What's new

Beta Beta Firmware ASUS RT-AC86U - Version 9.0.0.4.386.41994

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

You will want to upgrade if for nothing else to fix the dnsmasq security issue

ASUS RT-AC86U Firmware version 9.0.0.4.386.41994 (Beta Version)
Security Fixed:
Fixed CVE-2020-25681, CVE-2020-25682, CVE-2020-25683, CVE-2020-25687, CVE-2020-25684, CVE-2020-25685, CVE-2020-25686

Please be noted this is a quick fix beta version for DNSmasq vulnerabilities. Refer to "Method 2: Update Manually" in https://www.asus.com/support/FAQ/1008000 to update this firmware.

Please unzip the firmware file first then check the MD5 code.
MD5: 0231b2391f86615a4314e151f4ecd21d


Note: MD5 checksum matches
 
I understand, but that wasn't my question. More related to Wifi performance and or bugs found in this release.
 
Based on my experience with this version on AC68U and AC66U_B1 I foresee no performance issues.

There is nothing in this firmware that will damage your AC86U! (Ignore that person behind the screen that is crying CPU temp too hot! I just isn't so...)
 
Based on my experience with this version on AC68U and AC66U_B1 I foresee no performance issues.

There is nothing in this firmware that will damage your AC86U! (Ignore that person behind the screen that is crying CPU temp too hot! I just isn't so...)
Yeah, I'm not worried about the temps so much either. There are some negative comments about wifi performance though that concerns me.
 
Still rocking latest .384 over 105 days uptime and solid. Still haven't jumped to .386..how's the performance on this beta version?

AC86U RC2-11 41994 beta is running fine here. The CPU wait state was fixed (enabled again) in 41700 (not released) and remains fixed in RC2-11 (normal CPU temp) (required a reset).

I've only skipped RC2-1,2,3,4, and 10:


OE
 
Off-topic posts and public arguing removed. Please keep discussions on the OP's question, which is this specific Asus beta release.
 
AC86U RC2-11 41994 beta is running fine here. The CPU wait state was fixed (enabled again) in 41700 (not released) and remains fixed in RC2-11 (normal CPU temp) (required a reset).

I've only skipped RC2-1,2,3,4, and 10:


OE

I wonder if they'll just skip 41700 and just make this the general release (remove Beta label). They seems to be pretty much the same.
 
I wonder if they'll just skip 41700 and just make this the general release (remove Beta label). They seems to be pretty much the same.

They've already skipped 41700. Not every extension gets released for a given model.

OE
 
You will want to upgrade if for nothing else to fix the dnsmasq security issue
As I'm running my AC86U as an Access Point, am I correct in assuming the dnsmasq issue is not a security concern for my configuration?
 
AC86U RC2-11 41994 beta is running fine here. The CPU wait state was fixed (enabled again) in 41700 (not released) and remains fixed in RC2-11 (normal CPU temp) (required a reset).

I've only skipped RC2-1,2,3,4, and 10:


OE
Any more issues with the channel changing from one you set to something else (you reported in the RC2 Beta thread a couple of days ago).
 
As I'm running my AC86U as an Access Point, am I correct in assuming the dnsmasq issue is not a security concern for my configuration?
You should be OK but I would install the next "stable" release just to be sure.
 
Any more issues with the channel changing from one you set to something else (you reported in the RC2 Beta thread a couple of days ago).

Nope. Maybe the post-upgrade power cycle set it right. There is no reason for it to be confused about what channel to use... it should stay where it's put by the router.

OE
 
Just upgraded.....so far so good, although my PS4 likes to show online eventhough it's offline..will power cycle again in the morning..
 
Aiprotection bugged on this beta. I had it off but tried to turn in on and update signatures but fails all the time. Unable to update signatures.
 
I just updated my AC86U and all my DNS no longer works. I use two PiHoles for DNS for the router itself and DHCP configuration for everything in my network. The AC86U now is failing DNS lookups because my PiHoles are failing lookups.
 
I just updated my AC86U and all my DNS no longer works. I use two PiHoles for DNS for the router itself and DHCP configuration for everything in my network. The AC86U now is failing DNS lookups because my PiHoles are failing lookups.
I powered off the AC86U and my router and repowered, the system was still blocking DNS from my PiHoles going outbound. I had to set the AC86U to use my ISP's DNS instead of my PiHoles to begin getting DNS again inside my network.
 
I powered off the AC86U and my router and repowered, the system was still blocking DNS from my PiHoles going outbound. I had to set the AC86U to use my ISP's DNS instead of my PiHoles to begin getting DNS again inside my network.
The router needs to access upstream DNS resolvers in order to set its time. If the time does not get set some of the security settings will not work. Your Pi-Hole is not an upstream resolver and should not be used in the WAN - Internet Connection - DNS Server 1 or 2. If you want to use the Pi-Hole its LAN IP address goes in LAN - DHCP Server - DNS Server. Merlin firmware allows for two DNS Server entries in this area.

Another way is to turn off DHCP in the router and use the Pi-Hole as DHCP server. But leave the router WAN - Internet Connection - DNS Server 1 and 2 set to something upstream. Cloudflare 1.1.1.2 and 1.0.0.2 is good.

By-the-way did you know that you can run DoT via Stubby on the Pi-Hole?
 
The router needs to access upstream DNS resolvers in order to set its time. If the time does not get set some of the security settings will not work. Your Pi-Hole is not an upstream resolver and should not be used in the WAN - Internet Connection - DNS Server 1 or 2. If you want to use the Pi-Hole its LAN IP address goes in LAN - DHCP Server - DNS Server. Merlin firmware allows for two DNS Server entries in this area.

Another way is to turn off DHCP in the router and use the Pi-Hole as DHCP server. But leave the router WAN - Internet Connection - DNS Server 1 and 2 set to something upstream. Cloudflare 1.1.1.2 and 1.0.0.2 is good.

By-the-way did you know that you can run DoT via Stubby on the Pi-Hole?
I've been running my configuration like this for 6 years across my AC68U and now AC86U and countless firmware updates with PiHoles and before that a Windows Domain DNS server with 0 issues for DNS. There's clearly something wrong with the way this update is handling allowing outbound DNS calls from systems that are not the router itself and I've done more testing to prove so.
  • Set DNS to ISP and reboot system = DNS resolves
  • Set DNS to PiHole and reboot = DNS fails from PiHoles
  • Set DNS to ISP and reboot system then change to PiHole after online = DNS resolves then fails to resolve from PiHoles
If this was only a time lookup issue then when I switch back to my PiHoles after booting using the ISP then why does it start failing again? The time should already be set from boot and shouldn't impact using the PiHoles.

If this configuration was such an issue why have I never had it once in the last 6 years but I can reproduce it every time now with this beta DNS firmware? My router is set to reboot weekly so I statistically should have had this problem at least once before now.
 

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top