What's new

[Release] Asuswrt-Merlin 384.11 is available

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Following the steps you provided doesn't show me if ports 53 or ports 853 are used.

When I do Netstat on the router, I get the following in the output:
Code:
...
tcp        0      0 192.168.1.1:80          192.168.1.2:50378       TIME_WAIT   -
tcp        0      0 (wan ip):60562     1.1.1.1:853             TIME_WAIT   -
...

Notice the 1.1.1.1:853 line.
 
Which feature? DoT? Yes, I have that enabled. RT-AC86U on 384.11_0.

Following the steps you provided doesn't show me if ports 53 or ports 853 are used.
Look under the foreign address column for 1.1.1.1:853 for instance.
 
Look under the foreign address column for 1.1.1.1:853 for instance.

When I do Netstat on the router, I get the following in the output:
Code:
...
tcp        0      0 192.168.1.1:80          192.168.1.2:50378       TIME_WAIT   -
tcp        0      0 (wan ip):60562     1.1.1.1:853             TIME_WAIT   -
...

Notice the 1.1.1.1:853 line.


Okay! I don't get what you guys have, this is what is shown for me, 'one.one.one.one:853'. :)

Thank you for persisting. :) :) :)
 
Okay! I don't get what you guys have, this is what is shown for me, 'one.one.one.one:853'. :)

Thank you for persisting. :) :) :)
Your golden!
 
Code:
opkg install tcpdump
tcpdump -i eth0 port 53
tcpdump -i eth0 port 853

Thanks for the test. DoT works great, when I run the test on port 53 with tcpdump and surfing the web , nothing go through this port.
Once I run this test on port 853 and watching on the window while surfing, I see all the traffic go through this port (853)...

So the setup works great and simple (DNSFilter is off, Connect to DNS Server automatically=YES...):

QrsE7ki.png

LAN->DHCP SERVER->DNS and WINS Server Setting (no need to change anything )
ZBKqUUM.png


kqeNCUO.png

The window is open while I am opening various websites , nothing changes (no traffic goes through PORT:53)

hhy7jMN.png


The traffic go through port 853 :

9ZB4GfS.png


So all good, not complicated as stated before
 
Thanks for the test. DoT works great, when I run the test on port 53 with tcpdump and surfing the web , nothing go through this port.
Once I run this test on port 853 and watching on the window while surfing, I see all the traffic go through this port (853)...

So the setup works great and simple (DNSFilter is off, Connect to DNS Server automatically=YES...):

QrsE7ki.png

LAN->DHCP SERVER->DNS and WINS Server Setting (no need to change anything )
ZBKqUUM.png


kqeNCUO.png

The window is open while I am opening various websites , nothing changes (no traffic goes through PORT:53)

hhy7jMN.png


The traffic go through port 853 :

9ZB4GfS.png


So all good, not complicated as stated before

Question for the experts....I have enabled the same setup as you per your screenshots with cloudflare ... however while playing an online game I lagged out a few times and it wld not allow for me to rejoin the match...when I go back to using my old set up which is using the comodo DNS and no DoT my online gaming does not lag me out. I'm I dng something wrong.
 
I didn't see this in 384.10_2 on a RT-AC3100... and it's not an issue for me, but I thought it was worth mentioning...

On Network Map page Internet status is showing Disconnected... Nothing is checked on Network Monitoring... (Administration -> System tab)

So, if I change Tools -> Other Settings... and set "Wan: Use local caching DNS server as system resolver"... to "No"... The Internet status goes to connected after a minute or so...

Checked it several times back and forth. I have local DNS servers set on the WAN page...

Edit: This is on 384.11.
 
Last edited:
working well on my 3200's , no problems yet , seemd]s all clients connect faster than on the beta 2 FW
thanks again for this great FW
 
I was DL #521 on Sourceforge and everything has been A-ok since install and config -10hrs ago with DoT and ntpd.
Seems smoother and faster somehow. I had been running stubby on my desktop, but it seems faster on the AC86; same with the cloudflare app on my phone.
Thanks for all your hard work @RMerlin!


Sent from my iPhone using Tapatalk
 
i think that DoT test only works when you are running it on the client itself. this is normal

I turned on DNS over TLS with cloudflare and the test shows it as working. I know Merlin’s wiki article on github said it wasn’t working correctly recently, but it worked for me.
 
I turned on DNS over TLS with cloudflare and the test shows it as working. I know Merlin’s wiki article on github said it wasn’t working correctly recently, but it worked for me.

nice. atm, i'm using a very different setup with DoT and it fails for me, though i've explicitly prevented it from being possible to use anything but cloudflare dns lol
 
Did you happen to enable DNSSEC on the router at the same time? If so, that's why.
You're right... I had the same trouble, then i found:
NOTE: There is currently an issue with the popular DoT/DoH test site provided by Cloudflare where it will fail to use properly signed DNSSEC hostnames during the test, causing the test to fail to correctly detect that you are using DoT. This does not indicate that your setup doesn't work, and is something that will hopefully eventually be fixed by Cloudflare. You can avoid this by temporarily disabling validation of unsigned records, however it is recommended to re-enable that option afterward.
 

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top