EmeraldDeer
Very Senior Member
I just sent a kill -SIGTERM to my stubby process and it did go down.
Stubby-Installer-Asuswrt-Merlin
- Thread starter Xentrk
- Start date
Xentrk
Part of the Furniture
I had to search thru the old posts myself to make sure. @dave14305 posted the link to the thread. In summary...
The nohup value in the S61stubby file is key to prevent stubby from being killed when you exit the shell.
Hey guys,
I need some advice. So I installed Stubby and changed the DNS IPs from Cloudflare in the stubby.yml file to another DNS provider (dismail.de who also supports DNS-over-TLS). However, doing a DNS check online it always shows Cloudflare as my current DNS server.
During the install I set Cache DNSSEC Authenticated Data (proxy-dnssec) to No.
Any hints on how to solve that?
I need some advice. So I installed Stubby and changed the DNS IPs from Cloudflare in the stubby.yml file to another DNS provider (dismail.de who also supports DNS-over-TLS). However, doing a DNS check online it always shows Cloudflare as my current DNS server.
During the install I set Cache DNSSEC Authenticated Data (proxy-dnssec) to No.
Any hints on how to solve that?
Last edited:
Xentrk
Part of the Furniture
You have to bounce Stubby after making the change to stubby.yml.
Code:
/opt/etc/init.d/S61stubby restart
skeal
Part of the Furniture
Copy and paste DNS server part of the .yml here so I can see how you have it set up.
Xentrk
Part of the Furniture
My VPN provider recently added support for WireGuard VPN on the gl-inet AR300M travel router which I happen to own. I flashed the new OpenWRT Beta firmware as it makes the setup a breeze compared to the current production firmware. Look what I found when looking over the menus:
That feature requires an Easy Button gif
That feature requires an Easy Button gif
Thanks for your reply Xntrk. After I restarted Stubby I cannot connect to the internet anymore.
Did I miss anything? I basically just changed the below DNS data with the onees that is provided here: https://dismail.de/info.html#dns
Do I also need to change my DNS settings in the router, as I am using Strict and added dhcp-option DNS 80.241.218.68?
Here is what is in my stubby.yml file:
# stubby.yml configuration file created by Xentrk
# version 1.0.0
tls_ca_file: "/rom/etc/ssl/certs/ca-certificates.crt"
resolution_type: GETDNS_RESOLUTION_STUB
dns_transport_list:
- GETDNS_TRANSPORT_TLS
tls_authentication: GETDNS_AUTHENTICATION_REQUIRED
tls_query_padding_blocksize: 128
edns_client_subnet_private : 1
round_robin_upstreams: 1
idle_timeout: 2000
tls_connection_retries: 5
tls_backoff_time: 900
timeout: 2000
appdata_dir: "/opt/var/cache/stubby"
listen_addresses:
- 127.0.0.1@5453
- 0::1@5453
upstream_recursive_servers:
# Cloudflare Primary IPv4
- address_data: 80.241.218.68
tls_auth_name: "fdns1.dismail.de"
# Cloudflare Secondary IPv4
- address_data: 80.241.218.68
tls_auth_name: "fdns1.dismail.de"
# Cloudflare Primary IPv6
- address_data: 2a02:c205:3001:4558::1
tls_auth_name: "fdns1.dismail.de"
# Cloudflare Secondary IPv6
- address_data: 2a02:c205:3001:4558::1
tls_auth_name: "fdns1.dismail.de"
# Tweaks for statically linked binaries
tls_min_version: GETDNS_TLS1_3
tls_ciphersuites: "TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256"
Last edited:
Thanks skeal. What exactly do you mean, as I simply just replaced their IP addresses and tls auth name.
skeal
Part of the Furniture
This is the original spacing:
Code:
upstream_recursive_servers:
# Quad 9 Secure Primary
# - address_data: 9.9.9.9
# tls_auth_name: "dns.quad9.net"
# Quad 9 Secure Primary
# - address_data: 2620:fe::fe
# tls_auth_name: "dns.quad9.net"
# Cloudflare Primary IPv4
- address_data: 1.1.1.1
tls_auth_name: "cloudflare-dns.com"
# Cloudflare Secondary IPv4
- address_data: 1.0.0.1
tls_auth_name: "cloudflare-dns.com"
# Cloudflare Primary IPv6
- address_data: 2606:4700:4700::1111
tls_auth_name: "cloudflare-dns.com"
# Cloudflare Secondary IPv6
- address_data: 2606:4700:4700::1001
tls_auth_name: "cloudflare-dns.com"OK, I double checked and the spacing is exactly the same as in your example skeal and I only changed thee IP addresses with the new DNS provider:
Code:
# stubby.yml configuration file created by Xentrk
# version 1.0.0
tls_ca_file: "/rom/etc/ssl/certs/ca-certificates.crt"
resolution_type: GETDNS_RESOLUTION_STUB
dns_transport_list:
- GETDNS_TRANSPORT_TLS
tls_authentication: GETDNS_AUTHENTICATION_REQUIRED
tls_query_padding_blocksize: 128
edns_client_subnet_private : 1
round_robin_upstreams: 1
idle_timeout: 2000
tls_connection_retries: 5
tls_backoff_time: 900
timeout: 2000
appdata_dir: "/opt/var/cache/stubby"
listen_addresses:
- 127.0.0.1@5453
- 0::1@5453
upstream_recursive_servers:
# Cloudflare Primary IPv4
- address_data: 80.241.218.68
tls_auth_name: "fdns1.dismail.de"
# Cloudflare Secondary IPv4
- address_data: 80.241.218.68
tls_auth_name: "fdns1.dismail.de"
# Cloudflare Primary IPv6
- address_data: 2a02:c205:3001:4558::1
tls_auth_name: "fdns1.dismail.de"
# Cloudflare Secondary IPv6
- address_data: 2a02:c205:3001:4558::1
tls_auth_name: "fdns1.dismail.de"
# Tweaks for statically linked binaries
tls_min_version: GETDNS_TLS1_3
tls_ciphersuites: "TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256"However when I use the above code I cannot connect to the internet anymore....
