What's new
By:

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

RT-BE88U DNS-over TLS

This may well be that this makes no sense. But I don't see how this can have an influence on an input that should therefore not be activatable........
 
So: Checked everything again, switched off various activities and tested again.
Did not help.
I will probably go back to the factory settings and then try to set up DNS-over-TLS first.
I really don't feel like doing this, but I will try again.
 
It's allowed, but verifying responses from a DNS provider you trusted already and the channel is encrypted so no MITM is expected. About what is selectable in Asuswrt - it lacks dependencies in many places and it's been like this forever.
 
I'm concerned with the principle that the product should do what it claims to be able to do.
Of course, I now have the same opinion that it makes no sense to send two controls on their way at the same time.
I have already switched DNSSEC off. Even if this is switched off, DNS-over-TLS cannot be activated.
 
Robert57 said:
I'm concerned with the principle that the product should do what it claims to be able to do.
Click to expand...
And it does. It's only in your case that something is stopping it.
 
Robert57 said:
DNS-over-TLS cannot be activated.
Click to expand...

Reset your router and try again. Who is your ISP? Are they known for blocking ports upstream? DoT needs port 853. Do you have public WAN IP or your router is behind NAT? If you have ISP provided device before the router - what is it?
 
So I don't know if my provider blocks my upstream IP.
I have unblocked port 853.
The provider modem is switched to bridge. I get the IP address directly on my router
 
Robert57 said:
I get the following answers:
dsnpriv_enable=0
dnspriv_profile=1
the dnspriv_rulelist is output with the data from quad9.net.

dnspriv_enable is set to 0, which means it is not active.
Click to expand...
Add the Quad9 servers again, and if it resets to 0 again, run these commands:
Code: 
nvram set dnspriv_enable=1
nvram commit
service restart_dnsmasq
See if it stays active, or if the nvram resets to 0 later.
 
Robert57 said:
So I don't know if my provider blocks my upstream IP.
I have unblocked port 853.
The provider modem is switched to bridge. I get the IP address directly on my router
Click to expand...
Who is your ISP?

Bell Canada does block this.

www.snbforums.com

Bell home internet users with Asus routers - does DoT work for you?

My in-laws have Bell FTTH internet with a Gigahub gateway and an Asus AX86U Pro configured in PPPoE passthrough. The Asus is on the latest 3.0.0.4 Merlin FW (not 3.0.0.6). When I was there today and connected to their WiFi with my iPhone that has a DoT config profile installed, I wasn’t able to...
www.snbforums.com www.snbforums.com
 
I have found the problem.
AdGuardHome is not compatible with DNS-over-TLS.
AdGuard had also put itself in a continuous loop.
I removed AdGuard and now DNS-over-TLS works.
Thanks again to everyone who helped me
 
I never saw that coming!
Glad you're sorted, enjoy!
 
Robert57 said:
AdGuardHome
Click to expand...

You never mentioned anything about AdGuard Home. 🤔

www.snbforums.com

AdGuardHome - AGH not working on new firmware 3006

Everytime I try to install AdGuard Home, it hangs on starting AdGuard Home ...dead. I have tried many things; switched out my USB drive for a 2.5 inch SSD, didn't work, also tried resetting my router settings to factory default and that also didn't work. I would like to get AGH working, any help...
www.snbforums.com www.snbforums.com
 
Robert57 said:
I have found the problem.
AdGuardHome is not compatible with DNS-over-TLS.
AdGuard had also put itself in a continuous loop.
I removed AdGuard and now DNS-over-TLS works.
Thanks again to everyone who helped me
Click to expand...
I was trying to enable this as well but couldn't get it to work. Fortunately after about 5 minutes I remembered I was running AdGuard.
 
