dave14305
Part of the Furniture
Yes, I read it wrong.Sorry for the confusion, just wanted to say that wired LAN and WLAN leads to the same results.
Yes, I read it wrong.Sorry for the confusion, just wanted to say that wired LAN and WLAN leads to the same results.
What services are you using on your router?Seems that you are digging in the right direction... I suppose that is not good!Code:Administrator@RT-AC86U-6A50:/tmp/home/root# cat /etc/dnsmasq cat: can't open '/etc/dnsmasq': No such file or directory
Code:Administrator@RT-AC86U-6A50:/tmp/home/root# unbound-control stats_noreset thread0.num.queries=907 thread0.num.queries_ip_ratelimited=0 thread0.num.cachehits=651 thread0.num.cachemiss=256 thread0.num.prefetch=133 thread0.num.expired=123 thread0.num.recursivereplies=256 thread0.requestlist.avg=0.730077 thread0.requestlist.max=13 thread0.requestlist.overwritten=0 thread0.requestlist.exceeded=0 thread0.requestlist.current.all=0 thread0.requestlist.current.user=0 thread0.recursion.time.avg=0.148862 thread0.recursion.time.median=0.0988241 thread0.tcpusage=0 total.num.queries=907 total.num.queries_ip_ratelimited=0 total.num.cachehits=651 total.num.cachemiss=256 total.num.prefetch=133 total.num.expired=123 total.num.recursivereplies=256 total.requestlist.avg=0.730077 total.requestlist.max=13 total.requestlist.overwritten=0 total.requestlist.exceeded=0 total.requestlist.current.all=0 total.requestlist.current.user=0 total.recursion.time.avg=0.148862 total.recursion.time.median=0.0988241 total.tcpusage=0 time.now=1586818917.326824 time.up=10561.863618 time.elapsed=10561.863618 mem.cache.rrset=1131671 mem.cache.message=310091 mem.mod.iterator=16556 mem.mod.validator=119271 mem.mod.respip=0 mem.streamwait=0 histogram.000000.000000.to.000000.000001=17 histogram.000000.000001.to.000000.000002=0 histogram.000000.000002.to.000000.000004=0 histogram.000000.000004.to.000000.000008=0 histogram.000000.000008.to.000000.000016=0 histogram.000000.000016.to.000000.000032=0 histogram.000000.000032.to.000000.000064=0 histogram.000000.000064.to.000000.000128=0 histogram.000000.000128.to.000000.000256=0 histogram.000000.000256.to.000000.000512=0 histogram.000000.000512.to.000000.001024=0 histogram.000000.001024.to.000000.002048=0 histogram.000000.002048.to.000000.004096=0 histogram.000000.004096.to.000000.008192=0 histogram.000000.008192.to.000000.016384=0 histogram.000000.016384.to.000000.032768=30 histogram.000000.032768.to.000000.065536=49 histogram.000000.065536.to.000000.131072=63 histogram.000000.131072.to.000000.262144=61 histogram.000000.262144.to.000000.524288=26 histogram.000000.524288.to.000001.000000=7 histogram.000001.000000.to.000002.000000=3 histogram.000002.000000.to.000004.000000=0 histogram.000004.000000.to.000008.000000=0 histogram.000008.000000.to.000016.000000=0 histogram.000016.000000.to.000032.000000=0 histogram.000032.000000.to.000064.000000=0 histogram.000064.000000.to.000128.000000=0 histogram.000128.000000.to.000256.000000=0 histogram.000256.000000.to.000512.000000=0 histogram.000512.000000.to.001024.000000=0 histogram.001024.000000.to.002048.000000=0 histogram.002048.000000.to.004096.000000=0 histogram.004096.000000.to.008192.000000=0 histogram.008192.000000.to.016384.000000=0 histogram.016384.000000.to.032768.000000=0 histogram.032768.000000.to.065536.000000=0 histogram.065536.000000.to.131072.000000=0 histogram.131072.000000.to.262144.000000=0 histogram.262144.000000.to.524288.000000=0 num.query.type.A=897 num.query.type.SOA=3 num.query.type.PTR=5 num.query.type.TXT=1 num.query.type.AAAA=1 num.query.class.IN=907 num.query.opcode.QUERY=907 num.query.tcp=0 num.query.tcpout=17 num.query.tls=0 num.query.tls.resume=0 num.query.ipv6=0 num.query.flags.QR=0 num.query.flags.AA=0 num.query.flags.TC=0 num.query.flags.RD=907 num.query.flags.RA=0 num.query.flags.Z=0 num.query.flags.AD=61 num.query.flags.CD=0 num.query.edns.present=61 num.query.edns.DO=0 num.answer.rcode.NOERROR=553 num.answer.rcode.FORMERR=0 num.answer.rcode.SERVFAIL=0 num.answer.rcode.NXDOMAIN=707 num.answer.rcode.NOTIMPL=0 num.answer.rcode.REFUSED=0 num.answer.rcode.nodata=3 num.query.ratelimited=0 num.answer.secure=48 num.answer.bogus=0 num.rrset.bogus=0 num.query.aggressive.NOERROR=0 num.query.aggressive.NXDOMAIN=0 unwanted.queries=0 unwanted.replies=0 msg.cache.count=1023 rrset.cache.count=4053 infra.cache.count=680 key.cache.count=143 num.query.authzone.up=5 num.query.authzone.down=0
Sorry for the confusion, just wanted to say that wired LAN and WLAN leads to the same results.
