[Release] Asuswrt-Merlin 384.12 is now available

[Wallace_n_Gromit]

When you are capturing port 53 on eth0, what is the destination IP? Your ISP DNS (since your WAN DNS server setting was “connect automatically”), or one of your DoT choices? It doesn’t sound like Stubby is running to me.

:/tmp/home/root# tcpdump -i eth0 port 53
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 262144 bytes
06:32:44.564236 IP 24-xxx-xxx-xxx.wavecable.com.54756 > DNSresolver-B.as11404.net.domain: 2+ A? dns.msftncsi.com. (34)
06:32:44.577136 IP DNSresolver-B.as11404.net.domain > 24-xxx-xxx-xxx.wavecable.com.54756: 2 1/4/8 A 131.107.255.255 (306)
06:32:44.581214 IP 24-xxx-xxx-xxx.wavecable.com.33741 > DNSresolver-B.as11404.net.domain: 60916+ PTR? 188.241.113.24.in-addr.arpa. (45)
06:32:44.607825 24-xxx-xxx-xxx.wavecable.com> 24-xxx-xxx-xxx.wavecable.com.33741: 60916 1/2/4 PTR 24-113-241-188.wavecable.com. (222)
06:32:44.608941 IP 24-xxx-xxx-xxx.wavecable.com.40535 > DNSresolver-B.as11404.net.domain: 15418+ PTR? 9.152.76.208.in-addr.arpa. (43)
06:32:44.632863 IP DNSresolver-B.as11404.net.domain > 24-xxx-xxx-xxx.wavecable.com.40535: 15418 1/2/4 PTR DNSresolver-B.as11404.net. (220)
^C
6 packets captured
10 packets received by filter
0 packets dropped by kernel

Not sure what "DNSresolver-B.as11404.net.domain" is. CORRECTION: doing a duckduckgo search for that "DNSresolver-B.as11404.net.domain" showed this "https://www.ipaddress.com/ipv4/208.76.152.9 " which is affliated with my isp Wave.

 

[Wallace_n_Gromit]

...Or clients have DNS statically configured locally. You can force DNS through the router in WAN / DNSFilter setting the global mode to “Router”.

I don't see the "DNSFilter" setting when I click on Advanced Settings / WAN

I do see in Advanced Settings / LAN / DNSFilter which is currently "Enable DNS-based Filtering" OFF
======================================================================

I have configured "Enable DNS-based Filtering" ON and provided a screenshot

I have been entering ramdon made up urls and watching the SSH session of "tcpdump -i eth0 port 853"

still nothing is listing

UPDATE: I started the SSH seesion today with the tcpdump -i eth0 port 853... again saw nothing immediately. After over an hour of reading and posting on snbforums, I looked at the SSH window and see this:

# tcpdump -i eth0 port 853
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 262144 bytes
10:05:32.639969 IP 24-xxx-xxx-xxx.wavecable.com.58052 > one.one.one.one.853: Fla              gs [S], seq 2365523625, win 29200, options [mss 1460,sackOK,TS val 3402866252 ec                                           r 0,nop,wscale 6], length 0
00:00:00.364651 IP one.one.one.one.853 > 24-xxx-xxx-xxx.wavecable.com.58052: Fla              gs [S.], seq 1511596172, ack 2365523626, win 29200, options [mss 1460,nop,nop,sa                                           ckOK,nop,wscale 10], length 0
10:05:32.663764 IP 24-xxx-xxx-xxx.wavecable.com.58052 > one.one.one.one.853: Fla                gs [.], ack 1, win 457, length 0
10:05:32.667837 IP 24-xxx-xxx-xxx.wavecable.com.58052 > one.one.one.one.853: Fla                gs [P.], seq 1:311, ack 1, win 457, length 310

My question: I have my setting for the DNS over TLS to be 9.9.9.9 and 149.112.112.112. If my DNS over TLS is working WHY is it working with 1.1.1.1? ?:[/S]

UPDATE 2: While examining the network log I noticed for the first time the router date in May of 2018. I've been trying to follow the directions to update the date to the correct date and it won't budge from May of 2018.

