[384.15_Alpha - builds] Testing all variants.

[Vulcano]

Read this link
https://www.snbforums.com/threads/b...ta-is-now-available.60037/page-19#post-528738

Thank you! after all had not read everything .....

 

[Billy Chaney]

Thank you! after all had not read everything .....

You're very welcome.

 

[jerry6]

2nd alpha build 25dec working well on my AC5300 , no problems at all .
Thanks Merlin

 

[bluepoint]

2nd alpha build 25dec working well on my AC5300 , no problems at all .
Thanks Merlin

There is a newer one dated 1/1/2020(Wed at 9:40 PM)

 

[Howard_inGA]

what is the difference between alpha1-g4fecf771de and alpha1-gea333a6048 because on the RT-AC5300 the
alpha1-gea333a6048 version installs where as the alpha1-g4fecf771de does not install?

Working fine on mine...dirty upgrade too!

 

[neil0311]

I have been running this version on the RT-AX88U for 3 days and 12 hours now, no issues.

do you recommend over the “stable” build 384.14?

 

[SheikhSheikha]

do you recommend over the “stable” build 384.14?

As far as the RT-AC5300 concerns: a definite YES! The to be expected signal strength on all wifi channels is back (384.14 had up to 8% less signal on my routers) , LAN-WAN throughput, CPU temp, it all works smooth. With MU-MIMO off the speed of my devices have up to 30% more speed. (No experience with QOS as it kills the performance of my vpn client). A quick and dirty upgrade works fine. Have the Alpha installed on my second router given the excellent experience on the first.

 

[L&LD]

It's hard to recommend an Alpha build for others, but I do recommend the latest one (currently RT-AX88U_384.15_alpha1-gd9c8b621c5_cferom_ubi.w) if you want to see what features are coming (for example; all the new web pages allowed for the amtm supported scripts).

 

[XIII]

Set up my router from scratch (without reloading any previous router settings) and everything seemed fine yesterday evening.

However, woke up this morning and DNS was again not working until I manually restarted the dnsmasq service.

Now that we ruled out (what some call) a “dirty” flash, what should I try next to debug/fix this?

 

[Adamm]

Set up my router from scratch (without reloading any previous router settings) and everything seemed fine yesterday evening.

However, woke up this morning and DNS was again not working until I manually restarted the dnsmasq service.

Now that we ruled out (what some call) a “dirty” flash, what should I try next to debug/fix this?

Judging by your post history you use NextDNS, are you sure the issue isn't with their beta client?

 

[XIII]

Judging by your post history you use NextDNS, are you sure the issue isn't with their beta client?

I don’t use their beta client (DoH); I use the firmware built-in DoT (via Stubby).

I have had the problem since 1/1/20, with Cloudflare, Quad9, and NextDNS (did not try others).

 

[XIII]

Is this logging showing correct behaviour?

Jan  4 05:21:21 dnsmasq[21003]: query[A] www.meethue.com from 192.168.1.111
Jan  4 05:21:21 dnsmasq[21003]: forwarded www.meethue.com to 127.0.1.1
Jan  4 05:21:22 dnsmasq[21003]: forwarded www.meethue.com to 127.0.1.1
Jan  4 05:21:22 dnsmasq[21003]: validation www.meethue.com is BOGUS
Jan  4 05:21:22 dnsmasq[21003]: reply error is SERVFAIL

What is 127.0.1.1?

And what about this logging?

Jan  4 05:21:30 dnsmasq[21003]: query[A] www.meethue.com.home.lan from 192.168.1.111
Jan  4 05:21:30 dnsmasq[21003]: config www.meethue.com.home.lan is NXDOMAIN

This one looks better? (after I restarted the dnsmasq service)

Jan  4 08:10:08 dnsmasq[12296]: query[A] www.meethue.com from 192.168.1.111
Jan  4 08:10:08 dnsmasq[12296]: forwarded www.meethue.com to 127.0.1.1
Jan  4 08:10:08 dnsmasq[12296]: validation result is INSECURE
Jan  4 08:10:08 dnsmasq[12296]: reply www.meethue.com is 35.201.97.239

Hm, this might be interesting:

// Configure the firmware so:
// * Disable WAN DNS so dnsmasq does not set conflicting upstream servers.
// * DNS rebinding is disabled, as DNS blocking uses 0.0.0.0 to block domains.
// The rebinding protection can be setup and enforced at NextDNS level.
// * DNSSEC validation is disabled as when a DNSSEC supported domain is blocked,
// the validation will fail as blocking alters the response. NextDNS takes care
// of DNS validation for non blocked queries.

 

[XIII]

Separate issue: 384.15 alpha 1 seems to reset SSH access to "LAN only" after router reboot?

(I had configured LAN + WAN and have experienced this reset multiple times with this build)

EDIT: it apparently even resets back to "LAN only" without a router reboot...

 

[XIII]

Applying the changes above (disable WAN DNS, DNS rebinding, and DNSSEC validation) did not help; DNS still fails after some time...

 

[skeal]

Applying the changes above (disable WAN DNS, DNS rebinding, and DNSSEC validation) did not help; DNS still fails after some time...

I think your issue is trying to stay with nextdns in spite of their problems and new growing pains. They have a new product available for testing soon from entware.

 

[RMerlin]

EDIT: it apparently even resets back to "LAN only" without a router reboot...

Got any security extension like Skynet installed?

Some of these will disable features that are considered security risks.

 

[XIII]

Got any security extension like Skynet installed?

Yes, I have SkyNet installed, but have had that for a long time and could always remote SSH.

@Adamm Did this change recently in SkyNet?

 

[XIII]

I think your issue is trying to stay with nextdns in spite of their problems and new growing pains. They have a new product available for testing soon from entware.

I'm indeed going two steps back now:

1. First try 1.1.1.1 without DNS over TLS
2. Then try 1.1.1.1 with DNS over TLS

Only if these work fine I might go back to NextDNS, though I would really like to use their service.

(And I want DoT; not their DoH solution)

 

[Mutzli]

I'm indeed going two steps back now:

1. First try 1.1.1.1 without DNS over TLS
2. Then try 1.1.1.1 with DNS over TLS

Only if these work fine I might go back to NextDNS, though I would really like to use their service.

(And I want DoT; not their DoH solution)

What was your decision to use NextDNS over Diversion? I think diversion does a great job at blocking content, even better now since you can load Pihole and other domain based lists.

 

[Adamm]

Yes, I have SkyNet installed, but have had that for a long time and could always remote SSH.

@Adamm Did this change recently in SkyNet?

When the securemode setting is enabled (which it is by default), it prevents the user from exposing SSH and the WebUI to WAN, if you check the syslog you will see;

logger -st Skynet "[!] Insecure Setting Detected - Disabling WAN SSH Access"