Nothing special - is this something that has to be installed separately?What services are you using on your router?
unbound and skynetWhat services are you using on your router?
I need to know which services are enabled on your router, amtm and entware.Nothing special - is this something that has to be installed separately?
I need to check your dnsmasq.unbound and skynet
RouterI need to know which services are enabled on your router, amtm and entware.
- 1x VPN Client
- 2x VPN Server
amtm 3.1.6 FW by thelonelycoder
RT-AC86U (aarch64) FW-384.16 @ 192.168.1.1
The Asuswrt-Merlin Terminal Menu
2 open Skynet v7.1.5
7 open unbound Manager v3.02
j3 open scMerlin v1.0.5
ep manage Entware packages
sw manage Swap file /mnt/Merlin 2.0G
i show all available scripts or tools
u check for script updates
amtm options
e exit t theme r reset a about
_____________________________________________
Enter option
List of installed Entware packages (85)
bind-dig - 9.14.8-1 opkg - 2019-06-14-dcbc142e-2
bind-libs - 9.14.8-1 procps-ng - 3.3.15-4
ca-bundle - 20190110-2 procps-ng-pgrep - 3.3.15-4
column - 2.35.1-1 python-pip-conf - 0.1-1
diffutils - 3.7-2 python3 - 3.8.1-2
entware-opt - 227000-3 python3-asyncio - 3.8.1-2
entware-release - 1.0-2 python3-base - 3.8.1-2
entware-upgrade - 1.0-1 python3-cgi - 3.8.1-2
findutils - 4.7.0-1 python3-cgitb - 3.8.1-2
git - 2.25.1-1 python3-codecs - 3.8.1-2
git-http - 2.25.1-1 python3-ctypes - 3.8.1-2
grep - 3.4-1 python3-dbm - 3.8.1-2
haveged - 1.9.8-2 python3-decimal - 3.8.1-2
htop - 2.2.0-2 python3-distutils - 3.8.1-2
iputils-ping - 20190709-1a python3-email - 3.8.1-2
libatomic - 8.3.0-9 python3-gdbm - 3.8.1-2
libbz2 - 1.0.8-1 python3-light - 3.8.1-2
libc - 2.27-9 python3-logging - 3.8.1-2
libcurl - 7.69.0-1 python3-lzma - 3.8.1-2
libdb47 - 4.7.25.4.NC-5 python3-multiprocessing - 3.8.1-2
libedit - 20191025-3.1-1 python3-ncurses - 3.8.1-2
libexpat - 2.2.9-1 python3-openssl - 3.8.1-2
libffi - 3.2.1-4 python3-pip - 19.2.3-1
libgcc - 8.3.0-9 python3-pkg-resources - 41.2.0-1
libgdbm - 1.18.1-1 python3-pydoc - 3.8.1-2
libhavege - 1.9.8-2 python3-setuptools - 41.2.0-1
liblzma - 5.2.4-5 python3-sqlite3 - 3.8.1-2
libncurses - 6.2-1 python3-unittest - 3.8.1-2
libncursesw - 6.2-1 python3-urllib - 3.8.1-2
libopenssl - 1.1.1d-2 python3-xml - 3.8.1-2
libopenssl-conf - 1.1.1d-2 sqlite3-cli - 3310100-1
libpcre - 8.43-2 sudo - 1.8.31-1
libpthread - 2.27-9 terminfo - 6.2-1
librt - 2.27-9 unbound-anchor - 1.10.0-2
libsmartcols - 2.35.1-1 unbound-checkconf - 1.10.0-2
libsqlite3 - 3310100-1 unbound-control - 1.10.0-2
libssp - 8.3.0-9 unbound-daemon - 1.10.0-2
libstdcpp - 8.3.0-9 unzip - 6.0-8
libtirpc - 1.2.5-2 wget - 1.20.3-3
libunbound-light - 1.10.0-2 zlib - 1.2.11-3
libuuid - 2.35.1-1 zoneinfo-asia - 2019c-1
libxml2 - 2.9.10-1 zoneinfo-europe - 2019c-1
locales - 2.27-9
Entware Apps installed in /opt/bin/ (50)
ash git-shell pip3.8
chardetect git-upload-archive procps-ng-pgrep
cmp git-upload-pack python3
coloredlogs grep python3.8
column htop sdiff
diff humanfriendly sh
diff3 locale.new sqlite3
dig localedef.new sudo
easy_install netstat unbound_manager
easy_install-3 openpyn unzip
easy_install-3.8 openpyn-management unzipsfx
egrep pgrep wget
fgrep ping wget-ssl
find ping4 xargs
funzip ping6 zipgrep
git pip zipinfo
git-receive-pack pip3