Robert57 said:
I have found the problem.
AdGuardHome is not compatible with DNS-over-TLS.
AdGuard had also put itself in a continuous loop.
I removed AdGuard and now DNS-over-TLS works.
Thanks again to everyone who helped me
Click to expand...
Hmm I am running AdGuard home so wasn't aware of this. The last time I did have DNS over TLS was when I was running diversion..

Tech9 said:
You never mentioned anything about AdGuard Home. 🤔

www.snbforums.com

AdGuardHome - AGH not working on new firmware 3006

Everytime I try to install AdGuard Home, it hangs on starting AdGuard Home ...dead. I have tried many things; switched out my USB drive for a 2.5 inch SSD, didn't work, also tried resetting my router settings to factory default and that also didn't work. I would like to get AGH working, any help...
www.snbforums.com www.snbforums.com
Click to expand...
i'm still running an old version of AdGuard home and didn't notice any issues. I will need to review this thread thanks for the link.

1752250760618.png
 
For those on a BE router (possibly others on newer firmware), does changing to Cloudflare actually change the DNS response time?
My ISP use an unknown filtered/secure DNS in the backend. But it's often 200-300 ms.
Cloudflare is usually lower or slightly above 20 ms. (identical or close to normal ping)
However, even though this test lists Cloudflare DNS addresses, it still shows the ISP crappy response time.
However, if using DNS Director for that client, then it shows the proper response times. With the side effect, 1.1.1.1/help does not pass DoT. It does (most of time - most likely the browser causing that randomness - but still worth to mention) pass without using DNS director.

dnscheck.tools - check your dns resolvers

A tool to test for DNS leaks, DNSSEC validation, and more
www.dnscheck.tools www.dnscheck.tools
 
Robert57 said:
I have found the problem.
AdGuardHome is not compatible with DNS-over-TLS.
AdGuard had also put itself in a continuous loop.
I removed AdGuard and now DNS-over-TLS works.
Thanks again to everyone who helped me
Click to expand...
Maybe it is a good thing to dump AdGuard, a Russian company which moved its offices to Cyprus to make users think their product was safe.

If you want a content blocker use Diversion, on Merlin firmware, or Pi-Hole. Control D, a Canadian company, would be a better option than AdGuard...
 
bbunge said:
Russian company
Click to expand...

Let’s not go into politics. All the alternatives you suggest have Russian involvement as well. And this is unrelated to safety and security levels of the products.
 
You must log in or register to reply here.

Similar threads

M
DNS server - order of access
Replies
13
Views
671
Justinh
J
outlaw78
DNS Director / DoT over TLS
Replies
18
Views
2K
RMerlin
RMerlin
Le_Sage
Bug in DHCP dns
Replies
1
Views
357
dave14305
dave14305
S
AdguardHome + Unbound on Pi4 Correct DNS settings
Replies
6
Views
2K
sammyano
S
C
2.4GHz not being distributed on AIMesh node w 10GbE backhaul
Replies
8
Views
398
chA
C
Similar threads
Thread starter Title Forum Replies Date
Daveo Upgraded from AX88U to BE88U Asuswrt-Merlin 7
L Replacing RT-AC3100 with RT-BE88U for ESP based IOT Network Asuswrt-Merlin 4
Ropuh BE88U WiFi 7 - SonosOne SL Asuswrt-Merlin 4
B BE88U Asuswrt-Merlin 3
P RT-BE88U and RT-BE7200 Asuswrt-Merlin 8
B BE88U Firewall port forwarding set in GUI not working. Anyone else? Asuswrt-Merlin 2
Erah BE88U Static Route Asuswrt-Merlin 18
B 3006.102.3 RT-BE88U as WireGuard client. No Internet connection after reboot. Asuswrt-Merlin 13
R Regarding my new BE88U and the 10Gb "WAN/LAN" port(s) Asuswrt-Merlin 33
i0ntempest BE88U: Remove hidden wireless networks? Asuswrt-Merlin 15

Similar threads

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 1,713 (members: 18, guests: 1,695)
Back
Top