Menu
What's new
By:
Filters Better Search

[384.14_Alpha - builds] Testing all variants.

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Status
Not open for further replies.
dave14305 said:
DNSFilter will block client DoT (port 853) if the DNSFilter mode does not support DoT. The new DoH setting will prevent Firefox from automatically enabling DoH (port 443) in upcoming Firefox releases. There are not yet any plans to block DoH in the firmware since it looks the same as normal https traffic. So a Firefox client that manually enables DoH will pass through the router just fine, which is part of the Firefox controversy.
Click to expand...
I'm not familiar with firefox upcoming DOH feature. What's the difference of automatically and manually enabling DOH in firefox? Aren't they both ends with DOH?
 
bluepoint said:
I'm not familiar with firefox upcoming DOH feature. What's the difference of automatically and manually enabling DOH in firefox? Aren't they both ends with DOH?
Click to expand...
There were rumors that Firefox and Chrome would enable DoH in upcoming releases. DoH is in Firefox now but has to be manually enabled.
DoH and DoT have gotten some bad press lately from uninformed persons. Seems that we are trying to keep law enforcement from seeing what we do...
 
Firefox checks for a special canary domain before automatically enabling DoH. If that domain fails their test, they will not automatically enable DoH, assuming you are currently using a special DNS server (for parental control or ad blocking, for instance). However if you manually decide to enable DoH, then that canary domain will not be checked.

All the router can do is handle requests sent for this canary domain. It has no way of blocking the DoH traffic itself, because that's the idea behind DoH: to avoid detection/filtering by hiding as regular HTTPS traffic.
 
bbunge said:
There were rumors that Firefox and Chrome would enable DoH in upcoming releases. DoH is in Firefox now but has to be manually enabled.
DoH and DoT have gotten some bad press lately from uninformed persons. Seems that we are trying to keep law enforcement from seeing what we do...
Click to expand...

Firefox will automatically enable DoH if you are in the US, and a certain canary domain lookup succeeds.

Chrome is going for a slightly different route: they detect what DNS server you use, and if that server is known to also support DOH (for instance if you are currently using 1.1.1.1) then they will upgrade to the DoH protocol. Not as brain-damaged as Firefox, but still problematic if you intend to handle DNS traffic differently on your network through QoS rules. The decision will be made based on a built-in database of known DoH capable servers.

If you have your HTTPS traffic handled with a lower priority (to avoid large downloads from slowing down your network), then DoH requests will also end up throttled at this lower priority. You can imagine the results.
 
I can't login to my AX88U with 384.14 Alpha 2 Network Drive using the username and password anymore.
It keep on saying "access denied". Create new account is not going work either.
 
RMerlin said:
Firefox checks for a special canary domain before automatically enabling DoH. If that domain fails their test, they will not automatically enable DoH, assuming you are currently using a special DNS server (for parental control or ad blocking, for instance). However if you manually decide to enable DoH, then that canary domain will not be checked.

All the router can do is handle requests sent for this canary domain. It has no way of blocking the DoH traffic itself, because that's the idea behind DoH: to avoid detection/filtering by hiding as regular HTTPS traffic.
Click to expand...


Thanks for your answers!! I’ve to read the your comment a couple of times, I’ve to get my head around it.

It think you’re saying, when you “not” enable DoH on Firefox, the router will use the appropriate DNS set by yourself. In my case when DNS is set on the router to Exclusive with a VPN client. Then this is self-controlled and wont switch to their DNS liking. Its going to be a problem when Firefox or Chrome overrule my VPN Client DNS. I don’t want that. Again, that is what I asked you if it’s possible to eliminate any overruling by a special setting, when we not paying attention with future updates from them.

Thanks!
 
RMerlin said:
Firefox will automatically enable DoH if you are in the US, and a certain canary domain lookup succeeds.

Chrome is going for a slightly different route: they detect what DNS server you use, and if that server is known to also support DOH (for instance if you are currently using 1.1.1.1) then they will upgrade to the DoH protocol. Not as brain-damaged as Firefox, but still problematic if you intend to handle DNS traffic differently on your network through QoS rules. The decision will be made based on a built-in database of known DoH capable servers.

If you have your HTTPS traffic handled with a lower priority (to avoid large downloads from slowing down your network), then DoH requests will also end up throttled at this lower priority. You can imagine the results.
Click to expand...

How will DoH work for people like me using a Raspberry Pi with Pihole and Unbound which functions as a fully recursive server and contacts top level domain servers directly? Does this mean Firefox will bypass my Pi's Unbound implementation?
 
Sonyrolfy said:
if it’s possible to eliminate any overruling by a special setting, when we not paying attention with future updates from them.
Click to expand...

Not possible. DoH was designed specifically to prevent that from happening, for good and for worse.

WRobertE said:
Does this mean Firefox will bypass my Pi's Unbound implementation?
Click to expand...

Yes. If Firefox uses DoH, then it will bypass any DNS configuration you might have in place on your network.
 
Merlin: Thank you for all your work; I, like many others, appreciate it. I started working with this alpha build on my RT-AX88U, but have you noticed that in the ASUS Firmware release 384_6436, that if you set the "Protected Management Frames" setting on the Wireless, General page to "Disabled" that it reverts back to "Capable?" This setting creates an issue with one of the Android devices I have; it will not connect. Same issue seems to be present for this alpha build, however, if I revert back to your 384.13 based on GPL 384_6210, I am able to set to "Disabled" and I am able to connect. I also see a posting here:

https://rog.asus.com/forum/showthread.php?113384-New-Firmware-for-AX11000-Version-3-0-0-4-384_6436

Thank you.
 