Non-Entware Scripts installed in /opt/bin/ (1)
firewall (Skynet)
Entware Apps installed in /opt/sbin/ (8)
haveged unbound unbound-control
ifconfig unbound-anchor visudo
route unbound-checkconf
Very well. Excellent feedback. I found your problem: VPN. I found that it uses the unbound_manager script. I recommend looking for support in the script topic. unbound_managerRouter
Code:- 1x VPN Client - 2x VPN Server
amtm:
Code:amtm 3.1.6 FW by thelonelycoder RT-AC86U (aarch64) FW-384.16 @ 192.168.1.1 The Asuswrt-Merlin Terminal Menu 2 open Skynet v7.1.5 7 open unbound Manager v3.02 j3 open scMerlin v1.0.5 ep manage Entware packages sw manage Swap file /mnt/Merlin 2.0G i show all available scripts or tools u check for script updates amtm options e exit t theme r reset a about _____________________________________________ Enter option
entware:
Code:List of installed Entware packages (85) bind-dig - 9.14.8-1 opkg - 2019-06-14-dcbc142e-2 bind-libs - 9.14.8-1 procps-ng - 3.3.15-4 ca-bundle - 20190110-2 procps-ng-pgrep - 3.3.15-4 column - 2.35.1-1 python-pip-conf - 0.1-1 diffutils - 3.7-2 python3 - 3.8.1-2 entware-opt - 227000-3 python3-asyncio - 3.8.1-2 entware-release - 1.0-2 python3-base - 3.8.1-2 entware-upgrade - 1.0-1 python3-cgi - 3.8.1-2 findutils - 4.7.0-1 python3-cgitb - 3.8.1-2 git - 2.25.1-1 python3-codecs - 3.8.1-2 git-http - 2.25.1-1 python3-ctypes - 3.8.1-2 grep - 3.4-1 python3-dbm - 3.8.1-2 haveged - 1.9.8-2 python3-decimal - 3.8.1-2 htop - 2.2.0-2 python3-distutils - 3.8.1-2 iputils-ping - 20190709-1a python3-email - 3.8.1-2 libatomic - 8.3.0-9 python3-gdbm - 3.8.1-2 libbz2 - 1.0.8-1 python3-light - 3.8.1-2 libc - 2.27-9 python3-logging - 3.8.1-2 libcurl - 7.69.0-1 python3-lzma - 3.8.1-2 libdb47 - 4.7.25.4.NC-5 python3-multiprocessing - 3.8.1-2 libedit - 20191025-3.1-1 python3-ncurses - 3.8.1-2 libexpat - 2.2.9-1 python3-openssl - 3.8.1-2 libffi - 3.2.1-4 python3-pip - 19.2.3-1 libgcc - 8.3.0-9 python3-pkg-resources - 41.2.0-1 libgdbm - 1.18.1-1 python3-pydoc - 3.8.1-2 libhavege - 1.9.8-2 python3-setuptools - 41.2.0-1 liblzma - 5.2.4-5 python3-sqlite3 - 3.8.1-2 libncurses - 6.2-1 python3-unittest - 3.8.1-2 libncursesw - 6.2-1 python3-urllib - 3.8.1-2 libopenssl - 1.1.1d-2 python3-xml - 3.8.1-2 libopenssl-conf - 1.1.1d-2 sqlite3-cli - 3310100-1 libpcre - 8.43-2 sudo - 1.8.31-1 libpthread - 2.27-9 terminfo - 6.2-1 librt - 2.27-9 unbound-anchor - 1.10.0-2 libsmartcols - 2.35.1-1 unbound-checkconf - 1.10.0-2 libsqlite3 - 3310100-1 unbound-control - 1.10.0-2 libssp - 8.3.0-9 unbound-daemon - 1.10.0-2 libstdcpp - 8.3.0-9 unzip - 6.0-8 libtirpc - 1.2.5-2 wget - 1.20.3-3 libunbound-light - 1.10.0-2 zlib - 1.2.11-3 libuuid - 2.35.1-1 zoneinfo-asia - 2019c-1 libxml2 - 2.9.10-1 zoneinfo-europe - 2019c-1 locales - 2.27-9 Entware Apps installed in /opt/bin/ (50) ash git-shell pip3.8 chardetect git-upload-archive procps-ng-pgrep cmp git-upload-pack python3 coloredlogs grep python3.8 column htop sdiff diff humanfriendly sh diff3 locale.new sqlite3 dig localedef.new sudo easy_install netstat unbound_manager easy_install-3 openpyn unzip easy_install-3.8 openpyn-management unzipsfx egrep pgrep wget fgrep ping wget-ssl find ping4 xargs funzip ping6 zipgrep git pip zipinfo git-receive-pack pip3 Non-Entware Scripts installed in /opt/bin/ (1) firewall (Skynet) Entware Apps installed in /opt/sbin/ (8) haveged unbound unbound-control ifconfig unbound-anchor visudo route unbound-checkconf
