Stubby-Installer-Asuswrt-Merlin

[Xentrk]

Of note, I did not reboot the router after upgrading Entware...I wonder if I should do this and rerun these commands again.

Everything looks okay to me.

 

[Marin]

Was comparing these commands from the installation site:

getdns_query -s @127.0.0.1 github.com

<snip>
"status": GETDNS_RESPSTATUS_GOOD
}

[10:13:13.838111] STUBBY: Read config from file /opt/etc/stubby/stubby.yml
[10:13:13.844362] STUBBY: DNSSEC Validation is OFF
[10:13:13.844413] STUBBY: Transport list is:
[10:13:13.844426] STUBBY:   - TLS
[10:13:13.844439] STUBBY: Privacy Usage Profile is Strict (Authentication required)
[10:13:13.844450] STUBBY: (NOTE a Strict Profile only applies when TLS is the ONLY transport!!)
[10:13:13.844461] STUBBY: Starting DAEMON....
[10:13:33.075865] STUBBY: 1.1.1.1                                  : Conn opened: TLS - Strict Profile
[10:13:33.144900] STUBBY: 1.1.1.1                                  : Verify passed : TLS
[10:13:35.163106] STUBBY: 1.1.1.1                                  : Conn closed: TLS - Resps=     1, Timeouts  =     0, Curr_auth =Success, Keepalive(ms)=  2000
[10:13:35.163158] STUBBY: 1.1.1.1                                  : Upstream   : TLS - Resps=     1, Timeouts  =     0, Best_auth =Success
[10:13:35.163173] STUBBY: 1.1.1.1                                  : Upstream   : TLS - Conns=     1, Conn_fails=     0, Conn_shuts=      0, Backoffs     =     0

with my outputs:

@RT-AC86U-99A8:/tmp/home/root# getdns_query -s @127.0.0.1 github.com
Killed

@RT-AC86U-99A8:/tmp/home/root# getdns_query -s @127.0.0.1 github.com
Killed
@RT-AC86U-99A8:/tmp/home/root# stubby -l
[02:41:05.937117] STUBBY: Read config from file /opt/etc/stubby/stubby.yml
[02:41:05.938145] STUBBY: DNSSEC Validation is OFF
[02:41:05.938276] STUBBY: Transport list is:
[02:41:05.938392] STUBBY:   - TLS
[02:41:05.938517] STUBBY: Privacy Usage Profile is Strict (Authentication required)
[02:41:05.938644] STUBBY: (NOTE a Strict Profile only applies when TLS is the ONLY transport!!)
[02:41:05.938731] STUBBY: Starting DAEMON....
[02:41:13.723592] STUBBY: 1.1.1.1                                  : Conn opened: TLS - Strict Profile
[02:41:13.815452] STUBBY: 1.1.1.1                                  : Verify passed : TLS
Killed

and wasn't sure if "Killed" meant of anything important or not.

 

[Xentrk]

Was comparing these commands from the installation site:

getdns_query -s @127.0.0.1 github.com

<snip>
"status": GETDNS_RESPSTATUS_GOOD
}

[10:13:13.838111] STUBBY: Read config from file /opt/etc/stubby/stubby.yml
[10:13:13.844362] STUBBY: DNSSEC Validation is OFF
[10:13:13.844413] STUBBY: Transport list is:
[10:13:13.844426] STUBBY:   - TLS
[10:13:13.844439] STUBBY: Privacy Usage Profile is Strict (Authentication required)
[10:13:13.844450] STUBBY: (NOTE a Strict Profile only applies when TLS is the ONLY transport!!)
[10:13:13.844461] STUBBY: Starting DAEMON....
[10:13:33.075865] STUBBY: 1.1.1.1                                  : Conn opened: TLS - Strict Profile
[10:13:33.144900] STUBBY: 1.1.1.1                                  : Verify passed : TLS
[10:13:35.163106] STUBBY: 1.1.1.1                                  : Conn closed: TLS - Resps=     1, Timeouts  =     0, Curr_auth =Success, Keepalive(ms)=  2000
[10:13:35.163158] STUBBY: 1.1.1.1                                  : Upstream   : TLS - Resps=     1, Timeouts  =     0, Best_auth =Success
[10:13:35.163173] STUBBY: 1.1.1.1                                  : Upstream   : TLS - Conns=     1, Conn_fails=     0, Conn_shuts=      0, Backoffs     =     0

with my outputs:

