[Test] Asuswrt-Merlin LTS fork - Multiple items

[HowIFix]

Look what I found, maybe @miau1 is right about his settings, maybe it's the best you can get using traditional QoS and you made fun of them and him, despising that boy just because he has few posts.

When I look at the @miau1 settings, for me they look like Adaptive QoS the truth, you who have never used Adaptive QoS or the @FreshJR script do not know what I'm talking about and more with the explanation he has in post #6, just that Adaptive QoS without @FreshJR script is broken...

If you have not committed sin, then throw the first stone.

QoS

Just a quick warning about something that caught me out. I noticed that I was getting DNS timeouts while browsing whenever my wife was using Netflix. I've never had DNS timeouts before.

This morning "the penny dropped" and I realised that one my QoS rules was now no longer correct since I was using DoT. DNS should have been getting the Highest priority, but as DoT doesn't use port 53 it was defaulting to Low priority (which was below HTTP/S streaming).

Obvious when you think about it . Anyway, here's my updated QoS rule.

 

[jrmwvu04]

Look what I found, maybe @miau1 is right about his settings, maybe it's the best you can have using traditional QoS and you made fun of them and him, despising that boy just because he has few posts. Just my $0.02 worth...

When I look at the @miau1 settings, for me they look like Adaptive QoS the truth, you who have never used Adaptive QoS or the @FreshJR script do not know what I'm talking about and more with the explanation he has in post #6, just that Adaptive QoS without @FreshJR script is broken...

If you have not committed sin, then throw the first stone.

If the point you’re trying to make is that Colin’s rules are good, I would agree.

 

[HowIFix]

The @ColinTaylor rules are for device priority, similar to what Bandwidth Monitor Priority (an extra option that there is in Adaptive QoS) does, but the rules and settings of @miau1 are similar to Adaptive QoS of FreshJR.

I summarize it in this simple way:

Adaptive QoS of @FreshJR > Adaptive QoS > Bandwidth Monitor Priority

 

[ColinTaylor]

...that I never said or bad meaning for what I write...

Thank you for the clarification. Without an explanation it was not obvious what the purpose of your post was.

Is that always @RMerlin gets angry with me, when I post that release a new version test. I only do it for them to see, if there is an important fix.

I expect John is also well aware of any test builds of dnsmasq and equally doesn't need to be told about it.

 

[bbunge]

After going back to stock Asus again I weighed my priorities and decided to give 35T3 another try. Pretty basic setup, no IPV6, DoT with DNSSEC using the two Cloudflare resolvers, added QOS rule for DoT on port 853 Highest along with my reserved IP addresses and a 1 TB USB2 external drive. So far things have been working well.
I did give Cleanbrowsing Adult a try and there is no block page. It just comes up with a can't find that page which is OK for me. Cleanbrowsing seems to be almost as fast as Cloudflare. I reach both Cloudflare and Cleanbrowsing through their Chicago hub. Tested Quad9 briefly and was experiencing lag as I did before so I'll stick with Cloudflare.
Does Stubby or Getdns have the ability to cache resolved names?

bb

 

[HowIFix]

DNS Privacy Daemon - Stubby - DNS Privacy Project - DNS Privacy Project

I hope when this release, does not have the same errors as in DNSCrypt...

 

[bbunge]

Three days and 18 hours up on 35T3. Have not had to "adjust" any settings and have not gotten complaints from the girls about connecting to their web sites. Only excitement is three entries in the log this morning about a possible rebind attack from a Dyn DNS registered web app, on a remote Windows desktop, that I have used for years which I've reported to the server admin.

 

[HowIFix]

@john9527 I do not know if something here will work for you

• Tomato:
  • https://bitbucket.org/kille72/freshtomato-arm/commits/all
  • https://bitbucket.org/pedro311/freshtomato-arm/commits/all
  • https://bitbucket.org/pedro311/freshtomato-mips/commits/all

• Advance Tomato:
  • https://bitbucket.org/AndreDVJ/advancedtomato-arm/commits/all
  • https://bitbucket.org/Grinch22/advancedtomato-arm/commits/all

• Asuswrt-Merlin
  • https://github.com/RMerl/asuswrt-merlin.ng/commits/

 

[john9527]

I do not know if something here will work for you

Actually, they are borrowing from my build. Good use of GPL

I also periodically go through their repo looking for things.....in fact the DoT build ported over a method they use for conditional compiles in the gui pages.