UPDATE 3: After googling an answer I went into SSH and entered DATE 072921592019 now my router is relatively close to the actual internet time. My network logger shows:
May 4 22:20:14 acsd: selected channel spec: 0xe02a (36/80)
Jul 29 21:59:23 crond[249]: time disparity of 649414 minutes detected

 

[Lotta Cox]

So this red light of death, your ISP's DHCP does not function properly, seems to actually be a Comcast issue. I have been getting it every day lately. I thought cloning the mac address fixed it. Nope. Can I clone the cable cable modem mac address? Haven't tried that yet. I can't test it right now.

I went back to an old Merlin firmware to test. Still got red light.

Seen posts where people have this issue and replace their cable modem and still get this.

I tried a Netgear ax12 router. Got disconnected from the internet after an hour. This router said there is no network cable plugged into the internet port. Really? It was in. It was just like the Asus red light of death.
That router sucked and seemed slow with USB transfers. Wireless cameras would not always connect and frequently disconnect. One AC laptop connected at 54mbps. Was 650.
Gonna try the Comcast direct forums I guess. I can't stand talking to L1 techs or CSR's.
Neighbors with Comcast devices don't get any of this crap.

 

[Lotta Cox]

^^^^
Is this red light a wanduck problem?
I have network monitoring disabled. Ping and DNS.
How do you completely disable this for good?

 

[JohnSmith]

RT-AX88U with V384.12_0 Final has been up almost 36 days straight, and still running strong, with over 30 devices attached, downloads, streaming, etc., all working as expected.

Thanks RMerlin!!

- Only issue I noticed, which from what others have posted is normal for *IX OS's, is the memory usage is quite high, from when it first started, until now. Here is the current RAM usage graph:

Here is current normal RAM usage after reboot (preparing to upgrade to V384.13 Beta 1 to test):

 

[Lotta Cox]

^^^^
Is this red light a wanduck problem?
I have network monitoring disabled. Ping and DNS.
How do you completely disable this for good?

Today, lost internet and see a LOT of this in the log. What is going on? Anyone want to help? Why is this happening? Is it because the internet was down? I have 60 devices. That can be a lot of requests? I am on Comcast DNS.
Jul 29 10:32:53 kernel: ERR: rdpa_cpu_tx_port_enet_lan#223: rdpa_cpu_tx_port_enet_lan failed. rdd_rc=120 tx_rdd_error_count=1
Jul 29 12:25:22 dnsmasq[786]: Maximum number of concurrent DNS queries reached (max: 150)
Jul 29 12:25:28 dnsmasq[786]: Maximum number of concurrent DNS queries reached (max: 150)
Jul 29 12:25:34 dnsmasq[786]: Maximum number of concurrent DNS queries reached (max: 150)
Jul 29 12:25:40 dnsmasq[786]: Maximum number of concurrent DNS queries reached (max: 150)
Jul 29 12:26:03 dnsmasq[786]: Maximum number of concurrent DNS queries reached (max: 150)

 

[RMerlin]

Today, lost internet and see a LOT of this in the log. What is going on? Anyone want to help? Why is this happening? Is it because the internet was down? I have 60 devices. That can be a lot of requests? I am on Comcast DNS.
Jul 29 10:32:53 kernel: ERR: rdpa_cpu_tx_port_enet_lan#223: rdpa_cpu_tx_port_enet_lan failed. rdd_rc=120 tx_rdd_error_count=1
Jul 29 12:25:22 dnsmasq[786]: Maximum number of concurrent DNS queries reached (max: 150)
Jul 29 12:25:28 dnsmasq[786]: Maximum number of concurrent DNS queries reached (max: 150)
Jul 29 12:25:34 dnsmasq[786]: Maximum number of concurrent DNS queries reached (max: 150)
Jul 29 12:25:40 dnsmasq[786]: Maximum number of concurrent DNS queries reached (max: 150)
Jul 29 12:26:03 dnsmasq[786]: Maximum number of concurrent DNS queries reached (max: 150)

Do you run either a torrent client or a webserver that might be doing name lookups? These can generate a lot of DNS requests within a short period of time.

