[Beta] Asuswrt-Merlin 384.7 Beta is now available

[skeal]

Paste is private, can't view it.

Sorry sir! Here it is: https://pastebin.com/jx9T5vJx

 

[octopus]

Sorry sir! Here it is: https://pastebin.com/jx9T5vJx

This page is no longer available. It has either expired, been removed by its creator, or removed by one of the Pastebin straff.

 

[M@rco]

@skeal Looking at line 32-34, dnssec is still enabled:

trust-anchor=.,19036,8,2,49AAC11D7B6F6446702E54A1607371607A1A41855200FD2CE1CDDE32F24E8FB5
trust-anchor=.,20326,8,2,E06D44B80B8F1D39A95C0B0D7C65D08458E880409BBC683457104237C7F8EC8D
dnssec

It looks like it's still enabled in the UI? At least, it is with me and as soon as I disable it and re-open dnsmasq.conf, these lines are gone.

 

[skeal]

Post the content of /etc/dnsmasq.conf.

Sorry for all the problems. This should work now: https://pastebin.com/bDvtGpcN

 

[octopus]

Sorry for all the problems. This should work now: https://pastebin.com/bDvtGpcN

 

[RMerlin]

DNSSEC is still enabled in that config (see the line with "dnssec" in it).

Are you sure you disabled DNSSEC and not DNSSEC's enforced validation? Also check that you don't have a /jffs/configs/dnsmasq.conf config file overwriting the one generated by the router.

 

[skeal]

First: /jffs/configs/dnsmasq.conf doesn't exist.
Below is a image of my settings.
I copied the file you asked for again after turning everything off again. Posted here: https://pastebin.com/RHYzdA1c
Still the test sites show I have dnssec working.

 

[skeal]

DNSSEC is still enabled in that config (see the line with "dnssec" in it).

Are you sure you disabled DNSSEC and not DNSSEC's enforced validation? Also check that you don't have a /jffs/configs/dnsmasq.conf config file overwriting the one generated by the router.

The post above has the info after the dnssec has been disabled. Am I missing something here? Cause it still tests as if it is working on two different sites.

 

[RMerlin]

The post above has the info after the dnssec has been disabled. Am I missing something here? Cause it still tests as if it is working on two different sites.

Just tested it here, and it's working normally for me. Enabling dnssec adds it to the config, and after I disable it it disappears from it.

admin@Stargate88:/jffs# cat /etc/dnsmasq.conf | grep dnssec
dnssec
dnssec-check-unsigned=no
admin@Stargate88:/jffs# cat /etc/dnsmasq.conf | grep dnssec
admin@Stargate88:/jffs#

Check if your browser generates a Javascript error when you try to apply your changes.

 

[skeal]

Just tested it here, and it's working normally for me. Enabling dnssec adds it to the config, and after I disable it it disappears from it.

admin@Stargate88:/jffs# cat /etc/dnsmasq.conf | grep dnssec
dnssec
dnssec-check-unsigned=no
admin@Stargate88:/jffs# cat /etc/dnsmasq.conf | grep dnssec
admin@Stargate88:/jffs#

I realize that as my post shows. But it still resolves on the dnssec test sites, is this normal?

 

[RMerlin]

I realize that as my post shows. But it still resolves on the dnssec test sites, is this normal?

Ok, didn't notice you had posted a second config with it disabled.

I don't use those test sites personally, I do my tests over Linux so I can actually know what really gets tested, so no idea if it's an issue with the test site or a cache on your end, sorry.

 

[RMerlin]

Otherwise, if using "/sbin/ddns_updated", as described in the new wiki, an error message will pop-up while in the wan/ddns page and the yellow mark would remain next to the DDNS internet status in the Network Map page. The ddns server would still update though!

I just reviewed the difference between ddns_update and ddns_custom_update, and the former would indeed be failing as it relies on a cache file normally created by the firmware. I will amend the Wiki, thanks.

 

[RMerlin]

getting this error message :

Sep 27 16:14:36 start_ddns: update WWW.TUNNELBROKER.NET default@tunnelbroker.net, wan_unit 0
Sep 27 16:14:37 inadyn[1206]: In-a-dyn version 2.4 -- Dynamic DNS update client.
Sep 27 16:14:37 inadyn[1206]: Failed resolving hostname xxxxxx (tunnel id): Name or service not known
Sep 27 16:14:37 inadyn[1206]: Update forced for alias xxxxxx (tunnel id), new IP# xx.xx.xx.xx
Sep 27 16:14:39 inadyn[1206]: Updating cache for xxxxxx (tunnel id)

but everything seems to be working fine though, DDNS registered successfully.

thanks Merlin.

Minor bug in inadyn, fixed on my end, and pull request submitted upstream.

 

[Treadler]

I realize that as my post shows. But it still resolves on the dnssec test sites, is this normal?