 

[bbunge]

Wrote too soon..
Noticed errors in stubby.log earlier using Cloudflare. Switched to Quad9 and see:
[19:26:56.891810] STUBBY: Read config from file /etc/stubby.yml
[19:33:10.988253] STUBBY: *FAILURE* no valid transports or upstreams available!
[19:33:10.988691] STUBBY: *FAILURE* no valid transports or upstreams available!
[19:33:10.989175] STUBBY: *FAILURE* no valid transports or upstreams available!
[19:33:10.989621] STUBBY: *FAILURE* no valid transports or upstreams available!
[19:33:10.989935] STUBBY: *FAILURE* no valid transports or upstreams available!
[19:33:10.990350] STUBBY: *FAILURE* no valid transports or upstreams available!
[19:33:10.990596] STUBBY: *FAILURE* no valid transports or upstreams available!
[19:33:10.990918] STUBBY: *FAILURE* no valid transports or upstreams available!
[19:33:10.991282] STUBBY: *FAILURE* no valid transports or upstreams available!
[19:33:10.992139] STUBBY: *FAILURE* no valid transports or upstreams available!
[19:33:10.992668] STUBBY: *FAILURE* no valid transports or upstreams available!
[19:33:10.993243] STUBBY: *FAILURE* no valid transports or upstreams available!
[19:33:10.993792] STUBBY: *FAILURE* no valid transports or upstreams available!
[19:33:10.994358] STUBBY: *FAILURE* no valid transports or upstreams available!
[19:33:11.786219] STUBBY: *FAILURE* no valid transports or upstreams available!
[19:33:11.786594] STUBBY: *FAILURE* no valid transports or upstreams available!
Time looks to be GMT and I am in Eastern US.

 

[bbunge]

More errors in stubby log
[20:13:56.922915] STUBBY: Read config from file /etc/stubby.yml
[03:11:16.002245] STUBBY: 1.1.1.1 : Upstream : !Backing off TLS on this upstream - Will retry again in 2s at Thu Sep 13 03:11:18 2018
[13:17:08.942299] STUBBY: *FAILURE* no valid transports or upstreams available!
[13:17:08.942644] STUBBY: *FAILURE* no valid transports or upstreams available!
[13:17:08.942883] STUBBY: *FAILURE* no valid transports or upstreams available!
[15:03:42.854243] STUBBY: 1.0.0.1 : Upstream : !Backing off TLS on this upstream - Will retry again in 2s at Thu Sep 13 15:03:44 2018

 

[ColinTaylor]

@bbunge TBH it looks like a problem with the upstream server rather than the router. Is it happening all the time or just for a few seconds? How reliable is your internet connection, does it coincide with a general lack of internet connectivity?

 

[bbunge]

@bbunge TBH it looks like a problem with the upstream server rather than the router. Is it happening all the time or just for a few seconds? How reliable is your internet connection, does it coincide with a general lack of internet connectivity?

Internet connection "normally" quite good. DSL bridged modem. WAN IP refreshes 15 minutes. DNS benchmark shows ISP servers to be fastest followed by Google then Rice University. Cloudflare and Quad9 are a bit slower. Have used Quad9 for some time with no issues. Read about a Stubby memory leak which could be causing issues? Roiter up for 4 days. Thinking of scheduling reboot for middle of night. For now have shut DoT down.

Sent from my P01M using Tapatalk

 

[john9527]

Read about a Stubby memory leak which could be causing issues?

Reference? Only one I could find was fixed in the current release.

But, I also agree with Colin, it's most like server troubles. (my logs have actually been running almost completely clean with the latest changes).

 

[ColinTaylor]

WAN IP refreshes 15 minutes.

Seriously! Every 15 minutes?

 

[bbunge]

Seriously! Every 15 minutes?

Yup Lease Time 15 minutes. Good old CenturyLink DSL!

Sent from my P01M using Tapatalk

 

[ColinTaylor]

Yup Lease Time 15 minutes. Good old CenturyLink DSL!

Does your WAN IP address change frequently? I can imagine that being a possible cause for the errors you're seeing.

 

[RMerlin]

Yup Lease Time 15 minutes. Good old CenturyLink DSL!

Sometimes, I wonder where some ISPs hire their network engineers...

Back in the day, a local major ISP that shall remain unnamed had their mail server configured to notify on delivery errors after 1 hour, and would bounce back after 1 day. The "norm" of the industry is usually warn after 4 hours, and bounce back after 5 days... That same ISP's DNS servers were also completely ignoring record TTLs, causing some changes to take 1-2 days to propagate to their own DNS servers.

Same ISP also ended up on email RBLs a couple of times over the years (last incident was a year or two ago only).

 

[bbunge]

Does your WAN IP address change frequently? I can imagine that being a possible cause for the errors you're seeing.

Sometimes. Usually when I reboot the router. Will have to keep track if it for a while.
Other suggestions? ISP blocking something?

Sent from my P01M using Tapatalk

 

[bbunge]

Sometimes, I wonder where some ISPs hire their network engineers...

Back in the day, a local major ISP that shall remain unnamed had their mail server configured to notify on delivery errors after 1 hour, and would bounce back after 1 day. The "norm" of the industry is usually warn after 4 hours, and bounce back after 5 days... That same ISP's DNS servers were also completely ignoring record TTLs, causing some changes to take 1-2 days to propagate to their own DNS servers.

Same ISP also ended up on email RBLs a couple of times over the years (last incident was a year or two ago only).

Engineer? Two weeks ago I couldn't even spell engineer...today I are one!

Sent from my P01M using Tapatalk