These errors can also occur if there is a network/DNS issue, and some misbehaving clients are spamming with DNS requests rather than throttling/waiting for the network issue to be resolved.

 

[Lotta Cox]

Do you run either a torrent client or a webserver that might be doing name lookups? These can generate a lot of DNS requests within a short period of time.

These errors can also occur if there is a network/DNS issue, and some misbehaving clients are spamming with DNS requests rather than throttling/waiting for the network issue to be resolved.

TY! I don't do torrents or webservers. Most of the clients are wireless outlets and light switches.

 

[RMerlin]

TY! I don't do torrents or webservers. Most of the clients are wireless outlets and light switches.

Best way to track these down is to check with netstat who is spamming the router with requests on port 53 while the issue is present.

If it happens frequently you could enable query logging, but it's generally not a good idea for extended periods of time as it can quickly fill up the system log.

 

[Lotta Cox]

Best way to track these down is to check with netstat who is spamming the router with requests on port 53 while the issue is present.

If it happens frequently you could enable query logging, but it's generally not a good idea for extended periods of time as it can quickly fill up the system log.

It only occurred for 5 min in log. Husband said internet was down.
Seen it once before. Last week.

 

[RMerlin]

It only occurred for 5 min in log. Husband said internet was down.
Seen it once before. Last week.

Could have been a temporary Internet or DNS issue then.

 

[Kingp1n]

Under the Advanced settings -> Wan section put Cloudflare servers in the DNS Server 1 and 2 section or whoever you prefer (I assume your not using DOT?). Then under the Lan section ->DNS Filter put under Custom 1 one of your comcast DNS router IP (IE 75.75.75.75). Then under that section add your device to the list below (use drop down list to find device) and change the Filter Mode for that device to Custom1.

@QuikSilver, not sure if might know this or not but, if I'm using aimesh, wld it be a good idea to the add the nodes under DNS filter to use the Comcast servers or it doesn't really matter?

 

[QuikSilver]

@QuikSilver, not sure if might know this or not but, if I'm using aimesh, wld it be a good idea to the add the nodes under DNS filter to use the Comcast servers or it doesn't really matter?

I'm not completely sure as I don't do AiMesh (yet ), but I would think the nodes use whatever is set on the main router. Haven't heard anyone trying/using it the way you want.

 

[gattaca]

RT-AX88U with V384.12_0 Final has been up almost 36 days straight, and still running strong, with over 30 devices attached, downloads, streaming, etc., all working as expected.

Remember Linux in general believes that any unused pRAM is wastes pRAM and will generally use the pRAM for cache setups. You can use top to see some details.

 

[Makaveli]

RT-AX88U with V384.12_0 Final has been up almost 36 days straight, and still running strong, with over 30 devices attached, downloads, streaming, etc., all working as expected.

Thanks RMerlin!!

View attachment 18780


- Only issue I noticed, which from what others have posted is normal for *IX OS's, is the memory usage is quite high, from when it first started, until now. Here is the current RAM usage graph:

View attachment 18781


Here is current normal RAM usage after reboot (preparing to upgrade to V384.13 Beta 1 to test):

View attachment 18782

Unused Ram is wasted ram!