@RT-AC86U-99A8:/tmp/home/root# getdns_query -s @127.0.0.1 github.com
Killed

@RT-AC86U-99A8:/tmp/home/root# getdns_query -s @127.0.0.1 github.com
Killed
@RT-AC86U-99A8:/tmp/home/root# stubby -l
[02:41:05.937117] STUBBY: Read config from file /opt/etc/stubby/stubby.yml
[02:41:05.938145] STUBBY: DNSSEC Validation is OFF
[02:41:05.938276] STUBBY: Transport list is:
[02:41:05.938392] STUBBY:   - TLS
[02:41:05.938517] STUBBY: Privacy Usage Profile is Strict (Authentication required)
[02:41:05.938644] STUBBY: (NOTE a Strict Profile only applies when TLS is the ONLY transport!!)
[02:41:05.938731] STUBBY: Starting DAEMON....
[02:41:13.723592] STUBBY: 1.1.1.1                                  : Conn opened: TLS - Strict Profile
[02:41:13.815452] STUBBY: 1.1.1.1                                  : Verify passed : TLS
Killed

and wasn't sure if "Killed" meant of anything important or not.

I am on holiday and unable to logon to try and replicate. I shut the network down before I left home. The killed error may have something to do with the update made to Stubby for the AC86U router. There may still be an issue there. @Jack Yaz may be able to try on his end.

 

[Jack Yaz]

I am on holiday and unable to logon to try and replicate. I shut the network down before I left home. The killed error may have something to do with the update made to Stubby for the AC86U router. There may still be an issue there. @Jack Yaz may be able to try on his end.

I guess the getdns update doesn't have the patch

Upgrading getdns on root from 1.4.2-1a to 1.4.2-2..

 

[amplatfus]

Hi all,

I tried this too today. I have some services installed already and I think I am doing something wrong.
So I have active HackerPorts, Samba, default LAN IP 172.16.x.x, VPN on bind IP address, custom redirect dns for blocking ads (0.0.0.0 ads.example.com).

All installed on a AC88U powerd by Merlin Firmware:380.70.
Using this details (or you can ask me other info) could you please provide some hint why dnscrypt-proxy put me offline? The WAN connection is UP, I have the IP, but without internet. Even Samba folder is not mounted any more.

If I found the reason I will post here what I have found.
It worked after apply, not working any more after restart. Tried many restarts.
Edit1: Happens with dnscrypt installer for asuswrt the same
Thank you in advance for any hint.
Best regards!

 

[Xentrk]

I guess the getdns update doesn't have the patch

Upgrading getdns on root from 1.4.2-1a to 1.4.2-2..

That makes sense. Appears that AC86U users should avoid updating entware for now if they installed Stubby using the installer you forked.

 

[Xentrk]

Hi all,

I tried this too today. I have some services installed already and I think I am doing something wrong.
So I have active HackerPorts, Samba, default LAN IP 172.16.x.x, VPN on bind IP address, custom redirect dns for blocking ads (0.0.0.0 ads.example.com).

All installed on a AC88U powerd by Merlin Firmware:380.70.
Using this details (or you can ask me other info) could you please provide some hint why dnscrypt-proxy put me offline? The WAN connection is UP, I have the IP, but without internet. Even Samba folder is not mounted any more.

If I found the reason I will post here what I have found.
It worked after apply, not working any more after restart. Tried many restarts.
Edit1: Happens with dnscrypt installer for asuswrt the same
Thank you in advance for any hint.
Best regards!

