Beta Asuswrt-Merlin 3004.388.8 beta is now available

[cc666]

My test results

$ dig +tls @dnscheck.tools txt go.dnscheck.tools

; <<>> DiG 9.18.24-0ubuntu5-Ubuntu <<>> +tls @dnscheck.tools txt go.dnscheck.tools
; (2 servers found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 31397
;; flags: qr aa rd; QUERY: 1, ANSWER: 8, AUTHORITY: 0, ADDITIONAL: 1
;; WARNING: recursion requested but not available

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;go.dnscheck.tools.        IN    TXT

;; ANSWER SECTION:
go.dnscheck.tools.    1    IN    TXT    "id: 31397"
go.dnscheck.tools.    1    IN    TXT    "proto: TLS"
go.dnscheck.tools.    1    IN    TXT    "remoteIp: 2a0a:ef40:d90:d700:xxxx:xxxx:xxxx:xxxx"
go.dnscheck.tools.    1    IN    TXT    "remotePort: 37201"
go.dnscheck.tools.    1    IN    TXT    "edns: version: 0, flags:; udp: 1232"
go.dnscheck.tools.    1    IN    TXT    "tlsVersion: TLS 1.3"
go.dnscheck.tools.    1    IN    TXT    "tlsCipherSuite: TLS_AES_128_GCM_SHA256"
go.dnscheck.tools.    1    IN    TXT    "tlsNegotiatedProtocol: dot"

;; Query time: 89 msec
;; SERVER: 2a01:4f8:1c1e:84c3::1#853(dnscheck.tools) (TLS)
;; WHEN: Mon Jul 15 13:14:44 BST 2024
;; MSG SIZE  rcvd: 488

Here is mine: I have cloudflare as my dns server.

Your DNS resolvers are:
Cloudflare

• 172.70.173.16ns: cruz.ns.cloudflare.comAshburn, Virginia, US
• 172.71.221.222ns: cruz.ns.cloudflare.comAshburn, Virginia, US

CLOUDFLARE_2400_CB00_0000_36

• 2400:cb00:413:1024::ac44:f418ns: chloe.ns.cloudflare.comAshburn, Virginia, US
• 2400:cb00:413:1024::ac44:f419ns: chloe.ns.cloudflare.comAshburn, Virginia, US
• 2400:cb00:413:1024::ac46:ad10ns: chloe.ns.cloudflare.comAshburn, Virginia, US
• 2400:cb00:601:1024::ac47:dd10ns: chloe.ns.cloudflare.comAshburn, Virginia, US
• 2400:cb00:601:1024::ac47:dddens: chloe.ns.cloudflare.comAshburn, Virginia, US
• 2400:cb00:601:1024::ac47:dddfns: chloe.ns.cloudflare.comAshburn, Virginia, US

Great! Your DNS responses are authenticated with DNSSEC:

	ECDSA P-256	ECDSA P-384	Ed25519
Good signature	✓	✓	✓
Bad signature	✓	✓	✓
Expired signature	✓	✓	✓
Missing signature	✓	✓	✓

Where does it indicate you are using Quad 9.

CC

type dnscheck.tools in your browser

CC

 

[Ripshod]

Where does it indicate you are using Quad 9

It's in the screenshot. Exa Networks provide infrastructure to quad9, just as WoodyNet does.
I don't remember exactly where this info came from but I do remember all the digging I did when I thought my DNS was being intercepted

 

[SkippyP]

I have now used "none" on DNS Privacy Protocol. It does not seem to fail now over time. At least not yet.
But multiple DoT configurations have failed... So it does not seem to be linked to a particular DNS.

FWIW, I’ve been testing that website (several times) yesterday and today, and I can’t get it to fail. It loads successfully every single time I try. I’m using Cloudflare unfiltered DNS (1.1.1.1) over DoT with local DNSSEC (i.e. the setting on my router) disabled.

 

[cc666]

FWIW, I’ve been testing that website (several times) yesterday and today, and I can’t get it to fail. It loads successfully every single time I try. I’m using Cloudflare unfiltered DNS (1.1.1.1) over DoT with local DNSSEC (i.e. the setting on my router) disabled.