 

[Morac]

Today, lost internet and see a LOT of this in the log. What is going on? Anyone want to help? Why is this happening? Is it because the internet was down? I have 60 devices. That can be a lot of requests? I am on Comcast DNS.
Jul 29 10:32:53 kernel: ERR: rdpa_cpu_tx_port_enet_lan#223: rdpa_cpu_tx_port_enet_lan failed. rdd_rc=120 tx_rdd_error_count=1
Jul 29 12:25:22 dnsmasq[786]: Maximum number of concurrent DNS queries reached (max: 150)
Jul 29 12:25:28 dnsmasq[786]: Maximum number of concurrent DNS queries reached (max: 150)
Jul 29 12:25:34 dnsmasq[786]: Maximum number of concurrent DNS queries reached (max: 150)
Jul 29 12:25:40 dnsmasq[786]: Maximum number of concurrent DNS queries reached (max: 150)
Jul 29 12:26:03 dnsmasq[786]: Maximum number of concurrent DNS queries reached (max: 150)

I get that any time my Internet goes down. It appears dnsmasq isn’t smart enough to know the Internet is down and keeps queuing up DNS requests.

I don’t run torrents or anything though I do have a lot of IOT devices.

 

[Wallace_n_Gromit]

On the router just run

tcpdump -i eth0 port 853

Then make some new, uncached queries to a domain you never go to, to ensure it isn't cached by dnsmasq, your computer or your browser.

After a bunch of torturous twists and turns I finally have proof of DNS over TLS:

:/tmp/home/root# tcpdump -i eth0 port 853
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 262144 bytes
06:35:45.569457 IP 24-xxx-xxx-xxx.wavecable.com.43923 > rpz-public-resolver1.rrdns.pch.net.853: Flags [P.], seq 1794727509:1794727533, ack 1886008998, win 1270, options [nop,nop,TS val 251006 ecr 1891193715], length 24
06:35:45.569767 IP 24-xxx-xxx-xxx.wavecable.com.43923 > rpz-public-resolver1.rrdns.pch.net.853: Flags [F.], seq 24, ack 1, win 1270, options [nop,nop,TS val 251006 ecr 1891193715], length 0
06:35:45.582052 IP rpz-public-resolver1.rrdns.pch.net.853 > 24-xxx-xxx-xxx.wavecable.com.43923: Flags [.], ack 0, win 122, options [nop,nop,TS val 1891202742 ecr 250105], length 0
06:35:45.582154 IP rpz-public-resolver1.rrdns.pch.net.853 > 24-xxx-xxx-xxx.wavecable.com.43923: Flags [.], ack 25, win 122, options [nop,nop,TS val 1891202742 ecr 251006], length 0
06:35:45.582246 IP rpz-public-resolver1.rrdns.pch.net.853 > 24-xxx-xxx-xxx.wavecable.com.43923: Flags [P.], seq 1:25, ack 25, win 122, options [nop,nop,TS val 1891202742 ecr 251006], length 24
06:35:45.582342 IP 24-xxx-xxx-xxx.wavecable.com.43923 > rpz-public-resolver1.rrdns.pch.net.853: Flags [R], seq 1794727534, win 0, length 0
06:35:45.582971 IP rpz-public-resolver1.rrdns.pch.net.853 > 24-xxx-xxx-xxx.wavecable.com.43923: Flags [F.], seq 25, ack 25, win 122, options [nop,nop,TS val 1891202742 ecr 251006], length 0
06:35:45.583079 IP 24-xxx-xxx-xxx.wavecable.com.43923 > rpz-public-resolver1.rrdns.pch.net.853: Flags [R], seq 1794727534, win 0, length 0
^C
8 packets captured
15 packets received by filter
0 packets dropped by kernel

One of my issues without realizing it was that my router clock was out dated by 14 months and was not being updated by NTP. After several twists and turns getting the clock to update (by accident--can't get the clock to update for my second router) and following your suggestions it look like it works for now. I'm not sure if this is the proper settings for the NTP to update the router time(s):

 

[dave14305]

One of my issues without realizing it was that my router clock was out dated by 14 months and was not being updated by NTP. After several twists and turns getting the clock to update (by accident--can't get the clock to update for my second router) and following your suggestions it look like it works for now. I'm not sure if this is the proper settings for the NTP to update the router time(s):

