https://www.snbforums.com/threads/a...rt-ac86u_3-0-0-4-384-32797.48520/#post-425767
Seems fix is included with this firmware ?
[Beta] Asuswrt-Merlin 384.7 Beta is now available
- Thread starter RMerlin
- Start date
-
- Tags
- asuswrt-merlin beta firmware
- Status
Seems fix is included with this firmware ?
Well after nvram reset on the new version it works now.
I always do this but hey it works now so no complaints.
In that case it will happen when I merge 384_32797, which is currently scheduled for 384.8.
@RMerlin, you're a busy guy. I really do appreciate all the efforts in making our routers 'GREAT' which is better than just good. Your FW makes that possible. I know the beta 3 is still in testing but normally from your experience, how long normally does it take to go final? Thanks again for all you do!!!!
skeal
Part of the Furniture
The final release of 384.7 is in the immediate future. My guess...this weekend. He wants to fully test the DDNS changes he made.
Hard to say for sure, there's one last minute update to dnsmasq that I want to apply due to a resolver issue it fixes, so that's delaying the release a bit.
john9527
Part of the Furniture
Are you planning on adding the CERT config changes to the standard config?
EDIT: Nevermind...see you already did it
bigcid10
Senior Member
OK,I don't really know how to explain this but I'll take a shot at it.
I have a ac88u router with merlin's 47 b3 on it and a new upright xfinity cable modem/ac router
the new ddns is supposed to handle dual NAT i.e. cable modem in non-bridged mode
I used to have it bridged so I could use my ddns without issue
when the ddns came out in this fw of merlin's ,I was like I'll unbridge my modem and see if it works
but The ddns status is stuck on " updating"
I have a no-ip,asuscomm,and freeddns as well,they all do the same thing
Is there an answer to this issue
PS: The reason I had to unbridge my modem is because I have a wireless xfinity x1 box
it requires MOCA to work ,I tried it without MOCA and it's a PIA
Thank you
I have a ac88u router with merlin's 47 b3 on it and a new upright xfinity cable modem/ac router
the new ddns is supposed to handle dual NAT i.e. cable modem in non-bridged mode
I used to have it bridged so I could use my ddns without issue
when the ddns came out in this fw of merlin's ,I was like I'll unbridge my modem and see if it works
but The ddns status is stuck on " updating"
I have a no-ip,asuscomm,and freeddns as well,they all do the same thing
Is there an answer to this issue
PS: The reason I had to unbridge my modem is because I have a wireless xfinity x1 box
it requires MOCA to work ,I tried it without MOCA and it's a PIA
Thank you
Are you planning on adding the CERT config changes to the standard config?
EDIT: Nevermind...see you already did it
Yeah, since it seemed quite safe to do. Themiron believes however that the fix might not be complete, in scenarios where a client might issue a FQDN instead of just "wpad", but personally I'm not sure it would allow this issue to be exploited if that were the case.
The cache fix however might possibly resolve some random resolution failures in his opinion. He's been testing it for a while, and will merge to my repo in the coming days, so I can also test it on my end.
john9527
Part of the Furniture
I'm just compiling with 2.80test7 and will give it a workout for a day or so as well.
octopus
Part of the Furniture
When use second inadyn with "conf.add" there is no cached 2:nd ip in "ddns.cache"
I update with 2:nd with: "checkip-command = "/usr/sbin/nvram get vpn_client1_rip"
Maby It's take longer time to get ip from gettunnelip.sh
Adamm
Part of the Furniture
I don't speak for Merlin but can make a pretty educated guess. v2.79 was released 7 months ago, which means if Merlin stays on the stable branch you would be exposed to about 12 months+ worth of bugs and vulnerabilities until the next "major" releases for both AsusWRT-Merlin and DNSMasq.
Code:
version 2.80
Add support for RFC 4039 DHCP rapid commit. Thanks to Ashram Method
for the initial patch and motivation.
Alter the default for dnssec-check-unsigned. Versions of
dnsmasq prior to 2.80 defaulted to not checking unsigned
replies, and used --dnssec-check-unsigned to switch
this on. Such configurations will continue to work as before,
but those which used the default of no checking will need to be
altered to explicitly select no checking. The new default is
because switching off checking for unsigned replies is
inherently dangerous. Not only does it open the possiblity of forged
replies, but it allows everything to appear to be working even
when the upstream namesevers do not support DNSSEC, and in this
case no DNSSEC validation at all is occuring.
Fix DHCP broken-ness when --no-ping AND --dhcp-sequential-ip
are set. Thanks to Daniel Miess for help with this.
Add a facilty to store DNS packets sent/recieved in a
pcap-format file for later debugging. The file location
is given by the --dumpfile option, and a bitmap controlling
which packets should be dumped is given by the --dumpmask
option.
Handle the case of both standard and constructed dhcp-ranges on the
same interface better. We don't now contruct a dhcp-range if there's
already one specified. This allows the specified interface to
have different parameters and avoids advertising the same
prefix twice. Thanks to Luis Marsano for spotting this case.
Allow zone transfer in authoritative mode if auth-peer is specified,
even if auth-sec-servers is not. Thanks to Raphaël Halimi for
the suggestion.
Fix bug which sometimes caused dnsmasq to wrongly return answers
without DNSSEC RRs to queries with the do-bit set, but only when
DNSSEC validation was not enabled.