To add to this, I have DNSSEC ENABLED and it loads fine DOT using Cloudflare.

CC

 

[Samuel_1975]

Beta for ax86u and ax86u pro works well I think

 

[swejuggalo]

It's not the router. It's not the firmware. Also tested with Cloudflare DoT. When was the last factory reset?
Try these settings with DNS Director set to "No Redirection", see if there's any change:
View attachment 60189
I used to have DNS Director set to "Router" but started getting DNS leaks until I changed that setting. It's no longer a logical setting (to me).

Trying your settings now. Will see what happens.

 

[swejuggalo]

FWIW, I’ve been testing that website (several times) yesterday and today, and I can’t get it to fail. It loads successfully every single time I try. I’m using Cloudflare unfiltered DNS (1.1.1.1) over DoT with local DNSSEC (i.e. the setting on my router) disabled.

Yeah, can't pinpoint what happens and there error cause.
Apparently, VPN gets killed at the same time the site shuts down.

 

[swejuggalo]

It's not the router. It's not the firmware. Also tested with Cloudflare DoT. When was the last factory reset?
Try these settings with DNS Director set to "No Redirection", see if there's any change:
View attachment 60189
I used to have DNS Director set to "Router" but started getting DNS leaks until I changed that setting. It's no longer a logical setting (to me).

Didn't seem to make much of a difference. Still some type of DNS problem.

 

[Ripshod]

Didn't seem to make much of a difference. Still some type of DNS problem.

VPN gets killed at the same time the site shuts down

I don't think the DNS thing is the problem. More likely it's a symptom of something else.

 

[swejuggalo]

I don't think the DNS thing is the problem. More likely it's a symptom of something else.

Possibly. VPN failing seems to happen randomly too, but seems to be related to getting a new IP and not updating it.
Not sure what is special with that site, since others should surely be blocked for similar reasons.
Guess I have to dig around some more.

 

[swejuggalo]

My issue also gets temporary fixed if I reboot "internet connection" via scMerlin and touch nothing else.

 

[Ripshod]

The eye of suspicion turns rapidly toward your ISP.

 

[SkippyP]

I agree with Ripshod. Sounds like an ISP problem.

 

[Dedel66]

@swejuggalo
Maybe you could do your tests with the 388.7 stable version, so that you can at least rule out that it is not the beta that is causing problems?

 

[swejuggalo]

The eye of suspicion turns rapidly toward your ISP.

Yeah. Will see what my next step will be.
That the page breaks isn't a major issue.
But the failure of VPN is a bigger since my normal setup involves automatic VPN connection while being at all other WiFi than my own.

 

[Fredrik69]

Yeah. Will see what my next step will be.
That the page breaks isn't a major issue.
But the failure of VPN is a bigger since my normal setup involves automatic VPN connection while being at all other WiFi than my own.

Swedbank is blocking VPN. I guess you also have problems with https://accounts.kivra.com/
Try split tunneling!
Read https://www.sweclockers.com/forum/trad/1703655-mullvad-vpn-kommer-inte-in-pa-kivra-och-swedbank (in Swedish, sorry about that).

 

[octopus]

Swedbank is blocking VPN. I guess you also have problems with https://accounts.kivra.com/
Try split tunneling!
Read https://www.sweclockers.com/forum/trad/1703655-mullvad-vpn-kommer-inte-in-pa-kivra-och-swedbank (in Swedish, sorry about that).

Kivra and Swedbank working fine with wireguard and OVPN.COM
Just tested with vpn and it's working also.

 

[Dedel66]

I thought this thread is about 388.8 BETA...

 

[tnpapa]

I thought this thread is about 388.8 BETA...

Has gone way off topic.

 

[swejuggalo]

Has gone way off topic.

If it's my issue that is off topic. I am running this beta. I think it started after having installing the beta. Trial and error to figure out what part is triggering it should that not be rather suitable to discuss with others running the beta?