ColinTaylor
Part of the Furniture
Yes it's off-topic. I suggest you open a separate thread with more detailed information as "for VM" doesn't tell us anything useful.Off topic, what IPv6 should I use for VM 6to4, native etc ?
Yes it's off-topic. I suggest you open a separate thread with more detailed information as "for VM" doesn't tell us anything useful.Off topic, what IPv6 should I use for VM 6to4, native etc ?
Maybee a long shot and no viable solution but what if you install Entware iptables? If the problem persists then atleast its not merlins backport of DNAT the cause of it.It didn’t help, unfortunately. There’s so little written about issues DNATting IPv6 UDP packets, that I’m starting to believe it’s another Broadcom “gift”. Disabling DNS Filter will avoid it.
9.9.9.11 enables EDNS, which can reduce your privacy as you need to share part of your subnet info with your query. So having 9.9.9.9 listed under Privacy is correct.Thanks again Rmerlin for a great build on my rt-ax88u. Just a quick observation under WAN / Dns server under Privacy respecting for quad9 you have 9.9.9.9 and 149.112.112.11, shouldn't this be 9.9.9.11 and 149.112.112.11 which is for Secured w/ECS: Malware blocking, DNSSEC Validation, ECS enabled. Just wondering if it was a typo or good reasoning behind this. Thanks again.
Can't you just get the same info from a command prompt with ping? or running the speedtest.net app? or its CLI version?The internet speed test page no longer displays packet loss?
That's a bummer for me that is fighting with my ISP over a bad quality connection atm...
Over many years, in all aspects of life, I’ve become a fan of Occam’s Razor.IPv6 is still an overengineered solution to a problem that also tries to address 10 other problems that sometimes weren't even problems.
But then, this is a recurring issue with other Internet novelties as well. The Internet was initially designed to be simple yet very robust in its design. Most protocols were even text-based, making it easy to debug and troubleshoot. What has been done to simple protocols such as HTTP, SMTP or DNS these past 5 years has been mind boggling. Developing any application that can handle sending email notifications has become quite complicated now that providers like Google expect you to use OAUTH2 for authentication. DNS has forked into four or five different protocols over the past three years.
Sometimes it does improve things or address a specific problem. But they also go out of their way to find other problems to solve at the same time. This added complexity only makes things harder to debug, and less robust and reliable.
Most like to run it on the router itself as you then eliminate other variables like WiFi interference, etc... For those that are hardwired from the PC to router with a verified good patch cable though can go that route.Can't you just get the same info from a command prompt with ping? or running the speedtest.net app? or its CLI version?
I don’t think it’s a matter of the userspace iptables tool, but something deeper in the kernel netfilter code or the darn Broadcom driver.Maybee a long shot and no viable solution but what if you install Entware iptables? If the problem persists then atleast its not merlins backport of DNAT the cause of it.
I've been running Entware iptables on my ac86u for acouple of month (just to get ipv6 DNAT on previous firmwares) without noticeable problems, but just to be safe, install, test then remove it.
I run three on one setup. It is easily possible.how many pihole instances are you running? I want to run two but I am thinking more and more that its not possible
That is completely odd. I just ran the same test, on the RT-AX88U and same firmware. Same method but I changed the DNS on a desktop computer and not an IPAD. Here are my results.I think this is related to the new IPv6 DNAT for DNS Filter.
rc: implement DNAT support for dnsfilter over IPV6 on HND models · RMerl/asuswrt-merlin.ng@c454668
Third party firmware for Asus routers (newer codebase) - rc: implement DNAT support for dnsfilter over IPV6 on HND models · RMerl/asuswrt-merlin.ng@c454668github.com
I can recreate this by manually setting DNS on my iPad to Cloudflare IPv6 (2606:4700:4700::1112), having DNS Filter in Router mode, and then running the test at https://cmdns.dev.dns-oarc.net/
I imagine the rewrite of the udp ipv6 headers probably triggers this problem.
IPv4 exhaustion is really coming in quick and fast in Australia.
9.9.9.11 enables EDNS, which can reduce your privacy as you need to share part of your subnet info with your query. So having 9.9.9.9 listed under Privacy is correct.
It sure is. My DHCP handout gives out the two IP addresses for my two main Pi-holes. I have a third Pi-hole instance on an older RPi that I stood up to goof around with PiVPN on.how many pihole instances are you running? I want to run two but I am thinking more and more that its not possible
One thing to note is that a lot of devices are moving to mobile. These can more easily be on IPv6 as the most common use for them is accessing remote email or web services. Less legacy equipment there as well. So CGNAT + IPv6 is fine for mobiles, which frees up IPs for cable/FTTN/FTTH connections. So the doomsday clock has slowed down quite a bit over the past few years.I don't think so. 47,573,248 IPs on ~26mln population. About the same ratio in Canada. And we don't worry here.
So is your repo copy of DNS_List.json for Privacy Quad9 (item 21) deliberately out of sync with ASUS’ online version? You use .9 and they use .11.9.9.9.11 enables EDNS, which can reduce your privacy as you need to share part of your subnet info with your query. So having 9.9.9.9 listed under Privacy is correct.
"21":{
"FilterMode": "Privacy-respecting",
"DNSService": "Quad9",
"ServiceIP1": "9.9.9.9",
"ServiceIP2": "149.112.112.11",
"Description": "Collects no information about users, and is governed by Swiss privacy law.",
"url": "https://quad9.net/asus/private",
"confirmed": "Yes",
"ping_target": "No"
},
"21":{
"FilterMode": "Privacy-respecting",
"DNSService": "Quad9",
"ServiceIP1": "9.9.9.11",
"ServiceIP2": "149.112.112.11",
"Description": "Collects no information about users, and is governed by Swiss privacy law.",
"url": "https://quad9.net/asus/private",
"confirmed": "Yes",
"ping_target": "No"
},
Then it means they changed it since last time I synced it.So is your repo copy of DNS_List.json for Privacy Quad9 (item 21) deliberately out of sync with ASUS’ online version? You use .9 and they use .11.
Test with the query posted by Dave. I was able to reproduce the issue on an RT-AX86U with just that single query.That is completely odd. I just ran the same test, on the RT-AX88U and same firmware. Same method but I changed the DNS on a desktop computer and not an IPAD. Here are my results.
So does 149.112.112.11, so if you want to be consistent replace that with 149.112.112.112 (No ECS) in your copy.Tho in this case, it looks to me as their updated version is wrong. 9.9.9.11 sends EDNS info.
So the doomsday clock has slowed down quite a bit over the past few years.
Welcome To SNBForums
SNBForums is a community for anyone who wants to learn about or discuss the latest in wireless routers, network storage and the ins and outs of building and maintaining a small network.
If you'd like to post a question, simply register and have at it!
While you're at it, please check out SmallNetBuilder for product reviews and our famous Router Charts, Ranker and plenty more!