@skeal recently told me a trouble shooting tip..Look into the dns probe setting on the Tools>Other Settings tab. Also, look into the NTP issue fix listed on the repo README.md page.

 

[Marin]

Yep should have known better not to upgrade. I guess Stubby does not work after I upgraded and rebooted. Will have to try to reinstall it again.

Arghhh....here I go again!


Sent from my iPhone using Tapatalk

 

[amplatfus]

@skeal recently told me a trouble shooting tip..Look into the dns probe setting on the Tools>Other Settings tab. Also, look into the NTP issue fix listed on the repo README.md page.

Thanks. I tried:

1. server=/pool.ntp.org/1.1.1.1 to /jffs/configs/dnsmasq.conf.add like in README.md page
2. I switched to No in Wan: Use DNS probes to determine if WAN is up (default: Yes) in Tools>Other Settings. None worked after restart. It works OK until restart.

I have Samba folder in HDD attached to router mounted on local PC. Even this is not working after first restart with DoT installed or the other one with DoH.

So please, what from my settings could mess it up:
1. custom DHCP LAN IP 172.x.x.1
2. custom dnsmasq.conf.add with this line: addn-hosts=/tmp/hosts.blocked.xfr.autoimpot
The head of this file is:

0.0.0.0 a.company-target.com
0.0.0.0 a.completeinstallstyle.net
0.0.0.0 a.consumer.net...

2, bind address 172.x.x.10 routed through VPN Client
3. transmission on port 9091
4. webserver
5. nzbget
Edit1:
6. HackerPorts

Please share your ideas. If I found something I will update this post.
Thank you so much!

 

[skeal]

I would say your problem is dnsmasq.conf.add, to be honest. And this line escapes me.

Even this is not working after first restart with DoT installed or the other one with DoH.

Stubby has no DoH support. If you are or have been using dnscrypt you need to clean up that uninstall a little better maybe. People coming from dnscrypt have said they have problems at first.

 

[amplatfus]

Thanks. I tried at first DoH and because was not working I tried DoT.
Between those 2 tries I did a restore from backup for settings and jffs and entware.
In the meantime, on clean install I disabled:
1. custom DHCP LAN IP 172.x.x.1
2. custom dnsmasq.conf.add with this line: addn-hosts=/tmp/hosts.blocked.xfr.autoimpot
6. HackerPorts

And discovered that after boot I wait 5 minutes, I have internet but with

Connected to 1.1.1.1   No
Using DNS over TLS (DoT)   No

After I connect via ssh and enter below commands:

services stop
service restart_dnsmasq
services start

And the result is (click here):

Connected to 1.1.1.1   Yes
Using DNS over TLS (DoT)   Yes

Please, this is normal? Were somebody else in this situation too?
Thanks again!

 

[Xentrk]

Thanks. I tried at first DoH and because was not working I tried DoT.
Between those 2 tries I did a restore from backup for settings and jffs and entware.
In the meantime, on clean install I disabled:
1. custom DHCP LAN IP 172.x.x.1
2. custom dnsmasq.conf.add with this line: addn-hosts=/tmp/hosts.blocked.xfr.autoimpot
6. HackerPorts

And discovered that after boot I wait 5 minutes, I have internet but with

Connected to 1.1.1.1   No
Using DNS over TLS (DoT)   No

After I connect via ssh and enter below commands:

services stop
service restart_dnsmasq
services start

And the result is (click here):

Connected to 1.1.1.1   Yes
Using DNS over TLS (DoT)   Yes

Please, this is normal? Were somebody else in this situation too?
Thanks again!

I developed the Stubby installer on an AC88U and did not experience a similar issue until recently. I was out of town for several days a few weeks ago. When I returned home and turned on the router, I had the no WAN access issue. I uninstalled Stubby and everything worked again. After finishing some work on it, I reinstalled Stubby with no issues. After a reboot though, no WAN access. I applied the NTP fix and it worked good after testing on two reboots.

