What's new

Release Asuswrt-Merlin 3004.388.7 is now available

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Status
Not open for further replies.
Nope, the DNS service (screenshot below). I was able to get it to open properly once, but everytime since then it's showing up behind the main panel. I might try a different browser.

And yeah OK - CTRL-reload works for me as suggested above. After a force reload (Chrome) it all works fine repeatedly.
 
What is the WAN dns set to?
@HorseCalledHorse already replied.
"Yes, the messages are normal. That setting now prevents the use of Apple Private Relay and Mail Privacy Protection, which uses those mask.icloud.com servers you're seeing in the log. If you want to use Apple Private Relay or Mail Privacy Protection, set Prevent client auto DoH to "No". The log messages will then stop"

It's better to leave it on Auto ? that avoids data leaks, isn't it from what I understand ?
 
@HorseCalledHorse already replied.
"Yes, the messages are normal. That setting now prevents the use of Apple Private Relay and Mail Privacy Protection, which uses those mask.icloud.com servers you're seeing in the log. If you want to use Apple Private Relay or Mail Privacy Protection, set Prevent client auto DoH to "No". The log messages will then stop"

It's better to leave it on Auto ? that avoids data leaks, isn't it from what I understand ?
Sorry, phone issue. I meant to reply to someone else. 🤦‍♂️
 
I know but I was testing different settings to check which one of them was wrong.

Dot + DNSSEC = ×
Dot = x
DNSSEC = x
DNS without DOT or DNSSEC= ✓

I also tried with ControlD and Cloudflare, even ISP DNS servers and still same result.

Dot is broken for me in this version.

UPDATE: DoT now works but with Opportunistic mode. It was working on Strict mode before firmware flash.
What is the WAN dns set to? When I had issues with DoT dropping in the past it’s when the router couldn’t get a dns resolution after a connection hiccup.
 
ax88u pro

I find these lines in the logs, is this normal?

Code:
Apr 30 19:54:24 kernel: CPU: 1 PID: 8559 Comm: dcd Tainted: P           O      4.19.183 #1
Apr 30 19:54:24 kernel: Hardware name: RTAX88U_PRO (DT)
Apr 30 19:54:24 kernel: pstate: 200f0010 (nzCv q A32 LE aif)
Apr 30 19:54:24 kernel: pc : 00000000f79799d8
Apr 30 19:54:24 kernel: lr : 0000000080808080
Apr 30 19:54:24 kernel: sp : 00000000ffb277b0
Apr 30 19:54:24 kernel: x12: 0000000000000000
Apr 30 19:54:24 kernel: x11: 0000000000000000 x10: 000000000007e66c
Apr 30 19:54:24 kernel: x9 : 00000000f69fb008 x8 : 00000000000a387e
Apr 30 19:54:24 kernel: x7 : 0000000000000008 x6 : 0000000000000000
Apr 30 19:54:24 kernel: x5 : 00000000000a3884 x4 : 00000000fefefeff
Apr 30 19:54:24 kernel: x3 : 0000000000000000 x2 : 0000000000000000
Apr 30 19:54:24 kernel: x1 : 0000000000000107 x0 : 0000000000000000
 
ax88u pro

I find these lines in the logs, is this normal?

Code:
Apr 30 19:54:24 kernel: CPU: 1 PID: 8559 Comm: dcd Tainted: P           O      4.19.183 #1
Apr 30 19:54:24 kernel: Hardware name: RTAX88U_PRO (DT)
Apr 30 19:54:24 kernel: pstate: 200f0010 (nzCv q A32 LE aif)
Apr 30 19:54:24 kernel: pc : 00000000f79799d8
Apr 30 19:54:24 kernel: lr : 0000000080808080
Apr 30 19:54:24 kernel: sp : 00000000ffb277b0
Apr 30 19:54:24 kernel: x12: 0000000000000000
Apr 30 19:54:24 kernel: x11: 0000000000000000 x10: 000000000007e66c
Apr 30 19:54:24 kernel: x9 : 00000000f69fb008 x8 : 00000000000a387e
Apr 30 19:54:24 kernel: x7 : 0000000000000008 x6 : 0000000000000000
Apr 30 19:54:24 kernel: x5 : 00000000000a3884 x4 : 00000000fefefeff
Apr 30 19:54:24 kernel: x3 : 0000000000000000 x2 : 0000000000000000
Apr 30 19:54:24 kernel: x1 : 0000000000000107 x0 : 0000000000000000
Yes, it's the Trend Micro data collection daemon crashing and restarting. They come and go in my logs. Trend Micro has needed to fix this for a few years now, ASUS knows and can't do anything about it.
 