Good find. Proper time is essential for most "secure" protocols. We have to figure out why your router won't sync time with pool.ntp.org. The first step is to nslookup pool.ntp.org from the router ssh. It will probably work now, but the real question is how it behaves on router bootup. On Tools - Other settings page, have you modified "Wan: Use local caching DNS server as system resolver (default: No)"? If it's still No, it should be using your WAN DNS (i.e. ISP DNS) to resolve pool.ntp.org when the router boots up. If it's set to Yes, you can get caught in a trap of not being able to sync time if DNS is waiting for good time sync.

Also, you may not want to use Network Monitoring features (DNS/Ping). They tend to be more troublesome than useful.

 

[Wallace_n_Gromit]

Good find. Proper time is essential for most "secure" protocols. We have to figure out why your router won't sync time with pool.ntp.org. The first step is to nslookup pool.ntp.org from the router ssh.

:/tmp/home/root# nslookup pool.ntp.org
Server:    208.76.152.9
Address 1: 208.76.152.9 DNSresolver-B.as11404.net

Name:      pool.ntp.org
Address 1: 165.227.216.233 clock.thinkpad.io
Address 2: 108.61.56.35 lithium.constant.com
Address 3: 66.228.58.20 linode1.ernest-doss.org
Address 4: 66.246.75.245 quirk.faceprint.com
JAKDsCzp7Ot5non@RT-AC68U~:/tmp/home/root#

"Address 1: 208.76.152.9 DNSresolver-B.as11404.net" is associated with my ISP provider Wave.

It will probably work now, but the real question is how it behaves on router bootup. On Tools - Other settings page, have you modified "Wan: Use local caching DNS server as system resolver (default: No)"? If it's still No, it should be using your WAN DNS (i.e. ISP DNS) to resolve pool.ntp.org when the router boots up. If it's set to Yes, you can get caught in a trap of not being able to sync time if DNS is waiting for good time sync.

I have left the "Wan: Use local caching DNS server as system resolver (default: No)" at the default of NO.

Looking at the network logging I see this:

