Joined: 16 Nov 2015 Posts: 6437 Location: UK, London, just across the river..
Posted: Wed Nov 03, 2021 23:09 Post subject:
o2bad455 wrote:
Thanks Alozaros! Your explanation helped and I'll look into those options.
glad you sorted it...as well you can find good guides at the Sticky's or look at those green and red links in my signature... _________________ Atheros
TP-Link WR740Nv1 ---DD-WRT 55630 WAP
TP-Link WR1043NDv2 -DD-WRT 55723 Gateway/DoT,Forced DNS,Ad-Block,Firewall,x4VLAN,VPN
TP-Link WR1043NDv2 -Gargoyle OS 1.15.x AP,DNS,QoS,Quotas
Qualcomm-Atheros
Netgear XR500 --DD-WRT 55779 Gateway/DoH,Forced DNS,AP Isolation,4VLAN,Ad-Block,Firewall,Vanilla
Netgear R7800 --DD-WRT 55819 Gateway/DoT,AD-Block,Forced DNS,AP&Net Isolation,x3VLAN,Firewall,Vanilla
Netgear R9000 --DD-WRT 55779 Gateway/DoT,AD-Block,AP Isolation,Firewall,Forced DNS,x2VLAN,Vanilla
Broadcom
Netgear R7000 --DD-WRT 55460 Gateway/SmartDNS/DoH,AD-Block,Firewall,Forced DNS,x3VLAN,VPN
NOT USING 5Ghz ANYWHERE
------------------------------------------------------
Stubby DNS over TLS I DNSCrypt v2 by mac913
Yep, there's a lot under the hood here and apparently some slope to the learning curve.
I hadn't looked at DNS in a while, but just noticed that @redhawk0 showed "RFC4039 Rapid Commit support" as enabled, so I gave it a try.
Enabling RFC4039 on current build unexpectedly allowed IPV6 DNS servers that I hadn't seen since intentionally blocking IPV6 (this network is intentionally IPV4-only for now).
Disabling RFC4039 nixed all the IPV6 DNS servers leaving just the IPV4 DNS servers, FWIW. I'm not quite sure what's going on there or if it poses any risk, but I thought I should mention it. _________________ My DD-WRT Routers:
Linksys WRT3200ACM - Marvell
Linksys WRT1900ACS - Marvell
Netgear R9000 - Atheros
Netgear R7000 - Broadcom
PC x86-64 VM - Atheros
Joined: 16 Nov 2015 Posts: 6437 Location: UK, London, just across the river..
Posted: Thu Nov 04, 2021 0:01 Post subject:
RFC4039 is in fact 2 way message exchange instead of the normal 4 way...it speeds up the DHCP, i don't know exactly how it fetches ISP DNS v6 servers along to the DNS config..but as you said it does, it could be a bug..
i don't have it 'on' as im skeptic about it, as well my devices get DHCP quite fast don't need faster...at all.. _________________ Atheros
TP-Link WR740Nv1 ---DD-WRT 55630 WAP
TP-Link WR1043NDv2 -DD-WRT 55723 Gateway/DoT,Forced DNS,Ad-Block,Firewall,x4VLAN,VPN
TP-Link WR1043NDv2 -Gargoyle OS 1.15.x AP,DNS,QoS,Quotas
Qualcomm-Atheros
Netgear XR500 --DD-WRT 55779 Gateway/DoH,Forced DNS,AP Isolation,4VLAN,Ad-Block,Firewall,Vanilla
Netgear R7800 --DD-WRT 55819 Gateway/DoT,AD-Block,Forced DNS,AP&Net Isolation,x3VLAN,Firewall,Vanilla
Netgear R9000 --DD-WRT 55779 Gateway/DoT,AD-Block,AP Isolation,Firewall,Forced DNS,x2VLAN,Vanilla
Broadcom
Netgear R7000 --DD-WRT 55460 Gateway/SmartDNS/DoH,AD-Block,Firewall,Forced DNS,x3VLAN,VPN
NOT USING 5Ghz ANYWHERE
------------------------------------------------------
Stubby DNS over TLS I DNSCrypt v2 by mac913
I see a typo where "no resolv" should be "no-resolv". Hopefully it's just in your post, but I think it could be an issue if also in your config.
GENERAL QUESTION: When usisng DNSmasq, how can I list the current DNS server IPs? That is, not just the one currently in use but any that could be used (such as if my provider managed to reinsert theirs)? Online checks (e.g., ipleak.net) only seem to catch those recently used. The hypothetical scenario would be if ALL of those momentarily failed (and not even all of my server= are shown), what are the other possibilities potentially available to the router for fallback? Is there any single file or buffer that lists them all, or perhaps a small collection of files and buffers that could be dumped?
I'm check configuration in GUI and there is OK. I have "no-resolv" value. I have 8.8.8.8 DNS resolver in configuration. When I'm make test via DNSLEAK online service there it was many servers located in Warsaw (Poland is my country). Probably it's situation where all that servers try to translate data of domain and router sudddenly is flood. Presumably it is, because when issue is active I have always 100% cpu usage. Currently I will continue to observe my device. Issue is still actual. I'm stay on 47608 DD-WRT build.
Joined: 16 Nov 2015 Posts: 6437 Location: UK, London, just across the river..
Posted: Thu Nov 04, 2021 15:10 Post subject:
kernel-panic69 wrote:
You're going to continue to have problems if you rely on only one dns server / resolver. I don't know how much clearer it can be explained to you.
thommy181 yep this is true...its advised to have more than 1, its
a good practice to have 3,4,5,6 it wont hurt..unless those are contradicting each other with web filtering...
try to use 8.8.8.8 and 1.1.1.1
personally i avoid 8.8.8.8 for a reason...and i know lots of ppl, that do the same...
the reason you see many results in dnsleak test is because 8.8.8.8 is using transponders/ local servers in your location that are directly connected to 8.8.8.8 because you are not close enough...
https://www.lifewire.com/free-and-public-dns-servers-2626062 _________________ Atheros
TP-Link WR740Nv1 ---DD-WRT 55630 WAP
TP-Link WR1043NDv2 -DD-WRT 55723 Gateway/DoT,Forced DNS,Ad-Block,Firewall,x4VLAN,VPN
TP-Link WR1043NDv2 -Gargoyle OS 1.15.x AP,DNS,QoS,Quotas
Qualcomm-Atheros
Netgear XR500 --DD-WRT 55779 Gateway/DoH,Forced DNS,AP Isolation,4VLAN,Ad-Block,Firewall,Vanilla
Netgear R7800 --DD-WRT 55819 Gateway/DoT,AD-Block,Forced DNS,AP&Net Isolation,x3VLAN,Firewall,Vanilla
Netgear R9000 --DD-WRT 55779 Gateway/DoT,AD-Block,AP Isolation,Firewall,Forced DNS,x2VLAN,Vanilla
Broadcom
Netgear R7000 --DD-WRT 55460 Gateway/SmartDNS/DoH,AD-Block,Firewall,Forced DNS,x3VLAN,VPN
NOT USING 5Ghz ANYWHERE
------------------------------------------------------
Stubby DNS over TLS I DNSCrypt v2 by mac913
Seems like my problem was indeed a combination of strict-order with all-servers. Which is weird because it worked on an older build.
Anyways, seems to be fixed.