Haven't tried this on the alpha and beta releases but dual WAN load balancing feel as if it has been working better with more consistency and stability on a clean install of this firmware. The downside though is that wireguard client seems to be really flakey when load balance is activated and requires router reboot for the VPN client to work properly. No such issue with OpenVPN client which has been working with no issues at all.
 
I’m having the same issue as on 388.6 (on AX86S) My secondary WAN (4G USB device) is stuck in a disconnect/reconnect loop.
I tried both a dirty and clean install. No flash drive connected, no scripts running. This worked fine until 388.5, so I downgraded again but would be nice to see this being resolved.

Logs:
May 1 00:46:27 kernel: usb 1-1: new high-speed USB device number 38 using ehci-platform
May 1 00:46:27 kernel: cdc_ether 1-1:1.0 eth7: register 'cdc_ether' at usb-ehci-platform.0-1, CDC Ethernet Device, 00:1e:10:1f:00:00
May 1 00:46:27 hotplug: add net eth7.
May 1 00:46:27 hotplug: set net eth7.
May 1 00:46:29 kernel: usb 1-1: USB disconnect, device number 38
May 1 00:46:29 kernel: cdc_ether 1-1:1.0 eth7: unregister 'cdc_ether' usb-ehci-platform.0-1, CDC Ethernet Device
May 1 00:46:29 hotplug: remove net eth7.

May 1 00:46:30 kernel: usb 1-1: new high-speed USB device number 39 using ehci-platform
May 1 00:46:30 kernel: usb-storage 1-1:1.0: USB Mass Storage device detected
May 1 00:46:30 kernel: scsi host19: usb-storage 1-1:1.0
May 1 00:46:31 kernel: scsi 19:0:0:0: CD-ROM HUAWEI Mass Storage 2.3M PQ: 0 ANSI: 2
May 1 00:46:31 kernel: scsi 19:0:0:0: Attached scsi generic sg1 type 5
May 1 00:46:38 kernel: usb 1-1: USB disconnect, device number 39

May 1 00:46:38 kernel: usb 1-1: new high-speed USB device number 40 using ehci-platform
May 1 00:46:38 kernel: cdc_ether 1-1:1.0 eth7: register 'cdc_ether' at usb-ehci-platform.0-1, CDC Ethernet Device, 00:1e:10:1f:00:00
May 1 00:46:38 hotplug: add net eth7.
May 1 00:46:38 hotplug: set net eth7.
May 1 00:46:41 kernel: usb 1-1: USB disconnect, device number 40
May 1 00:46:41 kernel: cdc_ether 1-1:1.0 eth7: unregister 'cdc_ether' usb-ehci-platform.0-1, CDC Ethernet Device
May 1 00:46:41 hotplug: remove net eth7.

May 1 00:46:41 kernel: usb 1-1: new high-speed USB device number 41 using ehci-platform
May 1 00:46:41 kernel: usb-storage 1-1:1.0: USB Mass Storage device detected
May 1 00:46:41 kernel: scsi host20: usb-storage 1-1:1.0
May 1 00:46:42 kernel: scsi 20:0:0:0: CD-ROM HUAWEI Mass Storage 2.3M PQ: 0 ANSI: 2
May 1 00:46:42 kernel: scsi 20:0:0:0: Attached scsi generic sg1 type 5
 
What is the WAN dns set to? When I had issues with DoT dropping in the past it’s when the router couldn’t get a dns resolution after a connection hiccup.

I know but I was testing different settings to check which one of them was wrong.

Dot + DNSSEC = ×
Dot = x
DNSSEC = x
DNS without DOT or DNSSEC= ✓

I also tried with ControlD and Cloudflare, even ISP DNS servers and still same result.

