Search results

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

  1. S

    Beta Asuswrt-Merlin 3004.388.8 beta is now available

    I agree with Ripshod. Sounds like an ISP problem.
  2. S

    Beta Asuswrt-Merlin 3004.388.8 beta is now available

    FWIW, I’ve been testing that website (several times) yesterday and today, and I can’t get it to fail. It loads successfully every single time I try. I’m using Cloudflare unfiltered DNS (1.1.1.1) over DoT with local DNSSEC (i.e. the setting on my router) disabled.
  3. S

    Beta Asuswrt-Merlin 3004.388.8 beta is now available

    I’ve occasionally seen strange behavior like that when DNSSEC is enabled, particularly when it’s enabled while using my ISP’s DNS. If you have it enabled, try disabling it and see if it helps.
  4. S

    EDNS amber vs green on dnscheck tools site

    Thanks. So my ISP’s DNS doesn’t support UDP buffer sizes above 1200?
  5. S

    EDNS amber vs green on dnscheck tools site

    When using my ISP’s DNS, the “EDNS” indicator at the bottom of the dnscheck tools site is amber. But when using Cloudflare, it’s green. Does anyone know what the different colors mean?
  6. S

    ControlD with Merlin

    FWIW, I’ll add my two cents based on my experience. My ISP’s DNS is the fastest but much like you, OP, I was looking for a resolver that did proper DNSSEC validation and also offered encryption. After trying several public resolvers, I settled on Cloudflare (their 1.1.1.1 unfiltered service)...
  7. S

    Ookla Speedtest is inaccurate in RT-AX86U Pro Results

    All good on my AX86U Pro with latest Merlin release (using 1Gb WAN port since my XB6 cable modem doesn’t have a 2.5Gb port): From my phone (WiFi using 80MHz channel):
  8. S

    DNS/TLS IPv6.

    Yes it does. This is exactly how it works for me as I’ve stated before.
  9. S

    DNS/TLS IPv6.

    Exactly what I thought, and that’s been my experience. Thanks.
  10. S

    DNS/TLS IPv6.

    Are you sure? I thought the DoT table overrides whatever you have set in the IPv4 and IPv6 DNS fields? I have my IPv4 and IPv6 DNS fields set to “automatically obtain from ISP” and I have Cloudflare DoT configured in the DoT table (IPv4 and IPv6 addresses) in “strict” mode. All DNS tests...
  11. S

    DNSSEC DNS on RT-AX86U Pro causing some websites not to load properly

    How would DNS get poisoned in the last mile if your traffic is encrypted between your router and your upstream resolver? While probably not impossible, I’d assume it’s extremely unlikely and nearly zero risk.
  12. S

    DNSSEC DNS on RT-AX86U Pro causing some websites not to load properly

    I don’t disagree with Quad9. I think what they’re saying makes sense. Let the upstream resolver do DNSSEC validation, and use DoT for last mile protection by encrypting the traffic between router (and clients) and upstream resolver. As I’ve stated before, IMO, using local DNSSEC on the router...
  13. S

    DNSSEC DNS on RT-AX86U Pro causing some websites not to load properly

    The former :) As I’ve stated before, business.comcast.com loads perfectly when using Quad9 or Cloudflare regardless if local DNSSEC is enabled or not. And it also loads perfectly when using my ISP’s DNS but only if local DNSSEC is disabled. The only time that site doesn’t load properly is when...
  14. S

    DNSSEC DNS on RT-AX86U Pro causing some websites not to load properly

    Those domains all fail for me even when testing from my phone over my cellular network (bypassing my router) with plain old DNS.
  15. S

    DNSSEC DNS on RT-AX86U Pro causing some websites not to load properly

    Those fail for me too regardless of my configuration - Cloudflare with or without local DNSSEC enabled; and my ISP DNS with or without local DNSSEC enabled.
  16. S

    DNSSEC DNS on RT-AX86U Pro causing some websites not to load properly

    I flushed DNS too before each test (on the device I was testing with). DoT shouldn't have anything to do with this. Perhaps it's something to do with a potential difference with dnsmasq on Asus firmware vs Merlin…
  17. S

    DNSSEC DNS on RT-AX86U Pro causing some websites not to load properly

    Your results are strange though and I can't replicate them. As I've stated before, when using Quad9 or Cloudflare with local DNSSEC enabled on my router, that comcast site loads perfectly fine. The only time it doesn't is when I'm using my ISP's DNS with local DNSSEC enabled on my router. No...
  18. S

    DNSSEC DNS on RT-AX86U Pro causing some websites not to load properly

    I know. I'm just saying that it's likely not worth the performance hit unless you don't trust the public resolver doing DNSSEC validation. Also, DoT should take care of last mile protection. An old article...not sure if anything has changed with local DNSSEC validation since then...
  19. S

    DNSSEC DNS on RT-AX86U Pro causing some websites not to load properly

    Forgot to add that the Quad9 tech support agent is correct. When using an upstream resolver with DNSSEC, there’s no need to enable DNSSEC locally on your router. It’s not worth the performance hit. Keep it disabled if you’re using Quad9. And if you value privacy (and you don't mind a performance...
  20. S

    DNSSEC DNS on RT-AX86U Pro causing some websites not to load properly

    I don’t see how DoT would make a difference either. But that’s just how I tested. When configuring Quad9 or Cloudflare, I kept the IPv4 DNS fields in the WAN tab as “get DNS from ISP automatically” and the IPv6 DNS fields as “connect to DNS server automatically.” I only configured the Quad9 and...
Top