amtm amtm - the Asuswrt-Merlin Terminal Menu

[SomeWhereOverTheRainBow]

The first question that needs to be answered is why are ARPA queries making it to dnscrypt to begin with, they've been blocked by dnsmasq and diversion for over a year.

are you on a dual nat setup or behind a vpn?

 

[SomeWhereOverTheRainBow]

127.0.1.1 1.8.168.192.in-addr.arpa PTR REJECT 0ms

this looks more to me like dnscrypt-proxy requesting it and diversion is blocking it, but I could be wrong, either way, looks like you have found your dilemma- too much is getting blocked.

 

[dugaduga]

Arpa is blocked in diversions wildcard yet it is sneaking past dnsmasq; All these queries are from the router upon boot, nothing else. PTR is blocked on individual devices os level. I also manually block diversion ads but they are now sneaking through to Dnscrypt; looks like amtm updates is using PTR now; I block PTR because AsusWRT routers call home to dozens of PTR addresses all over the world, and the only solution is blocking them completely.

 

[thelonelycoder]

Arpa is blocked in diversions wildcard yet it is sneaking past dnsmasq; I also manually block diversion ads but they are now sneaking through to Dnscrypt; looks like amtm and diversion is using ptr now; I block PTR because AsusWRT routers call home to dozens of PTR addresses all over the world, and the only solution is blocking them completely.

amtm and Diversion use curl and always have. Never changed that.

 

[dugaduga]

amtm and Diversion use curl and always have. Never changed that.

Ok is this a dnsmasq issue? I whitelisted 1.8.168.192.in-addr.arpa in dnscrypt, which appears as blocked when AMTM searches for updates. I still get upd err, suggesting this could be a server side issue. Dnsmasq is sneaking these PTR requests through for some odd reason, maybe because of sever connection errors without PTR? And it does not enforce blocks 100% with dnsmasq.conf.

I still see

! Diversion: diversion.ch unreachable
! Skynet: raw.githubusercontent.com unreachable
! NVRAM Save/Restore Utility: raw.githubusercontent.com unreachable
! dnscrypt installer: raw.githubusercontent.com unreachable
! using fallback server diversion.ch
! amtm: diversion.ch unreachable

Update(s) aborted, could not retrieve version

You said it is blocked at the router level, where could this be blocked in my router as you suggested @thelonelycoder? I can ping diversion.ch via the terminal, and curl pulls your website without any issue.

I see no block in dnscrypt, dnsmasq, or skynet. Reinstalled AMTM, no change.

Also @thelonelycoder I do not see dns requests in diversion/dnsmasq logs when running AMTM update, why not, what resolver is it using? and where can I find those logs for debugging?

 

[LimJK]

Ok is this a dnsmasq issue? I whitelisted 1.8.168.192.in-addr.arpa in dnscrypt, which appears as blocked when AMTM searches for updates. I still get upd err, suggesting this could be a server side issue. Dnsmasq is sneaking these PTR requests through for some odd reason, maybe because of sever connection errors without PTR? And it does not enforce blocks 100% with dnsmasq.conf.

I still see



You said it is blocked at the router level, where could this be blocked in my router as you suggested @thelonelycoder? I can ping diversion.ch via the terminal, and curl pulls your website without any issue.

I see no block in dnscrypt, dnsmasq, or skynet. Reinstalled AMTM, no change.

Also @thelonelycoder I do not see dns requests in diversion/dnsmasq logs when running AMTM update, why not, what resolver is it using? and where can I find those logs for debugging?

Hi,
I have similar experience a few weeks ago, with help from lonelycoder discovered the issue is my ISP DNS Server ... see the few posts here:
https://www.snbforums.com/threads/amtm-the-asuswrt-merlin-terminal-menu.42415/page-96#post-568003
Hope it helps.

 

[dugaduga]

Hi,
I have similar experience a few weeks ago, with help from lonelycoder discovered the issue is my ISP DNS Server ... see the few posts here:
https://www.snbforums.com/threads/amtm-the-asuswrt-merlin-terminal-menu.42415/page-96#post-568003
Hope it helps.

thelonelycoder,

Thank you, Thank you.

After reading your post, I tried resolving the following using the GUI Network Tools - NsLookup

• raw.githubusercontent.com
• fwupdate.asuswrt-merlin.net

It took about 15 seconds to resolve ... looks like my ISP's DNS Server is very slow in resolving these domains. So, I forced it to use Cloudflare 1.1.1.1 and 1.0.0.1 as my DNS Server on the WAN page. Looks like problem resolved . Thank you!