Right before I left on my next trip, I did another reboot. I had the no WAN access issue again. I was surprised to have this issue after applying the NTP fix. I did not have time to analyze the issue any further. I have to check the DNS probe setting myself. I have to look into more after I return home the second week of January. Hoping the new version of Stubby will be rolled into entware by that time.

 

[cmkelley]

Right before I left on my next trip, I did another reboot. I had the no WAN access issue again. I was surprised to have this issue after applying the NTP fix. I did not have time to analyze the issue any further. I have to check the DNS probe setting myself. I have to look into more after I return home the second week of January. Hoping the new version of Stubby will be rolled into entware by that time.

Sadly, doubtful. They appear to roll out updates about every 3 months, and the Jimmy Buffett Birthday release updated stubby to 0.2.3-3. So likely March/April timeframe for the next update.

 

[Marin]

Since my Stubby stopped working after upgrading Entware last night, was wondering if any of you have any suggestions of how to go about reinstalling it again. Do I have to revert back to the previous versions of getdns and Stubby? If yes, how do I do that? Via uninstall and install previous versions from the repository?

Thank you!


Sent from my iPhone using Tapatalk

 

[skeal]

Since my Stubby stopped working after upgrading Entware last night, was wondering if any of you have any suggestions of how to go about reinstalling it again. Do I have to revert back to the previous versions of getdns and Stubby? If yes, how do I do that? Via uninstall and install previous versions from the repository?

Thank you!


Sent from my iPhone using Tapatalk

I think the easiest way would be to delete the entware directory on your usb drive and then let diversion install entware.

 

[skeal]

Upgrading entware breaks Stubby at the moment.

 

[Jack Yaz]

I think the easiest way would be to delete the entware directory on your usb drive and then let diversion install entware.

@Marin Don't do this. Much simpler:

opkg remove getdns
/usr/sbin/curl -L -s --retry 3 "https://github.com/jackyaz/Stubby-Installer-Asuswrt-Merlin/raw/master/getdns_1.4.2-1a_aarch64-3.10.ipk" -o /var/tmp/patchedgetdns.ipk
opkg install /var/tmp/patchedgetdns.ipk && printf "getdns successfully patched\n" || printf "An error occurred patching getdns\n" || exit 1
rm /var/tmp/patchedgetdns.ipk

EDIT: and avoid running

opkg upgrade

for now

 

[Marin]

I think the easiest way would be to delete the entware directory on your usb drive and then let diversion install entware.

Good point! I had that same thought just now![emoji15]

Thanks!


Sent from my iPhone using Tapatalk

 

[Marin]

@Marin Don't do this. Much simpler:

opkg remove getdns
/usr/sbin/curl -L -s --retry 3 "https://github.com/jackyaz/Stubby-Installer-Asuswrt-Merlin/raw/master/getdns_1.4.2-1a_aarch64-3.10.ipk" -o /var/tmp/patchedgetdns.ipk
opkg install /var/tmp/patchedgetdns.ipk && printf "getdns successfully patched\n" || printf "An error occurred patching getdns\n" || exit 1
rm /var/tmp/patchedgetdns.ipk

EDIT: and avoid running

opkg upgrade

for now

Will try this @Jack Yaz! Thank you!


Sent from my iPhone using Tapatalk

 

[bbunge]

@Marin Don't do this. Much simpler:

opkg remove getdns
/usr/sbin/curl -L -s --retry 3 "https://github.com/jackyaz/Stubby-Installer-Asuswrt-Merlin/raw/master/getdns_1.4.2-1a_aarch64-3.10.ipk" -o /var/tmp/patchedgetdns.ipk
opkg install /var/tmp/patchedgetdns.ipk && printf "getdns successfully patched\n" || printf "An error occurred patching getdns\n" || exit 1
rm /var/tmp/patchedgetdns.ipk

EDIT: and avoid running

opkg upgrade

for now

Jack, this is to patch the AC86 Stubby install, right.

Will updating entware on say an AC68U still break stubby?

Sent from my SM-T380 using Tapatalk