What's new

[Preview] 380.57 alpha test builds for all models

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Status
Not open for further replies.
Make sure your upstream DNS servers do support DNSSEC. The feature itself definitely works, and there isn't much to it, beside a checkbox that tells dnsmasq to enable it.

Also, don't forget that DNS resolution get cached at multiple levels. If you enable on the webui and you immediately try to re-access the same test site, chances are your browser AND your computer both already have the previous result in their cache, so you will still access the broken site - you won't even have asked your router for the website's IP.
 
Hostname doesn't change automatically. It reads continuing the hostname of the past..
PC hostname automatical changed, but Mobile hostname dosen't change automatically.

Can you fix this problem?

That dropdown doesn't show the current hostname, it shows whatever is entered on the networkmap, either manually, or from a previous network scan.
 
Hi @XIII how did you enable DNSSEC on the 56_2 ?, Im still on that version of merlins. thanks

I get a green checkmark ("You are protected") using that link, while I'm still running 378.56_2... I'm using DNSSEC enabled DNScrypt.eu DNS servers though.

What would be a better test? And where can I read more about DNSSEC, specifically about the router's role? (client?)
 
Hi, opendns does not support dnssec, if you search they favor dnscrypt, also in the dnscrypt resolvers if you check you can see that they dont do dnssec validation.
https://github.com/jedisct1/dnscrypt-proxy/blob/master/dnscrypt-resolvers.csv

That's interesting. I re-checked their FAQ, and looks like it was a bit misleading, as they say that DNSSEC and DNSCrypt can work together just fine, and that they were complementary. Looks like they felt that it wasn't complementary enough for them to support both...
 
hmm, what now? i am using dnscrypt from soltysiak with dnssec enabled? is this secure and works both together or not?
 
hmm, what now? i am using dnscrypt from soltysiak with dnssec enabled? is this secure and works both together or not?

It's not about whether the two of them can work together or not (they can), it's about whether the DNS servers you use support both of them or not.
 
It's not about whether the two of them can work together or not (they can), it's about whether the DNS servers you use support both of them or not.
so, there is curenntly no dns servers to support both....i tested 5 different dnscrypt servers with enabled dnssec and no one has dnssec support....
 
i'm curious what the new dnssec support is supposed to do, as im on official firmware and using comcast dns and dnssec has always worked on my ac3200. and yes my router is being used for dns, my clients all use 192.168.1.1 for the dns server.
 
so, there is curenntly no dns servers to support both....i tested 5 different dnscrypt servers with enabled dnssec and no one has dnssec support....
Have you tried DNSCrypt.eu? ("A free DNSSEC enabled, non-logged and uncensored DNSCrypt service by Simon Clausen")

(I'm planning to try that one later tonight)
 
@XIII Not being able to load www.dnssec-failed.org is a sign that dnssec is working.

All these browser checks are hokey I think anyway. Here's a definitive way to check, either on a device behind the router, or on the router itself. You can get the dig command from entware.

dig verisign.com +dnssec

If you see the 'ad' flag, you're good.
 
As I understand it DNSSEC is not that big a deal anyway. I turned it off. Nothing I did worked and got failed at both test sites.
 
@RMerlin: can you move the DNSsec conversation to a different thread?


Sent using Tapatalk
 
Ad blocking is something that Merlin has said he wil not be implementing, if not for the simple reason that it's the ads on this forum that helps pay for the running of it. And to implement ad blocking under such circumstances would not be right.

Is this his forum?? I guess that would make sense.

I have to say I'd really like this feature if there was a way to do it, even if it was less than perfect. Sure we can all have blockers in our web browsers, but there are ads in so many other connected devices, tablets, game consoles, apps, it'd really be nice.

I'd pay for the feature, just throwing that out there.
 
Is this his forum?? I guess that would make sense.
.

Just look at how many times Merlin has posted on this forum, and compare that with the number of postings by the rest of us. On that alone, it would be his forum. God knows when he sleeps.

As to adblocking - malicious domain blocking is a better description - there are quite a few alternatives. I use a Raspberry Pi. You could also try searching for Pihole: that also uses a Raspberry Pi. And there are other methods also covered in some long, active threads on this forum.
 
Is this his forum?? I guess that would make sense.

It's not. But thiggins has no problem hosting us for free here. He pays the bills, and does the site maintenance. The least I could do is not to make it easy for people to take away whatever financial compensation he gets out of our traffic.
 
Status
Not open for further replies.

Similar threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top