Nothing I ran under NsLookup would resolve...

I rebooted my upstream router and this solved this and the other problem immediately. WEEEIRD MAN. The strangest coincid-ences sometimes have the simplest answers.

 

[LimJK]

Nothing I ran under NsLookup would resolve...

I rebooted my upstream router and this solved this and the other problem immediately. WEEEIRD MAN. The strangest coincid-ences sometimes have the simplest answers.

Hi,
If nothing can be resolved under NSLookup ... have you tried using a different DNS Server other than the default ISP DNS Server?
WAN -> Internet Connection -> WAN DNS Setting:

For my case once I did that my amtm update issue has been resolved. I actually went back to use the ISP DNS Server, works for a while, than same problem occurs after a little while, so for now, I set it to use Cloudflare. Hope it helps.

 

[dave14305]

I've been using this as a base and constructed one for my needs.
Two questions:
- Is it correct to use: nvram save "$BACKUPDIR"/settings_"$FWVER".cfg>/dev/null , so it can suppress the "Saved!" Output?
- if someday I need to restore nvram, I'll use the .cfg file through Gui or through nvram restore command, correct? I mean, the .txt file is only for reading purposes, right?

Thanks.

Yes to both questions. I don’t see that Saved! message on an AC68U, so I never thought to account for it.

 

[maghuro]

Yes to both questions. I don’t see that Saved! message on an AC68U, so I never thought to account for it.

I see it, not on logs but on terminal itself...

Thanks!

 

[thelonelycoder]

I see it, not on logs but on terminal itself...

Thanks!

Please move this discussion to a new or an appropriate thread, it has not much to do with amtm, if it does at all.
Thanks.

 

[thelonelycoder]

Thanks for an awesome tool. I'd like the time/date added to the main panel to complement the message of "All Scripts are up to date" to show when eg. 08:00 18Apr 2020.

Done locally, thanks for the idea:

Everything's up to date (Apr 25 2020 20:21)

 

[thelonelycoder]

Speaking about new features - i would like (but i can live without) to see amtm being able to set time for LEDs on and off and pass it to crontab. Also displays currently configured LED on/off time if set up.

Thanks for the suggestion, the LED scheduler will be available with the next amtm update.

 

[thelonelycoder]

(In reply to suggesting an LED scheduler in amtm)

This would be better integrated in scMerlin?

scMerlin is a (router) services helper, the LED scheduler fits perfectly into the amtm feature list.

 

[thelonelycoder]

I know what else MUST be ported to Merlin firmware - LARN!!!

Please explain what LARN is, thanks.

 

[pirx73]

Rogue-like ASCII graphics console game, very old. Used to play on mainframes
https://larn.org/

 

[maghuro]

As we're talking about suggestions, I've been thinking on something on amtm that coulds scannetwork devices (like a QNAP) and be able to mount it (asking for userass if necessary), and maybe asking the user if he wants that device to be mounted on boot, or based on a time schedule.

So it can be used for schedule backups. Right now I created a cron script based on a @dave14305 ideia that runs daily at 6am and backups everything to my qnap, keeping two backups per fw version and 3 different fw version history (so a total of 6 different backups). I know it could be much, but as Idesperately want to learn things, I do compile often the firmware and install by myself, making some changes here and there, and I had already one heart attack once

 

[Asad Ali]

Right now I created a cron script based on a @dave14305 ideia that runs daily at 6am

What's the point of backing router filesystem every day? We don't change our configurations daily, nor do we add any extra script/add-ons on it on a daily basis.

Also if you're tinkering with the firmware and making changes to the core system, it's best to always configure it from scratch without using any sort of backups.

 

[maghuro]

What's the point of backing router filesystem every day? We don't change our configurations daily, nor do we add any extra script/add-ons on it on a daily basis.

Also if you're tinkering with the firmware and making changes to the core system, it's best to always configure it from scratch without using any sort of backups.

You're absolutely right, but my simplest explanation is: OCD

 

[cmkelley]

You're absolutely right, but my simplest explanation is: OCD

I do the same. I copy the jffs folder to my USB SSD daily, which then gets backed up (the entire USB SSD, so entware, etc. as well) to an external spinning rust disk (okay, two of them in a mirror), using rsnapshot. I can go back a year to find a file since rsnapshot makes extensive use of hard links to only store a file in a given state once. And I also rotate through all the shares through the week and back them up to B2 with rsync.

Y'alls OCD ain't got nothing on me.