Stubby-Installer-Asuswrt-Merlin

[Marin]

Was it showing correctly before Stubby was installed? (See my previous post above).

Is your issue just on the RT-AX88U?

I think so and I do think it may have occurred right before or after 384.10 release as that's when I did a full reset after that firmware come out and ever since then it has been showing the server as: 192.168.50.1. I have never had this happen on my AC86U as far as I can remember(or when @Jack Yaz and @Odkrys Stubby patches came out if I remember correctly):

/usr/sbin/curl -L -s --retry 3 "https://github.com/jackyaz/Stubby-Installer-Asuswrt-Merlin/raw/master/getdns_1.4.2-1a_aarch64-3.10.ipk" -o /var/tmp/patchedgetdns.ipk
            opkg install /var/tmp/patchedgetdns.ipk && printf "getdns successfully patched\n" || printf "An error occurred patching getdns\n" || exit 1
            rm /var/tmp/patchedgetdns.ipk

 

[Marin]

I did not modify any of the files at all this time. Simply started Stubby installation (DNS Filter = yes, DNSSEC proxy = yes) and then went through the validation steps showing the results above.

 

[Marin]

If anything, not having no-resolv might help.

# ls -la /etc/resolv.conf
lrwxrwxrwx    1 HdB34266 root            20 Apr  6 18:45 /etc/resolv.conf -> /rom/etc/resolv.conf

# cat /rom/etc/resolv.conf
nameserver 127.0.0.1

That is what I have as well:

@RT-AX88U-29F0:/tmp/home/root# ls -la /etc/resolv.conf
lrwxrwxrwx    1 XXXXXX root            16 Apr  6 21:53 /etc/resolv.conf -> /tmp/resolv.conf
XXXXXXXXX@RT-AX88U-29F0:/tmp/home/root# cat /rom/etc/resolv.conf
nameserver 127.0.0.1

 

[Marin]

I think it might be on behalf of folks using router VPN clients, but Stubby-Installer put a line in my /etc/dnsmasq.conf for a servers file which contains 192.168.50.1. Yet my lookup server shows as 127.0.0.1.

# grep server /etc/dnsmasq.conf
servers-file=/tmp/resolv.dnsmasq
server=127.0.0.1#5453
server=0::1#5453
server=/pool.ntp.org/1.1.1.1

# cat /tmp/resolv.dnsmasq
server=192.168.50.1

# drill github.com
;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 32172
;; flags: qr rd ra ; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;; github.com.  IN      A

;; ANSWER SECTION:
github.com.     22      IN      A       192.30.253.113
github.com.     22      IN      A       192.30.253.112

;; AUTHORITY SECTION:

;; ADDITIONAL SECTION:

;; Query time: 102 msec
;; EDNS: version 0; flags: ; udp: 1452
;; SERVER: 127.0.0.1
;; WHEN: Sat Apr  6 19:20:17 2019
;; MSG SIZE  rcvd: 91

# nslookup github.com
Server:    127.0.0.1
Address 1: 127.0.0.1 localhost.localdomain

Name:      github.com
Address 1: 192.30.253.112 lb-192-30-253-112-iad.github.com
Address 2: 192.30.253.113 lb-192-30-253-113-iad.github.com

I am seeing the same output as well:

@RT-AX88U-29F0:/tmp/home/root# grep server /etc/dnsmasq.conf
servers-file=/tmp/resolv.dnsmasq
server=127.0.0.1#5453
server=0::1#5453
server=/pool.ntp.org/1.1.1.1

@RT-AX88U-29F0:/tmp/home/root# cat /tmp/resolv.dnsmasq
server=192.168.50.1

@RT-AX88U-29F0:/tmp/home/root# drill github.com
;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 28994
;; flags: qr rd ra ; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;; github.com.    IN    A

;; ANSWER SECTION:
github.com.    57    IN    A    192.30.253.112
github.com.    57    IN    A    192.30.253.113

;; AUTHORITY SECTION:

;; ADDITIONAL SECTION:

;; Query time: 145 msec
;; EDNS: version 0; flags: ; udp: 1452
;; SERVER: 192.168.50.1
;; WHEN: Sat Apr  6 22:40:41 2019
;; MSG SIZE  rcvd: 91

Something must be different....but what is it????

 

[skeal]

Try it without proxy-dnssec...?

