1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.
Dismiss Notice

Welcome To SNBForums

SNBForums is a community for anyone who wants to learn about or discuss the latest in wireless routers, network storage and the ins and outs of building and maintaining a small network.

If you'd like to post a question, simply register and have at it!

While you're at it, please check out SmallNetBuilder for product reviews and our famous Router Charts, Ranker and plenty more!

Newbie questions on Diversion, DoT, DNScrpyt and RAM usage

Discussion in 'Asuswrt-Merlin' started by Lukas, May 22, 2019.

  1. Lukas

    Lukas New Around Here

    Joined:
    May 22, 2019
    Messages:
    4
    Hey guys,

    first of all thank you guys, fo the great plugins and the amazing forum here. I have been reading quite a bit since I am really new to everything here.

    I've recently got myself a AC86U, since I moved to a new flat and wanted to secure my internet better and just have better options.

    So far I have the following setup:
    On my router I have the latest firmware, installed Diversion and Skynet. I also have a VPN client setup on the router with NordVPN. And I would like to use DoT, so I set it up via the WAN settings with custom DNS (Using Cleanbrowsing as of safety, though thinking about Cloudflare). On the Router I edited the dnsmasq, so I can get to my local unraid server via custom domains. In the LAN settings I have setup the DNS Server as my router IP.
    I also have a Raspberry running an OpenVPN server so I can connect to the network from the outside.

    I do have a few questions and hope you can help me:
    1. After installing Skynet my RAM usage now hit 78%, did I do something wrong or is that normal and does it impact the Router negatively? Also my CPU cores seem to be working more now.
    2. Sometimes it seems my DNS is still using the VPN DNS and then it seems I do not get any ad blocking, which setting could be responsible for that? After a reboot it usually is fine then again. -> Should be fixed
    3. I would like to also use DNSCrypt (Is that even necessary when using a VPN?) and I read that could be possible with Stubby, though then again I read that stubby is now part of Merlin since the 384.11, so where would I activate it, or do I just have to use a DNS service that provides DNSCrypt? If not, how would I activate it and will it impact on any of my setup? -> Shouldn't be needed
    4. Are there any important Skynet settings you guys would recommend or should it work out of the box for a standard user like me?
    5. Currently I route some devices through the WAN, since Netflix doesn't work with the VPN, I assume, I could ditch that and route those devices via VPN aswell once this goes live? (https://github.com/Xentrk/x3mRouting) - Obviously would still need to route my Raspberry via WAN so the port forwarding works.
    6. Is there a real advantage in security from DNS like Cleanbrowsing, compared to like Cloudflare?
    7. When I chose the DNSSEC option as yes, then my internet isn't working anymore. Though if I turned it off, the test sites say it's working. Is that because of the DNS i chose in Cleanbrowsing? Now internet seems to be working, with option activated
    Really appreciate if someone could take their time and help me with those questions, even just point me to a place, in case I just overread it.

    best,
    Lukas
     
    Last edited: May 22, 2019
  2. martinr

    martinr Very Senior Member

    Joined:
    Nov 27, 2014
    Messages:
    1,935
    Location:
    United Kingdom
    Lukas likes this.
  3. Lukas

    Lukas New Around Here

    Joined:
    May 22, 2019
    Messages:
    4
    Thank you very much for that info, with that in mind the recent firmware change also makes a lot of sense why Stubby and DoT have been implemented.

    I adjusted my first post, as that question is done then.

    About:
    In the VPN Configuration I noticed that "Accept DNS Configuration" was still set to strict, I set it to disabled now, I think that should take care of that, right?
     
  4. martinr

    martinr Very Senior Member

    Joined:
    Nov 27, 2014
    Messages:
    1,935
    Location:
    United Kingdom
  5. Lukas

    Lukas New Around Here

    Joined:
    May 22, 2019
    Messages:
    4
    Yes, though as I said in the first one, I just noticed I had set it to strict, without further settings, now disabled, while DoT is now set via the WAN setting, so I was just seeing if that was indeed the correct choice, to make it work.

    About the latter, as I said, when I was testing it, it said DNSSEC was already done, even though it was turned off. Now I turned it on and internet is still fine and the tests also confirm it should still be working, might have been a faulty setting with some other settings I guess.
     
  6. WuTang LAN

    WuTang LAN Regular Contributor

    Joined:
    May 5, 2019
    Messages:
    51
    1. This level of RAM usage is is perfectly normal in a Linix environment and nothing to worry about.

    https://www.linuxatemyram.com/

    My RAM usage is regularly at 90% without any issues, as a sizeable percentage of this "used" RAM is actually only cached.

    Creating a swap file with a spare USB drive is always a good thing to do however, if you've not already done so.
    This can be done easily within amtm.

    4. Other than creating user defined whitelist and blacklists (only if needed by the user), Skynet works fine 'out-of-the-box'.

    6. The only security benefit of cleanbrowsing over say cloudflare for example, is the ability to block certain shady domains. If you're already using Diversion with a good blocking file then you won't see any security benefit of using cleanbrowsing.
     
    Last edited: May 22, 2019
    Lukas likes this.
  7. Lukas

    Lukas New Around Here

    Joined:
    May 22, 2019
    Messages:
    4
    Thank you very much for the answers! I had to create a swap file in the install, but I actually must admit I have no idea what a swap file is and somehow I didn't find an answer that was able to explain it to me. I though it was something like where stuff is saved, so it won't load in the RAM, but I wasn't sure.

    Best,
    Lukas
     
  8. Grisu

    Grisu Very Senior Member

    Joined:
    Aug 28, 2014
    Messages:
    1,857
    thats it, in easy words some kind of outsourced or extended onboard memory.
     
    Lukas likes this.