What's new

RT-AX3000: DHCP and DNS randomly stop working

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Lothsahn

Occasional Visitor
I've got an ASUS RT-AX3000. I just updated to the latest firmware (386.4_0) and it seemed stable for a few days. I then enabled dual-wan in failover mode and that worked great. I tested pulling the network connection and it would failover and fail back as expected. I also disabled 2.4 GHZ wifi.

About a day later, I had an issue where the local DHCP server will stop handing out addresses and DNS will stop resolving. When this occurred, there were no errors in the system log or any mention of dnsmasq at all. I restarted dnsmasq (service restart_dnsmasq) and everything went back to normal. Then it happened again, a few days later. Again, restarting dnsmasq fixed the issue, but the issue came back 2 hours later. 2 copies of dnsmasq are always running at all times:

admin@LothRouter:/jffs# ps | grep dnsmasq
21792 admin 3424 R grep dnsmasq
32098 nobody 2752 R dnsmasq --log-async
32099 admin 2620 S dnsmasq --log-async

Anyone having a similar experience? I'm going to try a factory reset and reconfigure the router, but with hundreds of port forwards, it's VERY annoying to do that.
 
That's normal.


Just save the port forwards to a file on a USB drive and reload them afterwards.

Code:
nvram get vts_rulelist > somefile.txt
Code:
nvram set vts_rulelist="$(cat somefile.txt)"
nvram commit

That saved me SO much time. Thank you!
 
If you want to run DNSSEC there is a way to run it via Stubby instead of Dnsmasq.

Create a file called stubby.postconf in /jffs/scripts with the fillowing content:
Code:
#!/bin/sh
CONFIG=$1
source /usr/sbin/helper.sh
pc_insert "tls_authentication: GETDNS_AUTHENTICATION_REQUIRED" "dnssec_return_status: GETDNS_EXTENSION_TRUE" $CONFIG

Set the file to executable with chmod 755 /jffs/scripts/stubby.postconf

Restart the router or click Apply at the bottom of WAN/Internet Connection Make sure that DNSSEC is not enabled on that page.

To check if it is working, in a terminal run stubby -l You should see Stubby reporting its operation with a statement that DNSSEC is enabled. Press Ctrl+c to cancel stubby logging.
 
After the factory reset and leaving DNSSEC disabled, I have not had the issue reoccur. I will update this post if it does, but I'm now running dual wan and I've had no issues. Failover works as expected and the router works great. No DHCP or DNS issues now.
 
After the factory reset and leaving DNSSEC disabled, I have not had the issue reoccur. I will update this post if it does, but I'm now running dual wan and I've had no issues. Failover works as expected and the router works great. No DHCP or DNS issues now.
Hello. How do you disable DNSSEC? I could not find it on the router setting. Please help. Thank you.
 
It's an option under WAN DNS Setting. The option is not present in stock firmware.
Thank you for your prompt reply. Yes, currently still using stock firmware. Is that means that DNSSEC disabled by default?
I wonder sometime the router is not able to assign our devices the correct IP address (it gives 192.168.1.xx instead of 192.168.50.xx). So devices won't be able to connect to internet.
 

Attachments

  • Capture.JPG
    Capture.JPG
    44.9 KB · Views: 86
Thank you for your prompt reply. Yes, currently still using stock firmware. Is that means that DNSSEC disabled by default?
Stock firmware doesn't support DNSSEC at all.

I wonder sometime the router is not able to assign our devices the correct IP address (it gives 192.168.1.xx instead of 192.168.50.xx). So devices won't be able to connect to internet.
This has nothing to do with DNS. Although I see you are overriding your router's DNS server with different ones in the LAN DHCP settings. That's usually not a good idea.

It sounds like you have another DHCP server on your LAN. This is often another router, access point, repeater, etc. that has configured or connected incorrectly.
 
Stock firmware doesn't support DNSSEC at all.


This has nothing to do with DNS. Although I see you are overriding your router's DNS server with different ones in the LAN DHCP settings. That's usually not a good idea.

It sounds like you have another DHCP server on your LAN. This is often another router, access point, repeater, etc. that has configured or connected incorrectly.I
 

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top