Stubby-Installer-Asuswrt-Merlin

[dmillerzx]

on the post-mount.div file


# set environment PATH to system binaries
export PATH=/sbin:/bin:/usr/sbin:/usr/bin:$PATH
sleep 20############# stubby delay test
OF="$(find $1/entware*/bin/opkg 2> /dev/null)"
if [ "$OF" ]; then
ln -nsf "$(echo "$OF" | sed 's~/bin/opkg~~g')" /tmp/opt
/opt/etc/init.d/rc.unslung start $0
logger -t Diversion "started Entware services, from $0"
service restart_dnsmasq
diversion ash_history
fi
#eof

Q: Is this located under /jffs/scripts ?just curious because mine has a lot less going on.

#!/bin/sh

if [ -d "$1/entware" ] ; then
ln -nsf $1/entware /tmp/opt
fi

 

[visortgw]

on the post-mount.div file


# set environment PATH to system binaries
export PATH=/sbin:/bin:/usr/sbin:/usr/bin:$PATH
sleep 20############# stubby delay test
OF="$(find $1/entware*/bin/opkg 2> /dev/null)"
if [ "$OF" ]; then
ln -nsf "$(echo "$OF" | sed 's~/bin/opkg~~g')" /tmp/opt
/opt/etc/init.d/rc.unslung start $0
logger -t Diversion "started Entware services, from $0"
service restart_dnsmasq
diversion ash_history
fi
#eof

Just a suggestion, but if I decided to add a delay like this, I would put it in the post-mount file just prior to where post-mount.div is invoked. By editing the post-mount.div file, you run the risk that a future update to diversion might overwrite the file, thereby blindly removing your sleep.

 

[faria]

Just a suggestion, but if I decided to add a delay like this, I would put it in the post-mount file just prior to where post-mount.div is invoked. By editing the post-mount.div file, you run the risk that a future update to diversion might overwrite the file, thereby blindly removing your sleep.

Indeed, this was a test, i guess we could delay entware itself at startup or make sure stubby does not start before wan is up, but that i will leave to the code geniuses.

 

[faria]

Q: Is this located under /jffs/scripts ?just curious because mine has a lot less going on.

#!/bin/sh

if [ -d "$1/entware" ] ; then
ln -nsf $1/entware /tmp/opt
fi

yes , if you don't have diversion installed or a different version of entware then it will go into "/jffs/script/post-mount" script.
in your case then :
#!/bin/sh
sleep 20
if [ -d "$1/entware" ] ; then
ln -nsf $1/entware /tmp/opt
######## please note; this is a test, not andefinitive fix so far.

 

[cmkelley]

Using the web interface, i don't know anywhere in it where you can do that, in other words pass the IPV6 dns to the clients that you set on the IPV6 wan page! Now using ssh and other methods, then its different history... not that i know the commands to do that or if it is really possible or not, but i guess, it should be?

I don't know enough about IPv6 to say if it should be possible per the spec or not. To be honest IPv6 is mostly a black box to me. The few bits I know about IPv4 don't seem to apply to IPv6.

 

[cmkelley]

Yes using the ip , i tried you script yesterday but it did not work, could not find the server , all my devices sync to it with no problems, so i don't know what the problem was.

If you're interested in getting it working (and I'm cool if you're not), we could try a bit of troubleshooting in that thread. You could try at a minimum changing the script to hardcode the ip and cycles and see if it works that way.

 

[faria]

If you're interested in getting it working (and I'm cool if you're not), we could try a bit of troubleshooting in that thread. You could try at a minimum changing the script to hardcode the ip and cycles and see if it works that way.

Sure, i will try in a few hours, 1:30 am here right now.

 

[dmillerzx]

I ended up removing the delay, what seems to have helped was correcting the IPV6 config.

If you're using IPV6 you need to set the DNS server to the IPV6 address for your router. I was previously using Cloudfares IPV6 addresses which was causing issues.

Continuing to monitor, looks promising though as I'm passed the help check after 3 reboots consecutively.

To dave14305's credit I don't believe the script takes into account IPV6 setups.

 

[shark]

I ended up removing the delay, what seems to have helped was correcting the IPV6 config.

If you're using IPV6 you need to set the DNS server to the IPV6 address for your router. I was previously using Cloudfares IPV6 addresses which was causing issues.

Continuing to monitor, looks promising though as I'm passed the help check after 3 reboots consecutively.

To dave14305's credit I don't believe the script takes into account IPV6 setups.

Did the same thing and same results.

 

[dave14305]

Maybe the easiest way to deal with IPv4 and IPv6 would be to remove the “servers-file=/tmp/resolv.dnsmasq” line from dnsmasq.conf via a pc_delete in dnsmasq.postconf, but only if the needed server entries already exist in dnsmasq.conf.add.