See post #201

 

[skeal]

As I understand it, those sites are only confirming that the resolver you’re using implements DNSSEC.
Whether you enable/disable DNSSEC within your router, is a seperate, local issue, with no influence on what the resolver is doing.
Enabling DNSSEC within your router just enforces/confirms that what your resolver is supplying is what is being received. The ‘last mile’ if you like.
Disclaimer: I am no expert, but this is how I think it works.....

See post #201

Yup I got this figured out now thanks for the excellent help!

 

[cristobal07]

Try updating IP over http by adding this option to your conf file:

Minor bug in inadyn, fixed on my end, and pull request submitted upstream.

thanks.

 

[GoNz0]

Minor bug in inadyn, fixed on my end, and pull request submitted upstream.

Must be the same error I get causing it to restart?

Sep 28 08:30:46 start_ddns: update WWW.DNSOMATIC.COM default@dnsomatic.com, wan_unit 0
Sep 28 08:30:48 inadyn[19372]: In-a-dyn version 2.4 -- Dynamic DNS update client.
Sep 28 08:30:48 inadyn[19372]: Resolving hostname *****.co.uk => IP# 0.0.0.0
Sep 28 08:30:48 inadyn[19372]: Base64 encoded string: Z29uejAwOnhjN2hoajg1TlI4bA==
Sep 28 08:30:48 inadyn[19372]: Get address for default@dnsomatic.com
Sep 28 08:30:48 inadyn[19372]: Starting command to get my public IP#: INADYN_PROVIDER="default@dnsomatic.com" INADYN_USER="*******" /usr/sbin/nvram get wan0_ipaddr
Sep 28 08:30:48 inadyn[19372]: Command 'INADYN_PROVIDER="default@dnsomatic.com" INADYN_USER="******" /usr/sbin/nvram get wan0_ipaddr' returns 12 bytes
Sep 28 08:30:48 inadyn[19372]: Command response:
Sep 28 08:30:48 inadyn[19372]: 0.0.0.0
Sep 28 08:30:48 inadyn[19372]: Checking IPv4 address 0.0.0.0 ...
Sep 28 08:30:48 inadyn[19372]: IPv4 address 0.0.0.0 is valid.
Sep 28 08:30:48 inadyn[19372]: Current IP# 0.0.0.0 at default@dnsomatic.com
Sep 28 08:30:48 inadyn[19372]: Update forced for alias ******.co.uk, new IP# 0.0.0.0
Sep 28 08:30:48 inadyn[19372]: Sending IP# update to DDNS server, connecting to updates.dnsomatic.com([67.215.92.215]:443)
Sep 28 08:30:49 inadyn[19372]: Sending IP# update to DDNS server, initiating HTTPS ...
Sep 28 08:30:50 inadyn[19372]: SSL connection using ECDHE-RSA-AES256-GCM-SHA384
Sep 28 08:30:50 inadyn[19372]: Certificate OK
Sep 28 08:30:50 inadyn[19372]: SSL server cert subject: /C=US/ST=California/L=San Francisco/O=OpenDNS, Inc./OU=Operations/CN=www.dnsomatic.com
Sep 28 08:30:50 inadyn[19372]: SSL server cert issuer: /C=US/O=DigiCert Inc/CN=DigiCert SHA2 Secure Server CA
Sep 28 08:30:50 inadyn[19372]: Sending alias table update to DDNS server: GET /nic/update?hostname=*******.co.uk&myip=0.0.0.0 HTTP/1.0^M Host: updates.dnsomatic.com^M Authorization: Basic Z29uejAwOnhjN2hoajg1TlI4bA==^M User-Agent: inadyn/2.4 https://github.com/troglobit/inadyn/issues^M ^M
Sep 28 08:30:50 inadyn[19372]: Successfully sent HTTPS request!
Sep 28 08:30:55 inadyn[19372]: DDNS server response:

 

[RMerlin]

Must be the same error I get causing it to restart?

No, his issue was specific to Tunnelbroker (and was purely cosmetical).

Your IP is being reported as being 0.0.0.0. Anything special with your WAN configuration?

 

[GoNz0]

I edited my IP and ddns host out.

No, his issue was specific to Tunnelbroker (and was purely cosmetical).

Your IP is being reported as being 0.0.0.0. Anything special with your WAN configuration?

Sent from my SM-G920F using Tapatalk

 

[bbunge]

USB 3.0 SanDisk Ultra 32 GB (new) recognized in USB3 port when USB Mode 2.0 is selected but not when USB Mode 3.0 is selected. Have tried with "default" FAT 32 format and EXT 3 format. Neither worked. Tried two other USB 3.0 SanDisk drives with the same result. RT-AC66U_B1 with RT-AC68U 384-7 B2 firmware. Had loaded Entware on USB 2.0 and decided to try a USB 3.0 stick. Also, the external USB2.0 drive in the back port goes wonky when I switch the front USB to 3.0. Suggestions?