[Beta] Asuswrt-Merlin 384.11 Beta is now available

[Swistheater]

I simply want more of the Common ones listed that are know to be proven -safe v.s. ones that are test ones. there are several test ones on the list. We need more consistency on the list as well, like if quad 9 ipv4 secure and insecure is listed, then so should the ones for IPv6. clean browsing is okay but i am not too keen on that one getting listed because an uneducated end user might select it and not realize the extent of filtering it does unless merlin goes into listing it.

It would be nice one day to segregate instances of DoT via dnsfilter.--- idk if that is even possible.

 

[HardCat]

Unable to reproduce (and I do connect a lot over SSH with my routers during development). Check your client settings, or try with a different client.

I was able to solve this issue, not sure what was causing it but I had listed ca.pool.ntp.org as the NTP server on the Administration-System page when I was unable to use SSH. I changed the NTP servers to 0.ca.pool.ntp.org and a secondary of 1.ca.pool.ntp.org and applied the change. From that moment SSH worked fine. The SSH client (XShell 6) was fine. Hope this may help someone else.

 

[Swistheater]

Not trying to gripe , but how clean is everyones test on
https://rootcanary.org/test.html
Using the dnsmasq implementation of dnssec vs the stubby implementation of dnssec? For some reason my experience testing with stubby dnssec results in smoother more modern results vs dnsmasq dnssec hangs with alot of algorithms hanging on server fail. Can people here running dnsmasq dnssec post pictures of results?

 

[Swistheater]

This is what a modern results showing good dnssec validation would show.

 

[MarkRH]

With Cloudflare as DNS servers, when running https://rootcanary.org/test.html I get:

With DNSSEC (Strict) enabled in router GUI:

With DNSSEC disabled in router GUI:

Whatever that means. It might be similar to the Cloudflare page that fails when DNSSEC is enabled.(?)

 

[skeal]

With Cloudflare as DNS servers, when running https://rootcanary.org/test.html I get:

With DNSSEC (Strict) enabled in router GUI:

With DNSSEC disabled in router GUI:

Whatever that means. It might be similar to the Cloudflare page that fails when DNSSEC is enabled.(?)

+1 Enabling DNSSEC makes the others fail. Doesn't mean much IMHO.

 

[Swistheater]

the test i posted above was mine using the stubby.yml dnssec

 

[Swistheater]

also look at this article
https://labs.ripe.net/Members/rolan...the-coalmine-for-the-dnssec-root-key-rollover

 

[Swistheater]

+1 Enabling DNSSEC makes the others fail. Doesn't mean much IMHO.

that isn't a good thing that those fail because they are perfectly valid links -- so your dnssec will cause them to fail because of loading issues.

 

[GoNz0]

Whenever I make a change it just sits on the applying settings screen until I refresh, anyone else got this?

AC68U after a dirty flash.

 

[Swistheater]

Whenever I make a change it just sits on the applying settings screen until I refresh, anyone else got this?

AC68U after a dirty flash.

what scripts are you running?

 

[Swistheater]

Whenever I make a change it just sits on the applying settings screen until I refresh, anyone else got this?

AC68U after a dirty flash.

https://www.snbforums.com/threads/p...ue-while-using-his-scripts.56308/#post-485657 <----- incase you are running any of the new scripts inside amtm this is where you report your issues, i believe this is really the only people having these issues.

Scripts~
ntpmerlin
connmon
spdmerlin

 

[Gar]

Whenever I make a change it just sits on the applying settings screen until I refresh, anyone else got this?

AC68U after a dirty flash.

Yes, a known issue for some. No scripts.

 

[GoNz0]

Yes, a known issue for some. No scripts.

Yeah I run his ntp script

Sent from my SM-G920F using Tapatalk

 

[Swistheater]

Yeah I run his ntp script

Sent from my SM-G920F using Tapatalk

i imagine if you uninstall it you wont have this issue.

 

[RMerlin]

I've been using beta1 today on my RT-AC88U and it seems fine. The addition of DoT is great and seems to be working properly (alongside Stubby).

The only thing I've noticed is that the Firmware Upgrade tab doesn't seem to have an Apply button (I'm using Firefox) so there is no way to change from the default of Yes for the scheduled check. Am I missing something obvious?

There is no need for an Apply button, the change is applied asynchronously to the router when you change it. Using an Apply button would require a rewrite of a large portion of that page, and isn't worth it.

Asus uses the same async method with the redesigned Virtual Server page now.

However, I feel the Preset Servers for DoT should also include those resolvers included in DNSFilter, provided they support DoT

Which one specifically?

I based the preset list on what was in the Stubby example config file.

 

[RMerlin]

I was able to solve this issue, not sure what was causing it but I had listed ca.pool.ntp.org as the NTP server on the Administration-System page when I was unable to use SSH. I changed the NTP servers to 0.ca.pool.ntp.org and a secondary of 1.ca.pool.ntp.org and applied the change. From that moment SSH worked fine. The SSH client (XShell 6) was fine. Hope this may help someone else.

Odd.

I second the suggestion for time.nrc.ca. I've used that one for years myself.

 

[Swistheater]

There is no need for an Apply button, the change is applied asynchronously to the router when you change it. Using an Apply button would require a rewrite of a large portion of that page, and isn't worth it.

Asus uses the same async method with the redesigned Virtual Server page now.



Which one specifically?

I based the preset list on what was in the Stubby example config file.



Got any reference about this? I don't see any mention of DoT on their website.

Merlin - alot of the servers inside that list that you have put on the list of supported are not main stream servers - most of them are test servers.

 

[dave14305]

Got any reference about this? I don't see any mention of DoT on their website.

https://cleanbrowsing.org/guides/dnsovertls

 

[Howard_inGA]

This is a browser feature, unrelated to the router.

Eric, I tried 3 different browsers, all with the same result regarding Encrypted SNI. All return the same result on this web site...
https://www.cloudflare.com/ssl/encrypted-sni/