Regarding Firefox and DoH, so far 69, 70 beta, and 71 Nightly have not flipped DoH on yet. I suspect the auto DoH might be for fresh installs and not ones done via the internal updater where you already have it off. We shall see.
 
Hopefully this hasn't been mentioned in here yet. However i tried manually updating the signature on my AX88U on the alpha 2 build. It goes thru the proccess of checking, then says it's updating, finally saying update has completely(should say Completed). After this was done, the version still showed 2.066.

I tried refreshing the page, redoing the update, which does the same process over. I ended up restarting the router, still nothing. So something is bugged with the signature update process. I just wanted to mention this.

EDIT: I flashed to the latest ASUS build for the AX88U, which is 3.0.0.4.384_6436. After the flash was done, I manually updated the signature, and it updated to version 2.144. So something within the alpha 2 build for the AX88U is bugged, when it comes to updating the signature.
 
Last edited:
bbunge said:
RT-AC66U_B1 upgraded to the Alpha 2. Seems to run well but am not seeing the DHCP reserved list in Edge and Chrome.
Yesterday I transferred some large files from a wired PC to my NAS. Noticed in the Traffic Monitor on Daily that the internal transfer was recorded which blew away the graph display. Don't think the internal, wired and WIFI should be displayed in the traffic monitor.View attachment 19533
Click to expand...

ok, who are you and who do you work for with 17 BILLION GB on your desktop computer and NAS that can handle it? ;-p
 
Problem Activating SSH in GUI

After upgrading my AC86 from 13 to 14 beta, when using the GUI I was unable to activate SSH access to the router.

When I clicked apply a box kept popping up telling to select a number between 1-65535. Regardless of what port number I entered it would not work. Rebooting the router did not help.

I finally reverted to V 13 turned on SSH the upgraded again to V14. After turning on SSH in V13 SSH was working in V14.
 
CaptainSTX said:
Problem Activating SSH in GUI

After upgrading my AC86 from 13 to 14 beta, when using the GUI I was unable to activate SSH access to the router.

When I clicked apply a box kept popping up telling to select a number between 1-65535. Regardless of what port number I entered it would not work. Rebooting the router did not help.

I finally reverted to V 13 turned on SSH the upgraded again to V14. After turning on SSH in V13 SSH was working in V14.
Click to expand...

https://www.snbforums.com/threads/384-14_alpha-builds-testing-all-variants.59019/page-6#post-519806
https://www.snbforums.com/threads/384-14_alpha-builds-testing-all-variants.59019/page-7#post-520019
https://www.snbforums.com/threads/384-14_alpha-builds-testing-all-variants.59019/page-7#post-520025
https://www.snbforums.com/threads/384-14_alpha-builds-testing-all-variants.59019/page-7#post-520061
https://www.snbforums.com/threads/384-14_alpha-builds-testing-all-variants.59019/page-7#post-520068
https://www.snbforums.com/threads/384-14_alpha-builds-testing-all-variants.59019/page-7#post-520077
https://www.snbforums.com/threads/384-14_alpha-builds-testing-all-variants.59019/page-9#post-520594
https://www.snbforums.com/threads/384-14_alpha-builds-testing-all-variants.59019/page-9#post-520596
 
Status
Not open for further replies.

Similar threads

octopus
  • Locked
[ 3006.102 alpha Build(s) ] Testing available build(s)
2 3
Replies
43
Views
9K
octopus
octopus
octopus
  • Locked
[ 386.13 alpha Build(s) ] Testing available build(s)
2 3
Replies
46
Views
7K
octopus
octopus
octopus
  • Locked
[ 386.12 alpha Build(s) ] Testing available build(s)
3 4 5
Replies
90
Views
15K
octopus
octopus
octopus
  • Locked
[ 3004.388.6 alpha Build(s) ] Testing available build(s)
8 9 10
Replies
189
Views
30K
octopus
octopus
RMerlin
Release Asuswrt-Merlin 386.14 is now available for AC models
9 10 11
Replies
209
Views
32K
KGB7
K
Similar threads
Thread starter Title Forum Replies Date
W Tera Term can't SSH connect to router running Merlin 384, but works when flash back to ASUS stock FW Asuswrt-Merlin 6
Chichi [AC 68U] Recommend FW upgrade path from 384.9 Asuswrt-Merlin 8
I RT-AC3200 Merlin 384.13.10 - e2fsck abort with 'Memory Allocation failed' (10 GB swapfile!) Asuswrt-Merlin 14
octopus [ 3006.102 alpha Build(s) ] Testing available build(s) Asuswrt-Merlin 43
octopus [ 386.14 alpha Build(s) ] Testing available build(s) Asuswrt-Merlin 2
octopus [ 3004.388.8 alpha Build(s) ] Testing available build(s) Asuswrt-Merlin 39
DMcD-EMS-USMC 3006.102 alpha 2 Build(s) Now Available Asuswrt-Merlin 2
octopus [ 3006.102 alpha Build(s) ] Testing available build(s) Asuswrt-Merlin 59
octopus [ 3004.388.7 alpha 2 Build(s) ] Testing available build(s) Asuswrt-Merlin 85
octopus [ 3004.388.7 alpha 1 Build(s) ] Testing available build(s) Asuswrt-Merlin 175

Similar threads

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 768 (members: 17, guests: 751)
Top