 

[EmeraldDeer]

I am seeing the same output as well:

@RT-AX88U-29F0:/tmp/home/root# grep server /etc/dnsmasq.conf
servers-file=/tmp/resolv.dnsmasq
server=127.0.0.1#5453
server=0::1#5453
server=/pool.ntp.org/1.1.1.1

@RT-AX88U-29F0:/tmp/home/root# cat /tmp/resolv.dnsmasq
server=192.168.50.1

@RT-AX88U-29F0:/tmp/home/root# drill github.com
;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 28994
;; flags: qr rd ra ; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;; github.com.    IN    A

;; ANSWER SECTION:
github.com.    57    IN    A    192.30.253.112
github.com.    57    IN    A    192.30.253.113

;; AUTHORITY SECTION:

;; ADDITIONAL SECTION:

;; Query time: 145 msec
;; EDNS: version 0; flags: ; udp: 1452
;; SERVER: 192.168.50.1
;; WHEN: Sat Apr  6 22:40:41 2019
;; MSG SIZE  rcvd: 91

Something must be different....but what is it????

So either delete the servers-file line from /etc/dnsmasq.conf or delete the contents of /tmp/resolv.dnsmasq

 

[Marin]

Unfortunately no luck. No proxy-dnssec and no DNS-filter:

@RT-AX88U-29F0:/tmp/home/root# drill github.com
;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 4820
;; flags: qr rd ra ; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;; github.com.    IN    A

;; ANSWER SECTION:
github.com.    12    IN    A    192.30.253.112
github.com.    12    IN    A    192.30.253.113

;; AUTHORITY SECTION:

;; ADDITIONAL SECTION:

;; Query time: 0 msec
;; SERVER: 192.168.50.1
;; WHEN: Sat Apr  6 22:56:55 2019
;; MSG SIZE  rcvd: 60

I am thinking about skipping AMTM installation and using the install curl on the GitHub to see if that makes a difference

 

[Marin]

Neither trial worked. My IP is still showing and I have no idea what could be causing this.

 

[Marin]

I have nothing out of ordinary installed. Just VPN and AMTM, nothing else at this point.

 

[Jack Yaz]

At a guess, is redirect when WAN down enabled? (i forget where that setting is though off the top of my head)

 

[Xentrk]

Neither trial worked. My IP is still showing and I have no idea what could be causing this.

All of the settings you posted look okay to me.

Are you using an OpenVPN Client. If no, then skip this post.

If so, what entry do you have in /jffs/configs/resolv.dnsmasq? Should be

SERVER=192.168.50.1 if you are using OpenVPN client based on your posts.

Compare to the file contents in /tmp/resolv.dnsasq. Should be the same.

What value to you have set for Accept DNS Configuration in the OpenVPN Client? @Adamm has an AX88U.

 

[Adamm]

@Adamm has an AX88U.

I can't reproduce the issue, my AX88U is working fine.

 

[eclp]

I can't reproduce the issue, my AX88U is working fine.

I can also confirm that it works very well with my AX88.

 

[Marin]

At a guess, is redirect when WAN down enabled? (i forget where that setting is though off the top of my head)

I have that disabled but I have always done that.


Sent from my iPhone using Tapatalk

 

[Marin]

All of the settings you posted look okay to me.

Are you using an OpenVPN Client. If no, then skip this post.

If so, what entry do you have in /jffs/configs/resolv.dnsmasq? Should be

SERVER=192.168.50.1 if you are using OpenVPN client based on your posts.

Compare to the file contents in /tmp/resolv.dnsasq. Should be the same.

What value to you have set for Accept DNS Configuration in the OpenVPN Client? @Adamm has an AX88U.

Yes I am using OpenVPN and I have always followed the same routine when resetting router and setting VPN up.

Accept DNS Configuration is Disabled due to Stubby. Before Stubby I used to have it as Strict do the Diversion would work (with dhcp option enabled in custom configuration).

I will check the file contents in /tmp/resolv.dnsmasq.

But I have never had to do this. I do believe something has changed with the install as I have always followed the same setup routine for the last 2 years and before Stubby was in AMTM.

I can’t pinpoint when things may have changed with this but I am thinking sometime before DNSFilter redirect implementation and 384.10. Again, this is a guess.

I am curious to see what a new user experience is with a brand new AX88U or new Stubby install for that matter.