Thank you rgnido for you advice. I still don't understand how you came to this conclusion but I will try to dig in this direction. I plan to setup the router and all the installed stuff completely from Zero again. Just to avoid too much effort based on a bad configuration. Thanks again!Very well. Excellent feedback. I found your problem: VPN. I found that it uses the unbound_manager script. I recommend looking for support in the script topic. unbound_manager
What response do you get if you lookup router.asus.com from the Mac? That would answer straight from dnsmasq without forwarding to unbound.Thank you rgnido for you advice. I still don't understand how you came to this conclusion but I will try to dig in this direction. I plan to setup the router and all the installed stuff completely from Zero again. Just to avoid too much effort based on a bad configuration. Thanks again!
Notice that we had discussed in another post.I still don't understand how you came to this conclusion
It shows directly the Login-Screen of the router (http://router.asus.com/Main_Login.asp), so I assume the dnsmasq is working properly?What response do you get if you lookup router.asus.com from the Mac? That would answer straight from dnsmasq without forwarding to unbound.
I deactivated the VPN (told the IP 192.168.1.15 to choose WAN instead if VPN within the GUI). My real IP was shown in IP-leak test and DNS leak test. But I still get the same query time at about 95-100msec.Notice that we had discussed in another post.
The dns resolver must communicate with the VPN provider's dns in order for the local query cache to exist.
If you use a VPN client, you must inform the unbound credentials. Your unbound is communicating with root servers only.
In a sinulation without unbound, only with dnsmasq:
the VPN dns will be read by the file /tmp/resolv.dnsmasq and will be cached with the option cache-size=1500.
Try to ping your router from your mac.
What's the response time?
Christians-MacBook-Pro:~ chris$ ping 192.168.1.1
PING 192.168.1.1 (192.168.1.1): 56 data bytes
64 bytes from 192.168.1.1: icmp_seq=0 ttl=64 time=0.275 ms
64 bytes from 192.168.1.1: icmp_seq=1 ttl=64 time=0.492 ms
64 bytes from 192.168.1.1: icmp_seq=2 ttl=64 time=0.391 ms
64 bytes from 192.168.1.1: icmp_seq=3 ttl=64 time=0.555 ms
64 bytes from 192.168.1.1: icmp_seq=4 ttl=64 time=0.516 ms
64 bytes from 192.168.1.1: icmp_seq=5 ttl=64 time=0.397 ms
^C
--- 192.168.1.1 ping statistics ---
6 packets transmitted, 6 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 0.275/0.438/0.555/0.094 ms
; <<>> DiG 9.10.6 <<>> www.google.de
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 36921
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1452
;; QUESTION SECTION:
;www.google.de. IN A
;; ANSWER SECTION:
www.google.de. 236 IN A 216.58.207.35
;; Query time: 101 msec
;; SERVER: 192.168.1.1#53(192.168.1.1)
;; WHEN: Tue Apr 14 11:50:07 CEST 2020
;; MSG SIZE rcvd: 71
I’m interested in the dig response time.It shows directly the Login-Screen of the router (http://router.asus.com/Main_Login.asp), so I assume the dnsmasq is working properly?