Dot is broken for me in this version.

UPDATE: DoT now works but with Opportunistic mode. It was working on Strict mode before firmware flash.

I can't confirm that DoT is fully broken, but I can confirm that after a dirty upgrade that iCloud Relay has broken.

Prevent client auto DoH must now be set to No, instead of Auto.

If this is a bug in DNSMasq, so be it. I'll have to either revert or wait until the next release, but if this can be confirmed to be a dirty upgrade issue I'll do the laborious task of a device reset.
 
Last edited:
Why is that considered a good change?

workflow.png
 
Last edited:
Apple private relay will bypass anything you’re doing with DNS in the router (including DoT).
Prevent client DoH will disable Apple private relay now, & allow your router DNS settings to take effect.
IMHO, prevent client DoH should always be set to ‘no’, even if not using Apple private relay, as having it set to ‘yes’ or ‘auto’ seem to add a few seconds latency when going to a new web site. Not sure why this should be, but that’s what I’m seeing here.
 
The problem is the Prevent Client auto DoH is a global setting. Now if I want to use the iCloud Relay, I have to let everything else through too.

If this setting is disabling the Private Relay, that's arguably a worse outcome. There was more privacy provided by the private relay proxy servers loading up the page for you.

Google's on this subject matter pull up Pi-hole discussions and the same Sophie's choice.

You will need to decide for yourself if you would rather have ad-blocking via Pi-hole or some anonymity gained through iCloud PR.

This one I at least get though. Pi-hole can't fix an encrypted transfer that proxies executed on your behalf.

This feels like a weird, forced choice that didn't exist before this point. Auto was playing nicely literally one firmware back.
 
Last edited:
i have "Prevent client auto DoH" set to yes, and my kid was using safari with private relay quite fine. how did he even find out about private relay? he's 11! :)
 
The problem is the Prevent Client auto DoH is a global setting. Now if I want to use the iCloud Relay, I have to let everything else through too.

If this setting is disabling the Private Relay, that's arguably a worse outcome. There was more privacy provided by the private relay proxy servers loading up the page for you.

Google's on this subject matter pull up Pi-hole discussions and the same Sophie's choice.



This one I at least get though. Pi-hole can't fix an encrypted transfer that proxies executed on your behalf.

This feels like a weird, forced choice that didn't exist before this point. Auto was playing nicely literally one firmware back.
If you want Apple private relay, set prevent client DoH to ‘no’.

Apple private relay always bypassed router DNS settings, no change here.

If you want Apple private relay + malware/adblocking, you can install an Apple DNS profile. A lot to choose from.

Some here:

Profile needs to be installed on each device (if required).
 
The problem is the Prevent Client auto DoH is a global setting. Now if I want to use the iCloud Relay, I have to let everything else through too.
When I was playing with iCloud relay in the alpha/s I was able to force the router to offer an exception for my iPhone. It seems there is a mechanic that makes it offer an exception for clients that repeatedly blocked. I don't remember how long it took for the router to make exception but it did. For now just use another browser for something that works then from time to time use safari and let it get block until it gives up. :)

*Correction*: If I remember correctly, it was the iPhone that made an exception for our network to not use iCloud relay while in network and works out of it.
 
Last edited:
I recently performed a dirty upgrade:
  • Router: RT-AX88U Pro (3004.388.6_2 -> 3004.388.7)
  • AiMesh Nodes: 2x RT-AX88U Pro (both 3004.388.6_2 -> 3004.388.7)
  • Backhaul: Wired
Everything seemed stable for the first few hours, but after about 4+ hours of uptime, I started experiencing random internet connection drops across various devices. A simple router reboot would restore connectivity temporarily, but the issue would return within 4 hours.

To troubleshoot, I performed a hard reset on the main router and AiMesh nodes, reconfigured everything from scratch, and restored my network mappings using nvram. Since then (past 4+ hours), I haven't encountered any more internet drops.

For additional context, I'm using DoT with ControlD, but I doubt it's related to the problem.

My guess is the dirty upgrade might have caused some underlying issue, and the hard reset cleared it up.

I'll keep monitoring the situation and report back if anything changes.
 
Status
Not open for further replies.

Similar threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top