What's new

Stubby-Installer-Asuswrt-Merlin

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Following the upgrade to 384.9, my syslog was periodically being flooded with the following error:

Code:
dnsmasq[7551]: failed to send packet: Operation not permitted

With the help of @RMerlin this was traced to the following line with the stubby installer adds to dnsmasq.conf.add:

Code:
server=0::1#5453

By simply commenting this out the errors stopped. I am able to succesfully reach the stubby resolver via dig over IPv6 loopback, but it looks like dnsmasq is not. I don't know if this was a regression in the dnsmasq version changes between 384.8 and 384.9, but this solved it for me.

Might I suggest removing the above offending line from the installer or making it optional? Frankly, is there a difference between using IPv4 and IPv6 if it's just on the loopback to stubby?[/S}

Post edited - this is not the solution I hoped it was. Issue has returned.
 
Last edited:
Following the upgrade to 384.9, my syslog was periodically being flooded with the following error:

Code:
dnsmasq[7551]: failed to send packet: Operation not permitted

With the help of @RMerlin this was traced to the following line with the stubby installer adds to dnsmasq.conf.add:

Code:
server=0::1#5453

By simply commenting this out the errors stopped. I am able to succesfully reach the stubby resolver via dig over IPv6 loopback, but it looks like dnsmasq is not. I don't know if this was a regression in the dnsmasq version changes between 384.8 and 384.9, but this solved it for me.

Might I suggest removing the above offending line from the installer or making it optional? Frankly, is there a difference between using IPv4 and IPv6 if it's just on the loopback to stubby?
It is easy enough for you to comment those out on your config files. Do it in dnsmasq.conf.add and stubby.yml then remember to restart dnsmasq and stubby.
You can also remove the port number from the loopback values and let stubby and dnsmasq use the default port 53. I've not tested this but it should work.
Also set:
round_robin_upstreams: 0


Question for you: Do you have an IPV6 upstream resolver configured in your stubby.yml? If not that could be the cause of the error messages.
 
Last edited:
It is easy enough for you to comment those out on your config files. Do it in dnsmasq.conf.add and stubby.yml then remember to restart dnsmasq and stubby.
You can also remove the port number from the loopback values and let stubby and dnsmasq use the default port 53. I've not tested this but it should work.

Question for you: Do you have an IPV6 upstream resolver configured in your stubby.yml? If not that could be the cause of the error messages.
This is not the solution I hoped it was, the entries return so I will continue troubleshooting it. Hand-editing is fine, but the installer will keep adding the lines back which is suboptimal. Moot point as this doesn't appear to solve anything at this juncture.
 
DNS query on mine is checked. I thought Stubby makes this change. I never selected it, but I remember Stubby saying that it would change the default way the router handled DNS.

Sent from my Nokia 7.1 using Tapatalk
FYI, the installer sets WAN->DNS1 to be the same IP address as your router and disables DNSSEC if it is selected.
 
This is not the solution I hoped it was, the entries return so I will continue troubleshooting it. Hand-editing is fine, but the installer will keep adding the lines back which is suboptimal. Moot point as this doesn't appear to solve anything at this juncture.
The installer will create a back-up of the existing stubby.yml by appending the timestamp to the end of the file name. After running the installer, you can copy the backup copy to stubby.yml.
 
This is not the solution I hoped it was, the entries return so I will continue troubleshooting it. Hand-editing is fine, but the installer will keep adding the lines back which is suboptimal. Moot point as this doesn't appear to solve anything at this juncture.
I ask again: Do you have an IPV6 upstream resolver configured in your stubby.yml? Have you changed: round_robin_upstreams: 0

Also, if you do have IPV6 configured I suggest you remove the IPV6 DNS servers (1, 2 and 3) as a test. Earlier testing showed I did need the entries.
 