Jul 30 05:30:12 iTunes: daemon is stopped
Jul 30 05:30:12 FTP_Server: daemon is stopped
Jul 30 05:30:12 Samba_Server: smb daemon is stopped
Jul 30 05:30:12 kernel: gro disabled
Jul 30 05:30:12 Timemachine: daemon is stopped
Jul 30 05:30:12 disk_monitor: Finish
Jul 30 05:30:12 miniupnpd[3352]: shutting down MiniUPnPd
Jul 30 05:30:15 nat: apply nat rules (/tmp/nat_rules_eth0_eth0)
Jul 30 05:30:16 kernel: et0: et_mvlan_netdev_event: event 9 for vlan1 mvlan_en 0
Jul 30 05:30:16 kernel: et0: et_mvlan_netdev_event: event 2 for vlan1 mvlan_en 0
Jul 30 05:30:16 kernel: et0: et_mvlan_netdev_event: event 6 for vlan1 mvlan_en 0
Jul 30 05:30:16 kernel: et0: et_mvlan_netdev_event: event 17 for vlan1 mvlan_en 0
Jul 30 05:30:16 kernel: et0: et_mvlan_netdev_event: event 9 for vlan2 mvlan_en 0
Jul 30 05:30:16 kernel: et0: et_mvlan_netdev_event: event 2 for vlan2 mvlan_en 0
Jul 30 05:30:16 kernel: et0: et_mvlan_netdev_event: event 6 for vlan2 mvlan_en 0
Jul 30 05:30:16 kernel: et0: et_mvlan_netdev_event: event 17 for vlan2 mvlan_en 0
Jul 30 05:30:16 FTP_Server: daemon is stopped
Jul 30 05:30:16 Samba_Server: smb daemon is stopped
Jul 30 05:30:17 Timemachine: daemon is stopped
Jul 30 05:30:18 syslog: USB partition unmounted from /tmp/mnt/sda1
May  4 22:05:03 kernel: klogd started: BusyBox v1.25.1 (2019-06-21 17:22:37 EDT)
May  4 22:05:03 kernel: Linux version 2.6.36.4brcmarm (merlin@ubuntu-dev) (gcc version 4.5.3 (Buildroot 2012.02) ) #1 SMP PREEMPT Fri Jun 21 17:31:11 EDT 2019
May  4 22:05:03 kernel: CPU: ARMv7 Processor [413fc090] revision 0 (ARMv7), cr=10c53c7f
May  4 22:05:03 kernel: CPU: VIPT nonaliasing data cache, VIPT nonaliasing instruction cache
May  4 22:05:03 kernel: Machine: Northstar Prototype
May  4 22:05:03 kernel: Ignoring unrecognised tag 0x00000000
May  4 22:05:03 kernel: Memory policy: ECC disabled, Data cache writealloc
May  4 22:05:03 kernel: Built 1 zonelists in Zone order, mobility grouping on.  Total pages: 60416
~ (I TRUNCATED THE OUTPUT FOR BREVITY)~
May  4 22:05:31 Timemachine: daemon is stopped
May  4 22:05:31 kernel: gro enabled with interval 2
May  4 22:05:32 avahi-daemon[741]: WARNING: No NSS support for mDNS detected, consider installing nss-mdns!
May  4 22:05:32 avahi-daemon[741]: Alias name "RT-AC68U" successfully established.
May  4 22:05:32 Samba_Server: daemon is started
May  4 22:05:33 ntpd: Started ntpd
May  4 22:05:33 rc_service: udhcpc 444:notify_rc stop_upnp
May  4 22:05:33 rc_service: udhcpc 444:notify_rc start_upnp
May  4 22:05:33 rc_service: waitting "stop_upnp" via udhcpc ...
May  4 22:05:35 miniupnpd[760]: HTTP listening on port 41655
May  4 22:05:35 miniupnpd[760]: Listening for NAT-PMP/PCP traffic on port 5351
Jul 30 05:32:34 ntpd: Initial clock set
Jul 30 05:32:35 rc_service: ntpd_synced 771:notify_rc restart_stubby
Jul 30 05:32:35 rc_service: ntpd_synced 771:notify_rc restart_diskmon
Jul 30 05:32:35 rc_service: waitting "restart_stubby" via ntpd_synced ...
Jul 30 05:32:38 disk_monitor: Finish
Jul 30 05:32:40 disk_monitor: be idle
Jul 30 05:32:54 kernel: SHN Release Version: 2.0.1 890c91d
Jul 30 05:32:54 kernel: UDB Core Version: 0.2.18
Jul 30 05:32:54 kernel: sizeof forward pkt param = 192
Jul 30 05:32:54 BWDPI: fun bitmap = ff
Jul 30 05:32:56 crond[249]: time disparity of 649887 minutes detected

It seems that the router wants to go back to the date of May 4, 2018.

Also, you may not want to use Network Monitoring features (DNS/Ping). They tend to be more troublesome than useful.

I will disable the Network Monitoring features (DNS/Ping) and experiment with that. I was under the impression that those features were what was allowing the router to keep its clock on internet time. Without those features enabled how does the router keep its clock synced?

 

[dave14305]

It seems that the router wants to go back to the date of May 4, 2018.

Did it sync the proper time on its own? You didn't have to run the date command this time?

I will disable the Network Monitoring features (DNS/Ping) and experiment with that. I was under the impression that those features were what was allowing the router to keep its clock on internet time. Without those features enabled how does the router keep its clock synced?

The ntpclient works independently of the dns/ping monitoring. It just needs to be able to resolve the NTP server name to an IP address, but the DNS-based monitoring isn't required.