The whole notion of setting the WAN DNS servers to 127.0.0.1 or 192.168.1.1 was based on a concern for preventing leakage before stubby was up and running.
https://github.com/openwrt/packages...ding-dns-requests-to-isp-provided-dns-servers

I think removing the line above will leave the router no choice but to use stubby, ever. Even local router resolution will use /etc/resolv.conf which points to 127.0.0.1.

 

[Xentrk]

Well, first of all I think the Entware guys pick a sensible choice of order in the init script. So it should be fine for Stubby to stay S61 and pixelserv-tls S80.

Script kiddies on this forum like to add a sleep here and there..very poor programming style IMO. So you might want to check if that causes delayed startup of suspected processes..

(I hope I read your problem correctly...I didn't go through the thread)

@cmkelley & @kvic

Entware did not come with a start-up script. The start-up script I made is "home grown". The reason I picked S61 was because it was the same as Unbound, a DNS Resolver. It gave me a number to use as a start. It can easily change the priority number if needed.

 

[Adamm]

I've pushed a commit that should help with the edge cases where Stubby fails to start due to NTP not being ready. To apply the change users will need to run the install function which will update their configuration files.

(and before someone asks, no you do not need to uninstall first, the script will do the heavy lifting for you)

 

[Xentrk]

That's planned and been asked for a felt 100 times.
I'm waiting for @Xentrk to give the go ahead. Then I need some time to code the amtm side.

I think we are closer than before. @Adamm just posted a commit to fix the timing issue. If that appears to work for those having issues, then it should be okay to add it to AMTM.

 

[Xentrk]

Cool!

I would like to do something similar for unbound (with openssl 1.1.1a statically), for AC86U and AC68U.

Where can I find how to do this? Do you have any pointers?

@XIII

Not sure where you are at with trying to get Unbound to play nice with Stubby.

Yesterday, I implemented DoT to Cloudflare on my pfSense build. On the System->General Setup Page, I specified 1.1.1.1 as DNS on the WAN iface. On DNS Resolver (Unbound) I added the following to Custom Config section:

server:
  include: /var/unbound/pfb_dnsbl.*conf
do-tcp: yes
forward-zone:
  name: "."
  forward-ssl-upstream: yes
  forward-addr: 1.1.1.1@853

You can eliminate the line

  include: /var/unbound/pfb_dnsbl.*conf

as that is specific to other pfBlockerNG package. If I have DNSSEC enabled on Unbound, the 1.1.1.1/help test page fails. With it turned off, the test page works.

I previously configured my Unbound to route my DNS over the three OpenVPN clients. But for some reason, that stopped working and requires more analysis. On the good side, I get faster response time on pages loading. Rather than my DNS traveling half way across the globe and back, it travels to the Cloudflare DNS in Bangkok.

 

[cmkelley]

@cmkelley & @kvic

Entware did not come with a start-up script. The start-up script I made is "home grown". The reason I picked S61 was because it was the same as Unbound, a DNS Resolver. It gave me a number to use as a start. It can easily change the priority number if needed.

No need. It turned out to be a fluke, S61 is fine, your reasoning is excellent.

It would be very helpful to those of us using IPv6 though to do the same to the IPv6 DNS during the install as you do to the IPv4 DNS; set the 1st server to the router LAN IPv6 address and blank the others. That solved the failure to work after reboot problem for a couple of us.

 

[skeal]

It would be very helpful to those of us using IPv6 though to do the same to the IPv6 DNS during the install as you do to the IPv4 DNS; set the 1st server to the router LAN IPv6 address and blank the others. That solved the failure to work after reboot problem for a couple of us.

@Xentrk I concur, this would be a good move to bring IPv6 into the fold.

 

[bluzfanmr1]

I've pushed a commit that should help with the edge cases where Stubby fails to start due to NTP not being ready. To apply the change users will need to run the install function which will update their configuration files.

(and before someone asks, no you do not need to uninstall first, the script will do the heavy lifting for you)

When I run the install function it always overwrites my stubby.yml file. This has happened multiple times. I have an RT-AC66U_B1 running 384.8_2. To run the update I use sh install_stubby.sh from /jffs/scripts. Am I doing something wrong?

 

[Adamm]

When I run the install function it always overwrites my stubby.yml file. This has happened multiple times. I have an RT-AC66U_B1 running 384.8_2. To run the update I use sh install_stubby.sh from /jffs/scripts. Am I doing something wrong?

This is intended behavior. stubby.yml and S61stubby are overwritten with the newer version from the github repo. With that being said, once the project is considered stable these updates should be rare unless required upstream.

 

[bluzfanmr1]

This is intended behavior. stubby.yml and S61stubby are overwritten with the newer version from the github repo. With that being said, once the project is considered stable these updates should be rare unless required upstream.

Thanks I didn't think of that as we get used to the idea of a config file always being static and it's not a big deal as the changes are minimal but I wanted to verify. Thanks.

 

[XIII]

Not sure where you are at with trying to get Unbound to play nice with Stubby.

I'm only using unbound...

I thought unbound and stubby were (kind of) alternatives for each other. What does using them both add to the mix?