Again, I have never had this happened before.


Sent from my iPhone using Tapatalk

 

[Xentrk]

@Marin

Could this be the culprit?

384.10 (24-March-2019)
- NEW: You can now choose between having your router do internal
DNS queries locally (through dnsmasq) or with your WAN
configured DNS (like stock firmware). This does not
affect DNS lookups from your clients, only those made
by the router itself. The option is under Tools ->
Other Settings. (Themiron)

 

[Marin]

Which one is this? Unless it is under a different name but this is what I have:

 

[Marin]

Yes, I can confirm that switching back to the default setting of "Yes" of the Wan: Use local caching DNS server as the system resolved (default: Yes) resolved my issue! Whew!!!

7@RT-AX88U-29F0:/tmp/home/root# drill github.com
;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 61588
;; flags: qr rd ra ; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;; github.com.  IN      A

;; ANSWER SECTION:
github.com.     57      IN      A       192.30.253.112
github.com.     57      IN      A       192.30.253.113

;; AUTHORITY SECTION:

;; ADDITIONAL SECTION:

;; Query time: 140 msec
;; EDNS: version 0; flags: ; udp: 1452
;; SERVER: 127.0.0.1
;; WHEN: Sun Apr  7 06:58:55 2019
;; MSG SIZE  rcvd: 91

@RT-AX88U-29F0:/tmp/home/root# nslookup github.com
Server:    127.0.0.1
Address 1: 127.0.0.1 localhost.localdomain

Name:      github.com
Address 1: 192.30.253.113 lb-192-30-253-113-iad.github.com
Address 2: 192.30.253.112 lb-192-30-253-112-iad.github.com

Thank you @Xentrk! Appreciate your help as always! I think we may need to have some sort of FYI on the Stubby Read.me (or perhaps include in the install instructions??). I think lately this switch (from the default) may have been recommended in the forums as means of reducing amount of RAM used by router...or it was simply me clicking on various settings too fast.

@L&LD --- not to put you on the spot on this but for some reason, I am thinking I may have seen this recommendation to switch this to "No" to save RAM on one of your M&M links but perhaps I am wrong---If yes, you may want to consider an additional line there forewarning those who may consider install Stubby after their factory reset. I apologize in advance if this is not correct.

 

[Xentrk]

Yes, I can confirm that switching back to the default setting of "Yes" of the Wan: Use local caching DNS server as the system resolved (default: Yes) resolved my issue! Whew!!!

View attachment 16926

7@RT-AX88U-29F0:/tmp/home/root# drill github.com
;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 61588
;; flags: qr rd ra ; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;; github.com.  IN      A

;; ANSWER SECTION:
github.com.     57      IN      A       192.30.253.112
github.com.     57      IN      A       192.30.253.113

;; AUTHORITY SECTION:

;; ADDITIONAL SECTION:

;; Query time: 140 msec
;; EDNS: version 0; flags: ; udp: 1452
;; SERVER: 127.0.0.1
;; WHEN: Sun Apr  7 06:58:55 2019
;; MSG SIZE  rcvd: 91

@RT-AX88U-29F0:/tmp/home/root# nslookup github.com
Server:    127.0.0.1
Address 1: 127.0.0.1 localhost.localdomain

Name:      github.com
Address 1: 192.30.253.113 lb-192-30-253-113-iad.github.com
Address 2: 192.30.253.112 lb-192-30-253-112-iad.github.com

Thank you @Xentrk! Appreciate your help as always! I think we may need to have some sort of FYI on the Stubby Read.me (or perhaps include in the install instructions??). I think lately this switch (from the default) may have been recommended in the forums as means of reducing amount of RAM used by router...or it was simply me clicking on various settings too fast.

@L&LD --- not to put you on the spot on this but for some reason, I am thinking I may have seen this recommendation to switch this to "No" to save RAM on one of your M&M links but perhaps I am wrong---If yes, you may want to consider an additional line there forewarning those who may consider install Stubby after their factory reset. I apologize in advance if this is not correct.

Good news @Marin. I'll note the issue with the setting on the README.md page tomorrow. Can also update the installer to make sure it is set to Yes.

 

[maxbraketorque]

I have DNSSEC enabled on my router and point the DNS servers on the router WAN config page to the Cloudflare servers. Is Stubby still needed if I have all my client devices set to pull their DNS queries from my router?