Thanks to Petr Menšík for spotting this.
Fix missing fatal errors with some malformed options
(server, local, address, rebind-domain-ok, ipset, alias).
Thanks to Eugene Lozovoy for spotting the problem.
Fix crash on startup with a --synth-domain which has no prefix.
Introduced in 2.79. Thanks to Andreas Engel for the bug report.
Fix missing EDNS0 section in some replies generated by local
DNS configuration which confused systemd-resolvd. Thanks to
Steve Dodd for characterising the problem.
Add --dhcp-name-match config option.
Add --caa-record config option.
Implement --address=/example.com/# as (more efficient) syntactic
sugar for --address=/example.com/0.0.0.0 and
--address=/example.com/::
Returning null addresses is a useful technique for ad-blocking.
Thanks to Peter Russell for the suggestion.
Change anti cache-snooping behaviour with queries with the
recursion-desired bit unset. Instead to returning SERVFAIL, we
now always forward, and never answer from the cache. This
allows "dig +trace" command to work.
Include in the example config file a formulation which
stops DHCP clients from claiming the DNS name "wpad".
This is a fix for the CERT Vulnerability VU#598349.john9527
Part of the Furniture
2.79 was not stable, not caching reliably, so it was skipped.
For Merlin, he needs 2.80 to pick up a fix that prevents a segfault crash on the AC86U.
And after all, for Merlin this is a beta.....if you don't want to participate in the beta, that's fine.
For my LTS fork, 2.80 also contains some security related items that we like to keep up on, especially since we skipped 2.79. It has been really stable, so I doubt your problems are dnsmasq related.
john9527
Part of the Furniture
??? Don't understand this statement
This is normal. ddns.cache is only used by the firmware itself, not by inadyn. Inadyn has its own cache in /tmp/inadyn.cache for determining if an IP needs to be updated or not.
Because 2.80 introduces a fairly large number of fixes, including some security fixes. It has received nearly two months of testing from Asuswrt-Merlin testers, and has been proven stable enough for use in my firmware.
Asus themselves are frequently using beta releases of dnsmasq for the same reasons. Dnsmasq's release cycles are often too long to stay in sync with, therefore the need for either using test releases or backporting fixes.
dnsmasq only handles DHCP, IPv6 RA and DNS duties. It has no relation to the WAN connection or wifi.
octopus
Part of the Furniture
My mistake, I don't have inadyn.cache in /tmp. When is't created?
https://github.com/RMerl/asuswrt-merlin.ng/commit/bf829f6ac349b2b368c4e81e4a76449ab3effa93
Last edited:
truglodite
Regular Contributor
I discovered what looks like a bug in 384.7_beta3 on my 86u (also existed in previous versions I think, but didn't pin it down until after installing beta3). I normally keep hw acceleration 'runner' enabled, and the webui tools menu shows it as enabled. However if just click on the webui 'adaptive qos' tab on the left (not actually changing any settings there), runner becomes disabled. I am aware that enabling adaptive qos is incompatible with runner, however I think simply reading the qos page(s) and not changing any settings should not trigger a runner disable. Runner should not be disabled until an incompatible setting is actually applied. When this happens to me, rebooting the router re-enables runner.
Is anyone else having this problem? Not sure if it's something that can be fixed, or if it's locked inside a closed source blob.
In case it matters, I'm also running the latest diversion+skynet+pixelserv_beta, some other scripts to add a local ntpd and block webcam wan access via iptables, and an openvpn server... and aiprotection, qos, traffic stats, and ipv6 stuff is all disabled.
Is anyone else having this problem? Not sure if it's something that can be fixed, or if it's locked inside a closed source blob.
In case it matters, I'm also running the latest diversion+skynet+pixelserv_beta, some other scripts to add a local ntpd and block webcam wan access via iptables, and an openvpn server... and aiprotection, qos, traffic stats, and ipv6 stuff is all disabled.
JacquesR
Regular Contributor
My searches aren't bearing fruit right now, but that problem pre-dates this beta - I had this in earlier 384 stable releases too. Reboots, or toggling things off and on, fixed it for me (sorry, that's vague, but it was a while back).
- Status
Similar threads
Similar threads
Similar threads
-
Beta Asuswrt-Merlin 3006.102.2 Beta is now available for Wifi 7 devices
- Started by RMerlin
- Replies: 30
-
-
-
Beta Asuswrt-Merlin 3006.102.1 Beta is now available for WIfi 7 devices
- Started by RMerlin
- Replies: 97
-
-
Beta Asuswrt-Merlin 386.13 beta is now available for AC models
- Started by RMerlin
- Replies: 32
-
-
-
Anyone else having issues trying to flash the newest merlin (stable or beta) to the GT-0AXE11000?
- Started by superdeleted
- Replies: 4
-
Several Questions Re:Asuswrt-Merlin Feature Implementation
- Started by fenixreign
- Replies: 2
Latest threads
-
-
-
Mesh - GuestWiFi - IoT - MerlinWRT - 2.4ghz issues
- Started by cyberbooster
- Replies: 0
-
-
Asus RT-AX58U v2 Merlin: Route all traffic to Pi-hole (running directly on router itself)
- Started by hamensman
- Replies: 10
Support SNBForums w/ Amazon
If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!
Sign Up For SNBForums Daily Digest
Get an update of what's new every day delivered to your mailbox. Sign up here!