and applied some parameter updates from Merlin builds - @mihei78
     
    Bob.Dig and blueshark like this.
  9. phx28777

    phx28777 Occasional Visitor

    Joined:
    Dec 2, 2017
    Messages:
    10
    Loaded your test release on my AC-68U
    DoT with Cloudflare v4 and v6 servers

    With DNSSEC enabled some sites return SERVFAIL

    With DNSSEC off all sites resolve correctly
     
  10. john9527

    john9527 Part of the Furniture

    Joined:
    Mar 28, 2014
    Messages:
    5,782
    Location:
    United States
    Nothing more I can do there....I found this thread which I think is exactly the problem. (I traced the cloudflare test site failure and it is is-cf.cloudflareresolve.com/is-dot.cloudflareresovlve.com that is causing the test fail)
    https://community.cloudflare.com/t/dnssec-validation-failures/28050
     
  11. phx28777

    phx28777 Occasional Visitor

    Joined:
    Dec 2, 2017
    Messages:
    10
    This is NOT the test site failure...this is a .com site that will not resolve. Never had this occur on previous versions of your firmware that I know of!

    DNSSEC not enabled

    ; <<>> DiG 9.11.5 <<>> www.nrsforu.com
    ;; global options: +cmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 28530
    ;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 1

    ;; OPT PSEUDOSECTION:
    ; EDNS: version: 0, flags:; udp: 4096
    ;; QUESTION SECTION:
    ;www.nrsforu.com. IN A

    ;; ANSWER SECTION:
    www.nrsforu.com. 251 IN CNAME nrsforu.com.
    nrsforu.com. 251 IN CNAME imedia-e.nrsforu.com.
    imedia-e.nrsforu.com. 251 IN A 155.188.80.113

    ;; Query time: 1 msec
    ;; SERVER: 192.168.1.1#53(192.168.1.1)
    ;; WHEN: Wed Nov 07 09:46:17 US Mountain Standard Time 2018
    ;; MSG SIZE rcvd: 119


    DNSSEC enabled

    ; <<>> DiG 9.11.5 <<>> www.nrsforu.com
    ;; global options: +cmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 41829
    ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0

    ;; QUESTION SECTION:
    ;www.nrsforu.com. IN A

    ;; Query time: 280 msec
    ;; SERVER: 192.168.1.1#53(192.168.1.1)
    ;; WHEN: Wed Nov 07 10:02:46 US Mountain Standard Time 2018
    ;; MSG SIZE rcvd: 33
     
  12. john9527

    john9527 Part of the Furniture

    Joined:
    Mar 28, 2014
    Messages:
    5,782
    Location:
    United States
    Hmmm....works fine for me. Although this a CNAME case....
    Code:
    ~ $ dig www.nrsforu.com
    
    ; <<>> DiG 9.9.5-3ubuntu0.18-Ubuntu <<>> www.nrsforu.com
    ;; global options: +cmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 22848
    ;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 1
    
    ;; OPT PSEUDOSECTION:
    ; EDNS: version: 0, flags: do; udp: 1452
    ;; QUESTION SECTION:
    ;www.nrsforu.com.        IN    A
    
    ;; ANSWER SECTION:
    www.nrsforu.com.    300    IN    CNAME    nrsforu.com.
    nrsforu.com.        300    IN    CNAME    imedia-n.nrsforu.com.
    imedia-n.nrsforu.com.    300    IN    A    155.188.186.113
    
    ;; Query time: 584 msec
    ;; SERVER: 192.168.1.1#53(192.168.1.1)
    ;; WHEN: Wed Nov 07 12:19:12 MST 2018
    ;; MSG SIZE  rcvd: 165
    
    ~ $ dig +dnssec -t DS www.nrsforu.com
    
    ; <<>> DiG 9.9.5-3ubuntu0.18-Ubuntu <<>> +dnssec -t DS www.nrsforu.com
    ;; global options: +cmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 12389
    ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 6, ADDITIONAL: 1
    
    ;; OPT PSEUDOSECTION:
    ; EDNS: version: 0, flags: do; udp: 1452
    ;; QUESTION SECTION:
    ;www.nrsforu.com.        IN    DS
    
    ;; ANSWER SECTION:
    www.nrsforu.com.    300    IN    CNAME    nrsforu.com.
    
