My question is specific in that I'm still using the last "official" 2018 pre-fork build of Merlin for the RT-N66U.
So far, it's been fairly stable; though the initial build scared the crap out of me thinking I had bricked it... the installation instructions failed to mention all of the details of what it would go through moving from Asus to Merlin; but that aside, almost everything seems to be fairly decent, though my WAN bandwidth dropped by about 10% moving to Merlin with what appears to be the same settings.
The one issue I do have is with enabling DNSSEC. When I enable it, half of the domains become unreachable. There's not rhyme or reason to it, the domains themselves all checkout fine in terms of DNSSEC Compliance (one of the sites in question being the sources of the Merlin packages). When I ping a site that won't load in my browser, I get an error like this:
. There's no real logic to what will or won't load. My WAN DNS is pointed to cloudflare (1.1.1.1 and 1.0.0.1) which are DNSSEC Compliant. My LAN IP is all defaults. My LAN Computers are all using DHCP IPv4 Only. IPv6 disabled.
My LAN Properties are as simple as it gets. Ignore the 169.254.0.0 variable because that is standard on all Linux builds in case the NIC can't find the DHCP Server, it would default to that address.
The Router is acting as the LAN DNS Server.
Nothing in terms of "features" is really enabled on the router... In fact I turned off 2.4 Wireless just because I don't have anything that would use it.. so why bother leaving it on and generating heat? Everything else for the most part (QOS, Apps, etc...) is all disabled.
The only thing I have turned on is the Firewall, DDoS protection, ICMP Echo = off, NAT Loopback = Merlin.
Anyway... Everything works fine if I disable DNSSEC. I turn that on and things go screwy.
My question is... was this "kind of broken" in my version of Merlin and/or has this feature been "fixed" in a later (or the latest) "John" fork?
I'd like to get that one feature up and running; but I would probably resist updating the firmware if it's all still the same.
Comments encouraged.
Thanks!
So far, it's been fairly stable; though the initial build scared the crap out of me thinking I had bricked it... the installation instructions failed to mention all of the details of what it would go through moving from Asus to Merlin; but that aside, almost everything seems to be fairly decent, though my WAN bandwidth dropped by about 10% moving to Merlin with what appears to be the same settings.
The one issue I do have is with enabling DNSSEC. When I enable it, half of the domains become unreachable. There's not rhyme or reason to it, the domains themselves all checkout fine in terms of DNSSEC Compliance (one of the sites in question being the sources of the Merlin packages). When I ping a site that won't load in my browser, I get an error like this:
Code:
asuswrt-merlin.net: Temporary failure in name resolution
My LAN Properties are as simple as it gets. Ignore the 169.254.0.0 variable because that is standard on all Linux builds in case the NIC can't find the DHCP Server, it would default to that address.
The Router is acting as the LAN DNS Server.
Code:
GENERAL.DEVICE: enp3s0f1
-------------------------------------------------------------------------------
GENERAL.TYPE: ethernet
-------------------------------------------------------------------------------
GENERAL.HWADDR: AE:1E:84:A8:92:3D
-------------------------------------------------------------------------------
GENERAL.MTU: 1500
-------------------------------------------------------------------------------
GENERAL.STATE: 100 (connected)
-------------------------------------------------------------------------------
GENERAL.CONNECTION: Wired connection 1
-------------------------------------------------------------------------------
GENERAL.CON-PATH: /org/freedesktop/NetworkManager/ActiveConnection/25
-------------------------------------------------------------------------------
WIRED-PROPERTIES.CARRIER: on
-------------------------------------------------------------------------------
IP4.ADDRESS[1]: 192.168.1.165/24
IP4.GATEWAY: 192.168.1.1
IP4.ROUTE[1]: dst = 0.0.0.0/0, nh = 192.168.1.1, mt = 100
IP4.ROUTE[2]: dst = 192.168.1.0/24, nh = 0.0.0.0, mt = 100
IP4.ROUTE[3]: dst = 169.254.0.0/16, nh = 0.0.0.0, mt = 1000
IP4.DNS[1]: 192.168.1.1
-------------------------------------------------------------------------------
Nothing in terms of "features" is really enabled on the router... In fact I turned off 2.4 Wireless just because I don't have anything that would use it.. so why bother leaving it on and generating heat? Everything else for the most part (QOS, Apps, etc...) is all disabled.
The only thing I have turned on is the Firewall, DDoS protection, ICMP Echo = off, NAT Loopback = Merlin.
Anyway... Everything works fine if I disable DNSSEC. I turn that on and things go screwy.
My question is... was this "kind of broken" in my version of Merlin and/or has this feature been "fixed" in a later (or the latest) "John" fork?
I'd like to get that one feature up and running; but I would probably resist updating the firmware if it's all still the same.
Comments encouraged.
Thanks!