Last edited:
skeal
Part of the Furniture
I'm starting to think your added instructions at the bottom are coming across something it doesn't like.
So you're saying I should delete this line, which is in the original file (I did not add it):
Code:
# Tweaks for statically linked binaries
tls_min_version: GETDNS_TLS1_3
tls_ciphersuites: "TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256"
dave14305
Part of the Furniture
Don’t duplicate the entries if there is only one IP address provided by the provider.
visortgw
Very Senior Member
Your provider doesn't support TLS v1.3. You need to change the tls_min_version line to reflect TLS v1.2:
Code:
tls_min_version: GETDNS_TLS1_2
bbunge
Part of the Furniture
First, remove the last three lines beginning with "# Tweaks for statically linked binaries"
Restart Stubby and see if it works.
Next change round_robin_upstreams: 1 to round_robin_upstreams: 0
Change upstream_recursive_servers: to
See: https://dismail.de/info.html#dns
Your service provider has only one IPV4 and one IPV6 DNS address. If you use IPV6 remove the pound signs in two places.
Restart Stubby and see if it works.
Next change round_robin_upstreams: 1 to round_robin_upstreams: 0
Change upstream_recursive_servers: to
Code:
upstream_recursive_servers:
# dismail.de IPv4
- address_data: 80.241.218.68
tls_auth_name: "fdns1.dismail.de"
# dismail.de IPv6
# - address_data: 2a02:c205:3001:4558::1
# tls_auth_name: "fdns1.dismail.de"Your service provider has only one IPV4 and one IPV6 DNS address. If you use IPV6 remove the pound signs in two places.
Alrigth, it seems to work now, after I changed the tls_min_version: GETDNS_TLS1_3 to 1_2:
Thanks everyone who helped!!!
Should I also change now round_robin_upstreams: 1 to round_robin_upstreams: 0?
Also, since the above works, would that be a better version to use:
Code:
# stubby.yml configuration file created by Xentrk
# version 1.0.0
tls_ca_file: "/rom/etc/ssl/certs/ca-certificates.crt"
resolution_type: GETDNS_RESOLUTION_STUB
dns_transport_list:
- GETDNS_TRANSPORT_TLS
tls_authentication: GETDNS_AUTHENTICATION_REQUIRED
tls_query_padding_blocksize: 128
edns_client_subnet_private : 1
round_robin_upstreams: 1
idle_timeout: 2000
tls_connection_retries: 5
tls_backoff_time: 900
timeout: 2000
appdata_dir: "/opt/var/cache/stubby"
listen_addresses:
- 127.0.0.1@5453
- 0::1@5453
upstream_recursive_servers:
# Cloudflare IPv4
- address_data: 80.241.218.68
tls_auth_name: "fdns1.dismail.de"
# Cloudflare IPv6
- address_data: 2a02:c205:3001:4558::1
tls_auth_name: "fdns1.dismail.de"
# Tweaks for statically linked binaries
tls_min_version: GETDNS_TLS1_2
tls_ciphersuites: "TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256"Thanks everyone who helped!!!
Should I also change now round_robin_upstreams: 1 to round_robin_upstreams: 0?
Also, since the above works, would that be a better version to use:
Code:
- address_data: 80.241.218.68
tls_auth_name: "fdns1.dismail.de"
tls_pubkey_pinset:
- digest: "sha256"
value: MMi3E2HZr5A5GL+badqe3tzEPCB00+OmApZqJakbqUU=
cmkelley
Very Senior Member
No, the two things aren't connected. Leave it.
Similar threads
Similar threads
Similar threads
-
Release Asuswrt-Merlin 3006.102.2 is now available for Wifi 7 devices
- Started by RMerlin
- Replies: 24
-
Unable to establish VPN connection to my PiVPN (ovpn) from my Asus RT-AC86U running Asuswrt-Merlin 386.14
- Started by B0GDAN
- Replies: 1
-
Several Questions Re:Asuswrt-Merlin Feature Implementation
- Started by fenixreign
- Replies: 2
-
-
Beta Asuswrt-Merlin 3006.102.2 Beta is now available for Wifi 7 devices
- Started by RMerlin
- Replies: 70
-
-
-
-
-
Latest threads
-
RT-AX86U Pro - Using as PPPoE modem with BT Full Fibter internet- Started by Zakalwe
- Replies: 1
-
Release RT-BE92U Firmware 3.0.0.6_102_37025 11/05/2024
- Started by iFrogMac
- Replies: 1
-
Release ASUS GT-BE98 Firmware version 3.0.0.6.102_36855 (2024/11/05)
- Started by jzchen
- Replies: 1
-
-
ROG 98 Pro: Fire Stick 4K Max won’t connect to WiFi 6E???
- Started by Poseidon
- Replies: 3
Support SNBForums w/ Amazon
If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!
Sign Up For SNBForums Daily Digest
Get an update of what's new every day delivered to your mailbox. Sign up here!
Staff online
-
thigginsMr. Easy