Menu
What's new
By:
Filters Better Search

Search results

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

  1. Intrepid

    Release RT-AX86U_Pro : 3.0.0.6.102_34314 09AUG24

    Available Here: https://www.asus.com/supportonly/rt-ax86u-pro/helpdesk_bios?model2Name=RT-AX86U-Pro Also showing as an available update in the Router Menu under Administration, Firmware Upgrade. ASUS RT-AX86U Pro Firmware version 3.0.0.6.102_34314 Version 3.0.0.6.102_34314 58.16 MB 2024/08/09...
  2. Intrepid

    DNSSEC DNS on RT-AX86U Pro causing some websites not to load properly

    Using DNSSEC, they validate the authenticity of the original response received from the authoritative nameserver. If and only if it's a malicious domain, do they modify the response to prevent you from reaching the harmful site. I don't think they sign the modified response with DNSSEC because...
  3. Intrepid

    DNSSEC DNS on RT-AX86U Pro causing some websites not to load properly

    They don't re-sign it - but it doesn't matter since the response would be NXDomain anyway (for Quad9) or a redirection to a warning page. See: https://www.snbforums.com/threads/dnssec-dns-on-rt-ax86u-pro-causing-some-websites-not-to-load-properly.90670/page-3#post-914606
  4. Intrepid

    DNSSEC DNS on RT-AX86U Pro causing some websites not to load properly

    Agreed. DoT and DoH establish a secure connection directly with the DNS resolver. If you trust your DNS provider and they have implemented DNSSEC validation (like Quad9), you can also trust your DNS even without local DNSSEC on your router.
  5. Intrepid

    DNSSEC DNS on RT-AX86U Pro causing some websites not to load properly

    But I think Quad9's implementation of DNSSEC along with DNS-over-TLS (DoT) encryption on the Asus router provides more than enough security as well as reliability for most home and small business users. If you really need DNSSEC at the local router, you must use a DNS provider that reliably...
  6. Intrepid

    DNSSEC DNS on RT-AX86U Pro causing some websites not to load properly

    I just completed my final tests with Quad9. 1. Just DNSSEC: Business.Comcast.com FAILS to load properly 2. Just DNSSEC with Validate unsigned DNSSEC replies: Business.Comcast.com FAILS to load properly 3. DNSSEC (with and without Validation) -and- DNS-over-TLS (DoT): Business.Comcast.com FAILS...
  7. Intrepid

    News RT-AC68U End of Life Announced by Asus

    Those routers are still on firmware 3.0.0.4. I recommend only routers that support 3.0.0.6 firmware such as the RT-AX86U Pro.
  8. Intrepid

    DNSSEC DNS on RT-AX86U Pro causing some websites not to load properly

    Oh, are you trying static.digital.business.comcast.com or business.comcast.com. The correct domain to test is: business.comcast.com
  9. Intrepid

    DNSSEC DNS on RT-AX86U Pro causing some websites not to load properly

    May be a testing error. Perhaps cache issue. Regional issue. Don't know. But those work just fine including business.comcast.com with standard UDP DNS as well as DoT. You can run a test here as well: https://www.browserling.com
  10. Intrepid

    DNSSEC DNS on RT-AX86U Pro causing some websites not to load properly

    I noticed inconsistencies if I didn't flush all the caches (Router, OS and browser). I'll have to test with both DoT and DNSSEC enabled to see if there is a change. Nevertheless, I think DNSSEC is not reliable enough as explained in great detail above.
  11. Intrepid

    DNSSEC DNS on RT-AX86U Pro causing some websites not to load properly

    My results were confirmed by Treadler (Post #16) and dave14305 (Post #30). I suggested two possibilities for the discrepancy: My tests so far only had DNSSEC enabled (but not DoT) and I flushed all DNS caches before each test.
  12. Intrepid

    DNSSEC DNS on RT-AX86U Pro causing some websites not to load properly

    Thanks, yes. This is what I decided to do and DoT also provides an additional layer of security as well as privacy. At least three people here including myself have already said that DNSSEC with both Quad9 and Cloudflare broke a major website (business.comcast.com). Certainly there are many...
  13. Intrepid

    DNSSEC DNS on RT-AX86U Pro causing some websites not to load properly

    That's not the results I got. But I kept DoT off and only tested with DNSSEC and Quad9. I'll have to test with both enabled - don't know why that would make a difference. In addition, I flushed the DNS caches between tests! DNS flush commands for those interested: Windows Flush DNS...
  14. Intrepid

    DNSSEC DNS on RT-AX86U Pro causing some websites not to load properly

    Thanks for confirming this is not just a "Quad9 issue". I don't trust DNSSEC anymore - if business.comcast.com doesn't work there certainly are many others. I will leave it off on the router.
  15. Intrepid

    DNSSEC DNS on RT-AX86U Pro causing some websites not to load properly

    Here is my question to Quad9 and their reply. I'm not a DNSSEC expert, so if you have a suggestion for a follow-up question, that would be nice. Thanks. BTW, I didn't notice any issues with other domains with DNSSEC enabled except business.comcast.com. I'm sure there must be others. Question...
  16. Intrepid

    DNSSEC DNS on RT-AX86U Pro causing some websites not to load properly

    That's what I thought. I wonder why this is an issue with Quad9. I'll ask them and let you know what they say.
  17. Intrepid

    DNSSEC DNS on RT-AX86U Pro causing some websites not to load properly

    Here is another test where Quad9 blocked the most malicious sites. That's my primary concern. If Cloudflare blocked more then I would use them. I don't owe any allegiance to Quad9. https://www.skadligkod.se/general-security/phishing/malicious-site-filters-on-dns-in-2020/
  18. Intrepid

    DNSSEC DNS on RT-AX86U Pro causing some websites not to load properly

    Huh? No, it was rated the best. It blocked the most malicious sites (missed only 0.79%) while Cloudflare missed 33%.
  19. Intrepid

    DNSSEC DNS on RT-AX86U Pro causing some websites not to load properly

    Thanks. This is why I prefer Quad9 over Cloudflare. I primarily care about malicious site blocking and security (video queued):
  20. Intrepid

    DNSSEC DNS on RT-AX86U Pro causing some websites not to load properly

    Quad9 replied: "DNSSEC should not be enabled on a DNS forwarder or DNS client using a recursive service like Quad9 which already performs DNSSEC validation https://docs.quad9.net/Quad9_For_Organizations/DNS_Forwarder_Best_Practices/#disable-dnssec-validation Although we don't have a Setup...
Top