What's new
By:

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Firmware Version:384.11_2 Clear DNS over TLS not working?

J

jsmiddleton4

Very Senior Member
I tried DNS over TLS and this morning disabled it. I can't connect if turned off. It looks like the DNS alternative server information isn't clearing from the table/setting?

How do I go back to not using DNS-TLS stuff once I test it?
 
Can you post the syslog when you disable it and hit apply? Looking for dnsmasq log entries.
 
Glad to. Since I'm fooling around with stuff and have added static DNS servers like Google, OpenDNS, for both IPV4 and IPV6 my log is pretty long. What I see in the time stamp for when I was fooling around the DNS over TLS is a bunch of entries, like a lot of them, that say insecure. Is that what you're looking for?
 
Rows of this. Given I didn't give it any upstream DNS to "serve" they make sense. There wasn't any upstream DNS server. Not a big deal but seems like if you turn the option for privacy upstream server to "None", maybe a popup to say turn off DNSSEC or turn it off automatically? Although if you're messing with it probably should already know to turn it off.

Mostly my bad tackling a learning curve.


Jun 2 06:47:00 dnsmasq[2566]: Insecure DS reply received for com, could be bad domain configuration or lack of DNSSEC support from upstream DNS servers
Jun 2 06:47:00 dnsmasq[2566]: Insecure DS reply received for com, could be bad domain configuration or lack of DNSSEC support from upstream DNS servers
Jun 2 06:47:00 dnsmasq[2566]: Insecure DS reply received for com, could be bad domain configuration or lack of DNSSEC support from upstream DNS servers
Jun 2 06:47:00 dnsmasq[2566]: Insecure DS reply received for com, could be bad domain configuration or lack of DNSSEC support from upstream DNS servers
Jun 2 06:47:00 dnsmasq[2566]: Insecure DS reply received for com, could be bad domain configuration or lack of DNSSEC support from upstream DNS servers
Jun 2 06:47:00 dnsmasq[2566]: Insecure DS reply received for com, could be bad domain configuration or lack of DNSSEC support from upstream DNS servers
Jun 2 06:47:00 dnsmasq[2566]: Insecure DS reply received for com, could be bad domain configuration or lack of DNSSEC support from upstream DNS servers
Jun 2 06:47:00 dnsmasq[2566]: Insecure DS reply received for com, could be bad domain configuration or lack of DNSSEC support from upstream DNS servers
Jun 2 06:47:00 dnsmasq[2566]: Insecure DS reply received for com, could be bad domain configuration or lack of DNSSEC support from upstream DNS servers
Jun 2 06:47:00 dnsmasq[2566]: Insecure DS reply received for com, could be bad domain configuration or lack of DNSSEC support from upstream DNS servers
Jun 2 06:47:00 dnsmasq[2566]: Insecure DS reply received for com, could be bad domain configuration or lack of DNSSEC support from upstream DNS servers
Jun 2 06:47:00 dnsmasq[2566]: Insecure DS reply received for com, could be bad domain configuration or lack of DNSSEC support from upstream DNS servers
Jun 2 06:47:00 dnsmasq[2566]: Insecure DS reply received for com, could be bad domain configuration or lack of DNSSEC support from upstream DNS servers
Jun 2 06:47:00 dnsmasq[2566]: Insecure DS reply received for com, could be bad domain configuration or lack of DNSSEC support from upstream DNS servers
Jun 2 06:47:00 dnsmasq[2566]: Insecure DS reply received for com, could be bad domain configuration or lack of DNSSEC support from upstream DNS servers
Jun 2 06:47:00 dnsmasq[2566]: Insecure DS reply received for com, could be bad domain configuration or lack of DNSSEC support from upstream DNS servers
Jun 2 06:47:00 dnsmasq[2566]: Insecure DS reply received for com, could be bad domain configuration or lack of DNSSEC support from upstream DNS servers
Jun 2 06:47:00 dnsmasq[2566]: Insecure DS reply received for com, could be bad domain configuration or lack of DNSSEC support from upstream DNS servers
Jun 2 06:47:01 rc_service: udhcpc 4190:notify_rc start_dhcp6c
 
Most likely your ISP DNS servers do not support DNSSEC. Try Cloudflare, 1.1.1.1 and 1.0.0.1 with DoT and DNSSEC enabled. This combo seems to work best for me.
 
Yes I understand.

It is interesting that even though I hit the minus key for removing the entries and Apply it appears the entries are not actually removed from the internal table.
 
You must log in or register to reply here.

Similar threads

V
Opera DNS-over tls
Replies
0
Views
626
vdemarco
V
S
AX88u - DNS not working?
Replies
4
Views
384
Squall Leonhart
Squall Leonhart
S
Solved New ISP - WAN Setup - Will not work with custom WAN DNS - dnsmasq.conf
Replies
1
Views
384
stilltravelling
S
RMerlin
Release Asuswrt-Merlin 3006.102.2 is now available for Wifi 7 devices
4 5 6
Replies
101
Views
19K
RMerlin
RMerlin
jixiangyuan
BE98 DNS over TLS Problem
Replies
12
Views
2K
jixiangyuan
jixiangyuan
Similar threads
Thread starter Title Forum Replies Date
K v386.xx EOL: How to tell which routers have what version firmware? Asuswrt-Merlin 4
R Missing ROG version of firmware 388.8 Asuswrt-Merlin 1
O Firmware version check for RT-AX58U Merlin support Asuswrt-Merlin 14
J iTunes and UPnP media server [RT-AC3100] not functioning after firmware upgrade to version 386.14 Asuswrt-Merlin 3
fffddd can configuration information of the same firmware version be exported/imported to each other? Asuswrt-Merlin 46
K New GT-AX6000 Maybe hacked with some custom firmware? HELP! Asuswrt-Merlin 8
A Is this possible: Merlin firmware, AX86u, use vpn (wireguard) & controld/nextdns as dns Asuswrt-Merlin 0
C Ethtool in firmware Asuswrt-Merlin 3
H AiMesh firmware restore (from backup) best practices Asuswrt-Merlin 5
PCDOK2R3N Advise for new purchase of newer model ASUS router that gets Merlin Firmware for 3 bedroom appartment? Asuswrt-Merlin 8

Similar threads

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 1,188 (members: 20, guests: 1,168)
Back
Top