    ;; AUTHORITY SECTION:
    ck0pojmg874ljref7efn8430qvit8bsm.com. 86400 IN NSEC3 1 1 0 - CK0Q1GIN43N1ARRC9OSM6QPQR81H5M9A NS SOA RRSIG DNSKEY NSEC3PARAM
    ck0pojmg874ljref7efn8430qvit8bsm.com. 86400 IN RRSIG NSEC3 8 2 86400 20181112054214 20181105043214 37490 com. VtU+mR9c9/KMSBR8+8jD4tBuYVI02LgCM0l6ajfg0IFDAqgk4pvkQeeu PUolFBvqUhq/skdRtlUSE2SLBl7NqXFu2gzeW+BGQ7qeW/H/C3S2xQfY y+vrQvZXtTGTDRSQ7iKbs+p60HkpC6yW1yO5ZkbB53GLVRmjQDGCRm0i STM=
    com.            900    IN    SOA    a.gtld-servers.net. nstld.verisign-grs.com. 1541618400 1800 900 604800 86400
    com.            900    IN    RRSIG    SOA 8 1 900 20181114192000 20181107181000 37490 com. jSzI/uK13NMwvK+oKO6s1HTiEk/z7Ekn7hhKK07/dyx3xgzPjABMk2+R 0UU68oEpXHxv//c4P3gFxusbAgQEUttB2GVh/RrJAT3zsoekiWCEuExz Qlb6zOZ2IhDlu0oqzlqyNKQUeBrMeD1z0WyJUijTRimfu/tofJSmvUe5 Gtg=
    91o9kmdbn23okh4q4kj01vmkvejamshq.com. 86400 IN NSEC3 1 1 0 - 91OD4LNA1CHHTL37HKSHJUUH6KBM9HKS NS DS RRSIG
    91o9kmdbn23okh4q4kj01vmkvejamshq.com. 86400 IN RRSIG NSEC3 8 2 86400 20181114054559 20181107043559 37490 com. bJM/Mfgcye4WnDR1mdJ5lwD9jTEsOVrJ0fFE4g2eNzUTtYJL5F5sxy1P K/sTmgUDghSH+1G6m2hFnhYv1TE7Yhi38jSqmwzOs7hmFSSNdyUbgKPn zvucjFTi6nEGszQoaFKMh8D0Y8CT1IU7BP6Ix6ZrojTnafxZ7y/SaROR lVE=
    
    ;; Query time: 461 msec
    ;; SERVER: 192.168.1.1#53(192.168.1.1)
    ;; WHEN: Wed Nov 07 12:20:17 MST 2018
    ;; MSG SIZE  rcvd: 892
     
  13. RMerlin

    RMerlin Super Moderator

    Joined:
    Apr 14, 2012
    Messages:
    28,270
    Location:
    Canada
    That domain does not have a valid DNSSEC configuration according to Verisign's DNSSEC analyzer:

    https://dnssec-analyzer.verisignlabs.com/nrsforu.com
     
  14. john9527

    john9527 Part of the Furniture

    Joined:
    Mar 28, 2014
    Messages:
    5,782
    Location:
    United States
    Last edited: Nov 7, 2018
  15. phx28777

    phx28777 Occasional Visitor

    Joined:
    Dec 2, 2017
    Messages:
    10
    Last edited: Nov 7, 2018
  16. MeDd

    MeDd New Around Here

    Joined:
    Nov 8, 2018
    Messages:
    3
    Hey, John!
    I just updated FW of my ASUS RT AC66U from 3.0.0.4.382_50470 to your 374.43_36EAj9527 and now I've got one problem.
    There's no AC type of connection in 5Ghz inlay. How could I fix that? What happens?
    P.S. This is my first custom FW for router :)
     
  17. MeDd

    MeDd New Around Here

    Joined:
    Nov 8, 2018
    Messages:
    3
    Here's screenshot
     

    Attached Files:

  18. john9527

    john9527 Part of the Furniture

    Joined:
    Mar 28, 2014
    Messages:
    5,782
    Location:
    United States
    On this fork, you use 'Auto' to use AC connections.
     
    MeDd likes this.
  19. MeDd

    MeDd New Around Here

    Joined:
    Nov 8, 2018
    Messages:
    3
    Ok, great thx! It just was surprise for me! Appreciate that!
     
  20. jsbeddow

    jsbeddow Occasional Visitor

    Joined:
    Oct 21, 2016
    Messages:
    31
    Location:
    SF Bay Area
    Hi @john9527, just wondering if you have had any further insights into the issue that @phx28777 was having with DNSSEC on this new "unofficial" beta 37B4 build? In other words, are you still considering his case to be a rare/edge case scenario with that site's CNAME record in a non-standard format? I want to try this out, but am a little nervous if this is going to cause frequent DNS resolution errors (the family will not take well to that ;)).