What's new
By:

Stubby Not Enforcing Strict Mode?

H

HarryMuscle

Senior Member
I'm working on setting up extra stubby instances which made me take a look at the /etc/stubby/stubby.yml config file on my router (RT-AC66U B1 running 386.7_2) and I noticed a possible bug. I have DNS-over-TLS Profile set to Strict on the WAN -> Internet Connection page which according to the Stubby documentation should set the tls_authentication setting in the stubby.yml file to GETDNS_AUTHENTICATION_REQUIRED, but instead the stubby.yml file has this setting set to GETDNS_AUTHENTICATION_NONE which I believe is considered Opportunistic, not Strict. Also, the stubby.yml file lists both GETDNS_TRANSPORT_UDP and GETDNS_TRANSPORT_TCP in the dns_transport_list setting, which again I believe is for Opportunistic mode only to allow falling back to unencrypted communication if necessary. Could someone confirm if their stubby.yml also contains these "issues"? Is this on purpose or is this actually a bug?

Thanks,
Harry
 
Last edited:
It will not enforce Strict mode until NTP is synced. Check the value of nvram get ntp_ready
 
You must log in or register to reply here.

Similar threads

M
DNS-over-TLS very slow (up to 10 seconds/query) via stubby, fast if queried directly on RT-AC86U
Replies
10
Views
10K
criminala
C
B
DNS over TLS for stock Asus router firmware
Replies
4
Views
10K
bbunge
B
RMerlin
  • Locked
[Beta] Asuswrt-Merlin 380.66 Beta is now available
16 17 18
Replies
357
Views
94K
RMerlin
RMerlin

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 3,919 (members: 10, guests: 3,909)
Back
Top