Last edited:
I ask again: Do you have an IPV6 upstream resolver configured in your stubby.yml? Have you changed: round_robin_upstreams: 0

Also, if you do have IPV6 configured I suggest you remove the IPV6 DNS servers (1, 2 and 3) as a test. Earlier testing showed I did need the entries.
Yes I have both Couldflare IPv6 upstream configured. Have tried round robin both ways and only the LAN IPv6 is listed for IPv6 DNS. Stubby is not having visible issues with resolution, this is a dnsmasq issue which I thought was due to it being unable to reach stubby at all times but no longer believe. Still troubleshooting the dnsmasq error.
 
The installer will create a back-up of the existing stubby.yml by appending the timestamp to the end of the file name. After running the installer, you can copy the backup copy to stubby.yml.
I’m referring to dnsmasq.conf.add. Perhaps similar functionality could be added when it’s deemed necessary to append a new entry? Agreed, it’s very nice that the yml is backed up.
 
I’m referring to dnsmasq.conf.add. Perhaps similar functionality could be added when it’s deemed necessary to append a new entry? Agreed, it’s very nice that the yml is backed up.

Stubby.yml is backed up only because we completely replace that file when the installer is run.

dnsmasq.conf.add is different, we only append to the file specific lines. I don't see a good reason to unnecessarily back it up as the process of restoring a backup would take longer then removing one of the 4 entries we add to the file.
 
This probably does not help, but my setup is working as you would want it to.
- LAN>DHCP Server>Advertise router IP for DNS is enabled
- LAN>DNSFilter>Enabled with Global Filter Mode set to Router
- VPN is IPSec (native, fast and rock solid on Apple iOS)
- If I VPN in from my phone network to my router, run Diversion - follow dnsmasq.log on a router command line session, browse websites on phone's Safari, I can see Diversion blocking ads
It sounds like that is something you have to do manually each time before the ads are blocked, correct?

Sent from my Nokia 7.1 using Tapatalk
 
It sounds like that is something you have to do manually each time before the ads are blocked, correct?

Sent from my Nokia 7.1 using Tapatalk
No, it is all one time setup.

Not sure if this could make a difference, but VPN was setup after everything else.

When I connect from my phone network to my router via IPSec VPN, the DNS server is listed as my router LAN IP address.

However, from the Stubby installer description at https://github.com/Xentrk/Stubby-Installer-Asuswrt-Merlin there is this, suggesting more DNS complexity with OpenVPN:
  • If one or more active OpenVPN Clients are found, create the file /jffs/configs/resolv.dnsmasq and add an entry in /jffs/scripts/openvpn-event to copy /jffs/configs/resolv.dnsmasq to /tmp/resolv.dnsmasq. This is required to prevent OpenVPN up/down events from adding the internal VPN DNS server IP addresses 10.9.0.1 and 10.8.0.1 to /tmp/resolv.dnsmasq.
 
Last edited:
No, it is all one time setup.

Not sure if this could make a difference, but VPN was setup after everything else.

When I connect from my phone network to my router via IPSec VPN, the DNS server is listed as my router LAN IP address.

However, from the Stubby installer description at https://github.com/Xentrk/Stubby-Installer-Asuswrt-Merlin there is this, suggesting more DNS complexity with OpenVPN:
Thank you for all the trouble you have gone through. This seems to be the next step for me to try, however I have been reading the wiki for hours and playing around with the editor, but it seems to be beyond me. Looks like the end of the road.

Appreciate the help.

Sent from my Nokia 7.1 using Tapatalk
 
When I install Stubby through amtm. I lose internet connectivity after a reboot.

If I change my WAN DNS back to a normal resolver. It's fine internet works.

I am running Diversion, SkyNET, amtm, and FreshJR.

Same after a jffs reformat and USB format to start totally clean.

Any ideas?
 
When I install Stubby through amtm. I lose internet connectivity after a reboot.

If I change my WAN DNS back to a normal resolver. It's fine internet works.

I am running Diversion, SkyNET, amtm, and FreshJR.

Same after a jffs reformat and USB format to start totally clean.

