Menu
What's new
By:
Filters Better Search

Newbie questions on Diversion, DoT, DNScrpyt and RAM usage

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

L

Lukas

New Around Here
Hey guys,

first of all thank you guys, fo the great plugins and the amazing forum here. I have been reading quite a bit since I am really new to everything here.

I've recently got myself a AC86U, since I moved to a new flat and wanted to secure my internet better and just have better options.

So far I have the following setup:
On my router I have the latest firmware, installed Diversion and Skynet. I also have a VPN client setup on the router with NordVPN. And I would like to use DoT, so I set it up via the WAN settings with custom DNS (Using Cleanbrowsing as of safety, though thinking about Cloudflare). On the Router I edited the dnsmasq, so I can get to my local unraid server via custom domains. In the LAN settings I have setup the DNS Server as my router IP.
I also have a Raspberry running an OpenVPN server so I can connect to the network from the outside.

I do have a few questions and hope you can help me:
  1. After installing Skynet my RAM usage now hit 78%, did I do something wrong or is that normal and does it impact the Router negatively? Also my CPU cores seem to be working more now.
  2. Sometimes it seems my DNS is still using the VPN DNS and then it seems I do not get any ad blocking, which setting could be responsible for that? After a reboot it usually is fine then again. -> Should be fixed
  3. I would like to also use DNSCrypt (Is that even necessary when using a VPN?) and I read that could be possible with Stubby, though then again I read that stubby is now part of Merlin since the 384.11, so where would I activate it, or do I just have to use a DNS service that provides DNSCrypt? If not, how would I activate it and will it impact on any of my setup? -> Shouldn't be needed
  4. Are there any important Skynet settings you guys would recommend or should it work out of the box for a standard user like me?
  5. Currently I route some devices through the WAN, since Netflix doesn't work with the VPN, I assume, I could ditch that and route those devices via VPN aswell once this goes live? (https://github.com/Xentrk/x3mRouting) - Obviously would still need to route my Raspberry via WAN so the port forwarding works.
  6. Is there a real advantage in security from DNS like Cleanbrowsing, compared to like Cloudflare?
  7. When I chose the DNSSEC option as yes, then my internet isn't working anymore. Though if I turned it off, the test sites say it's working. Is that because of the DNS i chose in Cleanbrowsing? Now internet seems to be working, with option activated
Really appreciate if someone could take their time and help me with those questions, even just point me to a place, in case I just overread it.

best,
Lukas
 
Last edited:
martinr said:
As for dnscrypt , Merlin advises:

“IMHO, people should consider switching from DNSCrypt to Stubby + DoT, as this is the way to go forward. I expect DNSCrypt to eventually disappear, as the industry will embrace DoT (and DoH).”


https://www.snbforums.com/threads/the-dnscrypt-blues.55702/#post-473868
Click to expand...

Thank you very much for that info, with that in mind the recent firmware change also makes a lot of sense why Stubby and DoT have been implemented.

I adjusted my first post, as that question is done then.

About:
Lukas said:
Sometimes it seems my DNS is still using the VPN DNS and then it seems I do not get any ad blocking, which setting could be responsible for that? After a reboot it usually is fine then again.
Click to expand...

In the VPN Configuration I noticed that "Accept DNS Configuration" was still set to strict, I set it to disabled now, I think that should take care of that, right?
 
martinr said:
Have you seen Xentrk’s blog on this?

https://x3mtek.com/policy-rule-routing-on-asuswrt-merlin-firmware/

And Merlin


https://github.com/RMerl/asuswrt-merlin/wiki/DNS-Privacy
Click to expand...

Yes, though as I said in the first one, I just noticed I had set it to strict, without further settings, now disabled, while DoT is now set via the WAN setting, so I was just seeing if that was indeed the correct choice, to make it work.

About the latter, as I said, when I was testing it, it said DNSSEC was already done, even though it was turned off. Now I turned it on and internet is still fine and the tests also confirm it should still be working, might have been a faulty setting with some other settings I guess.
 
1. This level of RAM usage is is perfectly normal in a Linix environment and nothing to worry about.

https://www.linuxatemyram.com/

My RAM usage is regularly at 90% without any issues, as a sizeable percentage of this "used" RAM is actually only cached.

Creating a swap file with a spare USB drive is always a good thing to do however, if you've not already done so.
This can be done easily within amtm.

4. Other than creating user defined whitelist and blacklists (only if needed by the user), Skynet works fine 'out-of-the-box'.

6. The only security benefit of cleanbrowsing over say cloudflare for example, is the ability to block certain shady domains. If you're already using Diversion with a good blocking file then you won't see any security benefit of using cleanbrowsing.
 
Last edited:
WuTang LAN said:
Creating a swap file with a spare USB drive is always a good thing to do however, if you've not already done so.
This can be done easily within amtm.
Click to expand...

Thank you very much for the answers! I had to create a swap file in the install, but I actually must admit I have no idea what a swap file is and somehow I didn't find an answer that was able to explain it to me. I though it was something like where stuff is saved, so it won't load in the RAM, but I wasn't sure.

Best,
Lukas
 
Lukas said:
I had to create a swap file in the install, but I actually must admit I have no idea what a swap file is and somehow I didn't find an answer that was able to explain it to me. I though it was something like where stuff is saved, so it won't load in the RAM, but I wasn't sure.
Click to expand...
thats it, in easy words some kind of outsourced or extended onboard memory.
 
You must log in or register to reply here.

Similar threads

A
Anomaly RAM Usage 97%
Replies
17
Views
850
Max-H
Max-H
B
VPN + Diversion
Replies
5
Views
546
BaconScout
B
I
VPN Fusion questions
Replies
0
Views
155
in2ndo
I
X
RT-AX58U sudden DNS problem - URGENT
Replies
14
Views
665
dave14305
dave14305
G
hardware upgrade questions
Replies
4
Views
451
glens
G
Similar threads
Thread starter Title Forum Replies Date
B RT-AC68U QoS and questions about latest Merlin Asuswrt-Merlin 20
N guest network questions Asuswrt-Merlin 9
W Compiling and toolchain questions for RT-AX86U Pro Asuswrt-Merlin 6
C Fiber passthrough questions? Asuswrt-Merlin 1
G hardware upgrade questions Asuswrt-Merlin 4
T RT-AX88U Vlan bridge/port questions Asuswrt-Merlin 25
B Questions about the RT-AX86u Pro Asuswrt-Merlin 7
B Ethernet Cable Questions - Jitter / Ping - Professional opinion needed please. Asuswrt-Merlin 12
eddiec repeater mode and samba share/cloud disk questions Asuswrt-Merlin 1
A Network questions on a new RT-AX86U Pro Asuswrt-Merlin 6

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 1,092 (members: 42, guests: 1,050)
Top