What's new
  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Stubby-Installer-Asuswrt-Merlin

thanks for that - it gives me hope it may be worth the time to troubleshoot - i already wasted many hours isolating the problem in the first place and rebuilding my router before my wifi starved family were about to kill me*. just wondering what ISP type, speed and wan-qos you are using with your ac3100 running stubby. *i keep a spare preconfigured router on the shelf, so my life was not really in any danger :p
The NTP issue affected me the other day for the first time. I returned home from a recent trip and turned the router back on. I had no internet access. The Main page on the firmware showed I had no WAN IP. But the WAN indicator light on the router was not red.

I ran the script to uninstall Stubby. Upon reboot, I had internet access. I then reinstalled Stubby and everything worked. However, when I rebooted, no internet access. :( I'm still on 384.7_2 and had made no recent changes.

I updated with README.md:

Two of the testers experienced issues with the router not being able to access the WAN due to lack of NTP early in the boot reboot process. The models are the RT-AC68U_B1 and RT-AC3100/CA. The fix is to add the entry server=/pool.ntp.org/1.1.1.1 to /jffs/configs/dnsmasq.conf.add. I also experienced the issue on my AC88U after several months in production with no issues.

Let us know if you still have issues after applying the fix. I may need to consider updating the install script with this fix if more people start experiencing the issue.
 
Last edited:
The NTP issue affected me the other day for the first time. I returned home from a recent trip and turned the router back on. I had no internet access. The Main page on the firmware showed I had no WAN IP. But the WAN indicator light on the router was not red.

I ran the script to uninstall Stubby. Upon reboot, I had internet access. I then reinstalled Stubby and everything worked. However, when I rebooted, no internet access. :( I'm still on 384.7_2 and had made no recent changes.

I updated with README.md:



Let us know if you still have issues after applying the fix. I may need to consider updating the install script with this fix if more people start experiencing the issue.
There is a setting under the Tools>Other Settings tab down at the bottom.
Code:
Wan: Use DNS probes to determine if WAN is up (default: Yes)    Yes No
Set this to no and test. It worked great for me and the showing disconnected at boot.

EDIT: The reason for this is that you won't have dns ability until Stubby starts. Stubby starts after Entware starts. Entware relies on your usb drive to mount. This can be quite a bit later in the boot process. Entware is actually started by Diversion at this point. This is the reason to set the above setting to NO.
 
Last edited:
There are two ways that the webui determines a connection. One is with dns probes the other is just a NTP update. Try the two settings above. I have zero problems now with these issues.
 
thanks everyone for bringing it down to the novice level of appreciation on this issue.
the family left me alone while xmas shopping, so i applied both the edit and setting
soft rebooted, installed stubby, soft rebooted - and wan clamped correctly, but just
to be sure i did a hard reboot of everything, and again the wan came back just fine
and now i get to enjoy both protections of stubby and dnssec from metadata whores.
needless to say i hope this fix becomes part of the thread OP, websight and install,
as long as it doesn't screw up asus routers that don't need it, better safe than sorry :cool:

Lkdzq1o.jpg
 
Thanks to all the helpful people on this forum, Stubby is working on my AC86U. :)

Annotation 2018-12-22 232527.jpg
 
Hi @DAVID LONG,

How did you get to the “Encrypted SNI”? Are you using Firefox by any chance?

Thanks!


Sent from my iPhone using Tapatalk
You can get it with "Firefox Nightly" the original Firefox doesn't quite support it yet.
 
Last edited:
with firefox 64; go to about:config and

network.security.esni.enabled -> True
network.trr.mode -> 2

“Encrypted SNI” will be green :)

For details you can check;

https://blog.cloudflare.com/encrypt-that-sni-firefox-edition/

https://wiki.mozilla.org/Trusted_Recursive_Resolver

After these you won't be able to see DNS queries from firefox on Diversion logs. I guess this is expected.

Will network.trr.mode=2 invalidate Stubby since at this setting it will redirect all DNS queries via DOH?


Sent from my iPhone using Tapatalk
 
Will network.trr.mode=2 invalidate Stubby since at this setting it will redirect all DNS queries via DOH?

I'm not sure but since I can't see DNS queries on my router when I've set "network.trr.mode=2", so I think yes, firefox will invalidate Stubby and router.

Stubby and router is under my control so I don't need "Encrypted SNI", I only need encryption between my router and DNS server :)
 
Keep in mind that most tests for DNSSEC only check that the DNS resolver is able to do DNSSEC. You need to turn on DNSSEC in Merlin or enable it in stubby.yml. Either way works!

Sent from my SM-T380 using Tapatalk
 
I also get this,

Annotation 2018-12-23 093740.jpg

So is Stubby working?

It passes all the tests on the GitHub page.
 
Keep in mind that most tests for DNSSEC only check that the DNS resolver is able to do DNSSEC. You need to turn on DNSSEC in Merlin or enable it in stubby.yml. Either way works!

Sent from my SM-T380 using Tapatalk


By default, Stubby turns off DNSSEC in the firmware and enables in its script. In my AC86U if I enable it in the firmware and disable it in Stubby, Stubby will not work.
 
By default, Stubby turns off DNSSEC in the firmware and enables in its script. In my AC86U if I enable it in the firmware and disable it in Stubby, Stubby will not work.
How are you going about turning dnssec off in Stubby?
 
Thanks to all the helpful people on this forum, Stubby is working on my AC86U. :)

View attachment 15590

By using Firefox trr, you are NOT USING stubby to resolve your dns queries. Everything is passed thru DOH via firefox built in resolver. That mean Diversion WILL NOT be working for you as they are intercepted by firefox. (That makes Stubby and diversion redundant.

I also get this,

View attachment 15594
So is Stubby working?

It passes all the tests on the GitHub page.

Yes Stubby seem working with DOT but because u have firefox built in DOH, that's why you see DOH and DOT as YES.
 
[Q
How are you going about turning dnssec off in Stubby?

Don't remember the command for this as I did it when I trying to install Stubby. I think I saw it on one of the Stubby thread external links

I also get this,

View attachment 15594
So is Stubby working?

It passes all the tests on the GitHub page.

With Firefox Nightly and
network.security.esni.enabled -> True
network.trr.mode -> 0

upload_2018-12-23_9-40-32.png


upload_2018-12-23_9-47-17.png



With Firefox Nightly and
network.security.esni.enabled -> True
network.trr.mode -> 1

upload_2018-12-23_9-37-1.png


View attachment 15597

See: https://wiki.mozilla.org/Trusted_Recursive_Resolver
 

Attachments

  • upload_2018-12-23_9-37-59.png
    upload_2018-12-23_9-37-59.png
    44.7 KB · Views: 381
Last edited:

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Back
Top