Any ideas?
Disable Network Monitoring. It is in Administration System on 384.9

Sent from my SM-T380 using Tapatalk
 
Disable Network Monitoring. It is in Administration System on 384.9

Sent from my SM-T380 using Tapatalk
I have neither DNS Query or ping enabled
 
I have neither DNS Query or ping enabled

Neither do I, and I experienced the same issue randomly after Stubby had been running for a day or so — I woke up to find the router had a WAN IP but no internet with 100% packet loss and the syslog was filled with SERVFAIL messages. The net access returned when I set WAN DNS to 1.1.1.1, but DoT didn’t work. So then I set WAN DNS back to router IP for stubby (eg192.168.1.1) and DoT did work. No reboot or reinstall was required. No idea what caused it. I noticed servfail messages appear during a skynet update once so I’m wondering if a overnight skynet auto-update could have caused it.
 
Neither do I, and I experienced the same issue randomly after Stubby had been running for a day or so — I woke up to find the router had a WAN IP but no internet with 100% packet loss and the syslog was filled with SERVFAIL messages. The net access returned when I set WAN DNS to 1.1.1.1, but DoT didn’t work. So then I set WAN DNS back to router IP for stubby (eg192.168.1.1) and DoT did work. No reboot or reinstall was required. No idea what caused it. I noticed servfail messages appear during a skynet update once so I’m wondering if a overnight skynet auto-update could have caused it.
Hmm... After running stubby successfully for weeks I too experienced the same issue this morning. Had loaded up a fresh USB drive four days ago using amtm. Used amtm to format the drive to ext3 without journal, added entware and stubby. Stubby with the proxy dnssec and firewall options. Did not check logs for errors but set DNS to quad9 and blew away everything related to the USB drive.
Will likely go back to stubby later today. Am considering using a modified install script to eliminate havegd and a couple other recent changes I feel were not needed.

Sent from my SM-T380 using Tapatalk
 
I noticed servfail messages appear during a skynet update once so I’m wondering if a overnight skynet auto-update could have caused it.

Unlikely that its caused by Skynet. Stubby has been running fine on my end without a single crash for weeks nor would there be any reason for the two to conflict. The problem is likely causes by a unrelated setting on the router or the stubby binary its-self which is out of my control. Do remember this is an installer script, I don't have any control over the binary. For issues with the binary you would need to direct your complaints to the relevant team.

Am considering using a modified install script to eliminate havegd and a couple other recent changes I feel were not needed.

install_stubby is an opensource project, anyone is able to submit pull requests. Entropy is important and haveged is used by many projects/operating systems by default dating back to 2003.

Please do let me know any other changes you think are not needed. Hours of hard work from both @Xentrk and myself have gone into this script, we do this in our free time and ask nothing in return beyond a smile and a positive attitude. If there is a reproducible bug, I would be more then happy to fix it. Unfortunately I can't fix an issue based on "it stopped working".
 
Unlikely that its caused by Skynet. Stubby has been running fine on my end without a single crash for weeks nor would there be any reason for the two to conflict. The problem is likely causes by a unrelated setting on the router or the stubby binary its-self which is out of my control. Do remember this is an installer script, I don't have any control over the binary. For issues with the binary you would need to direct your complaints to the relevant team.



install_stubby is an opensource project, anyone is able to submit pull requests. Entropy is important and haveged is used by many projects/operating systems by default dating back to 2003.

Please do let me know any other changes you think are not needed. Hours of hard work from both @Xentrk and myself have gone into this script, we do this in our free time and ask nothing in return beyond a smile and a positive attitude. If there is a reproducible bug, I would be more then happy to fix it. Unfortunately I can't fix an issue based on "it stopped working".
My install and setup is pretty basic. Defaults for everything installed.

Is there any logs I could pull to figure out what’s going on?

I can see I am leased an address from my modem. It works if I move off of Stubby, to just using 1.1.1.1 as my WAN DNS.
 
My install and setup is pretty basic. Defaults for everything installed.

Is there any logs I could pull to figure out what’s going on?

I can see I am leased an address from my modem. It works if I move off of Stubby, to just using 1.1.1.1 as my WAN DNS.

Any errors from the syslog would be a good start, along with any unusual output from the command "stubby -l"

Unfortunately beyond that its quite hard for me to assess whats going on, I did a clean install on my router as recently as 12 hours ago and can not reproduce this (or any abnormalities for that matter).
 

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top