There is really something wrong. In an environment of correct confirmation the return is this:without any addition software I executed the dig command in the terminal again:
~ % dig github.com
; <<>> DiG 9.10.6 <<>> github.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 32057
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;github.com. IN A
;; ANSWER SECTION:
github.com. 60 IN A 18.228.67.229
;; Query time: 554 msec
;; SERVER: 2804:4474:201:bf00::1#53(2804:4474:201:bf00::1)
;; WHEN: Tue Apr 14 08:24:10 -03 2020
;; MSG SIZE rcvd: 55
~ % dig github.com
; <<>> DiG 9.10.6 <<>> github.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 35729
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;github.com. IN A
;; ANSWER SECTION:
github.com. 57 IN A 18.228.67.229
;; Query time: 4 msec
;; SERVER: 2804:4474:201:bf00::1#53(2804:4474:201:bf00::1)
;; WHEN: Tue Apr 14 08:24:13 -03 2020
;; MSG SIZE rcvd: 55
~ % dig github.com ANY
; <<>> DiG 9.10.6 <<>> github.com ANY
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 14132
;; flags: qr rd ra; QUERY: 1, ANSWER: 20, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;github.com. IN ANY
;; ANSWER SECTION:
github.com. 51 IN A 18.231.5.6
github.com. 891 IN NS ns-1707.awsdns-21.co.uk.
github.com. 891 IN NS ns-421.awsdns-52.com.
github.com. 891 IN NS ns-520.awsdns-01.net.
github.com. 891 IN NS ns1.p16.dynect.net.
github.com. 891 IN NS ns2.p16.dynect.net.
github.com. 891 IN NS ns3.p16.dynect.net.
github.com. 891 IN NS ns4.p16.dynect.net.
github.com. 891 IN NS ns-1283.awsdns-32.org.
github.com. 891 IN SOA ns-1707.awsdns-21.co.uk. awsdns-hostmaster.amazon.com. 1 7200 900 1209600 86400
github.com. 3591 IN MX 1 aspmx.l.google.com.
github.com. 3591 IN MX 10 alt3.aspmx.l.google.com.
github.com. 3591 IN MX 10 alt4.aspmx.l.google.com.
github.com. 3591 IN MX 5 alt1.aspmx.l.google.com.
github.com. 3591 IN MX 5 alt2.aspmx.l.google.com.
github.com. 3591 IN TXT "MS=6BF03E6AF5CB689E315FB6199603BABF2C88D805"
github.com. 3591 IN TXT "MS=ms44452932"
github.com. 3591 IN TXT "MS=ms58704441"
github.com. 3591 IN TXT "docusign=087098e3-3d46-47b7-9b4e-8a23028154cd"
github.com. 3591 IN TXT "v=spf1 ip4:192.30.252.0/22 ip4:208.74.204.0/22 ip4:46.19.168.0/23 include:_spf.google.com include:esp.github.com include:_spf.createsend.com include:servers.mcsv.net ~all"
;; Query time: 4 msec
;; SERVER: 2804:4474:201:bf00::1#53(2804:4474:201:bf00::1)
;; WHEN: Tue Apr 14 08:26:13 -03 2020
;; MSG SIZE rcvd: 800
I’m interested in the dig response time.
Christians-MacBook-Pro:~ chris$ dig router.asus.com
; <<>> DiG 9.10.6 <<>> router.asus.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 23665
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;router.asus.com. IN A
;; ANSWER SECTION:
router.asus.com. 0 IN A 192.168.1.1
;; Query time: 105 msec
;; SERVER: 192.168.1.1#53(192.168.1.1)
;; WHEN: Tue Apr 14 13:40:52 CEST 2020
;; MSG SIZE rcvd: 60
There is really something wrong. In an environment of correct confirmation the return is this:
On terminal LAN:
Christians-MacBook-Pro:~ chris$ dig github.com
; <<>> DiG 9.10.6 <<>> github.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 36462
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1472
;; QUESTION SECTION:
;github.com. IN A
;; ANSWER SECTION:
github.com. 738 IN A 140.82.118.3
;; Query time: 93 msec
;; SERVER: 192.168.1.1#53(192.168.1.1)
;; WHEN: Tue Apr 14 13:52:06 CEST 2020
;; MSG SIZE rcvd: 55
I am not able to execute this command.dig github.com ANY
Welcome To SNBForums
SNBForums is a community for anyone who wants to learn about or discuss the latest in wireless routers, network storage and the ins and outs of building and maintaining a small network.
If you'd like to post a question, simply register and have at it!
While you're at it, please check out SmallNetBuilder for product reviews and our famous Router Charts, Ranker and plenty more!