Router: Asus RT-AC5300
Firmware: DD-WRT v3.0-r39855M kongac (05/25/19)
Kernel: Linux 4.4.180 #662 SMP Sat May 25 15:26:57 CEST 2019 armv7l
Previous: stock
Status: Working
Reset: Yes
Errors: All SSIDs set to Security Mode WPA2-PSK but one of the 5 GHZ is broadcasting as WEP
I saw this same issue reported in the new build thread for build 33657M, and it was noted that other builds had it as well.
Is there a solution or a build appropriate for the AC5300 that doesn't have this?
I see the same "issue" where my isp's dns servers are listed in resolv.dnsmasq. But using no-resolv ignores the resolv file as intended. Only server listed in additional dnsmasq options are used.
In fact, running this:
Code:
tcpdump -n -s 1500 -i eth0 udp port 53
I couldn't see any requests to my isp's dns servers. Only the two server's I specified. If you need more proof, you can block your specified DNS servers. I did this (I put Google's servers in the commands here):
Code:
iptables -I INPUT -s 8.8.8.8 -j DROP
iptables -I INPUT -s 8.8.4.4 -j DROP
Running:
Code:
tcpdump -n -s 1500 -i eth0 udp port 53
This shows caused dnsmasq still trying to query both specified server and none of the isp servers. and in theory if it was still using my isp's dns, it should then try to query them, but instead, it led to no internet on my network as no connected devices would get dns results.
Cleaning up after the test was running:
Code:
iptables -D INPUT -s 8.8.8.8 -j DROP
iptables -D INPUT -s 8.8.4.4 -j DROP
Router: Asus RT-AC5300
Firmware: DD-WRT v3.0-r39855M kongac (05/25/19)
Kernel: Linux 4.4.180 #662 SMP Sat May 25 15:26:57 CEST 2019 armv7l
Previous: stock
Status: Working
Reset: Yes
Errors: All SSIDs set to Security Mode WPA2-PSK but one of the 5 GHZ is broadcasting as WEP
I saw this same issue reported in the new build thread for build 33657M, and it was noted that other builds had it as well.
Is there a solution or a build appropriate for the AC5300 that doesn't have this?
Really appreciate the work of the builders.
I am not seeing this on any of my AC5300's. Maybe do an erase nvram or nvram erase
Router ModelAsus RT-AC5300
Firmware Version DD-WRT v3.0-r37900M kongac (12/03/1
Kernel VersionLinux 4.4.166 #616 SMP Mon Dec 3 01:16:12 CET 2018 armv7l
Router ModelAsus RT-AC5300
Firmware Version DD-WRT v3.0-r37900M kongac (12/03/1
Kernel VersionLinux 4.4.166 #616 SMP Mon Dec 3 01:16:12 CET 2018 armv7l
Router ModelAsus RT-AC5300
Firmware Version DD-WRT v3.0-r39715M kongac (05/09/19)
Kernel VersionLinux 4.4.179 #658 SMP Thu May 9 10:24:44 CEST 2019 armv7l
Router ModelAsus RT-AC5300
Firmware Version DD-WRT v3.0-r39345M kongac (04/03/19)
Kernel VersionLinux 4.4.177 #650 SMP Wed Apr 3 20:04:03 CEST 2019 armv7l _________________ Please Fix The Following Bugs:
EOIP Settings not applied automatically after FW upgrade or reboot. http://svn.dd-wrt.com/ticket/4061
The port 80 forwarding bug with out reapplying settings appears to have been fixxed.
Are you using 'all-servers'? That should be the only way it queries all of them at once AFAIK. And I thought a DNS leak would be if it were querying your ISP dns servers... I guess I've misunderstood the problem. Also, checking my E4200 on r39800 BS build, with my current configs, I see no bogus queries, or queries going to ISP dns servers. Yes, whatever you put in static with all-servers is going to be queried. I do not consider that a 'leak', but I can see your point.
Joined: 08 Jun 2010 Posts: 109 Location: New Zealand
Posted: Wed May 29, 2019 3:22 Post subject:
Has anyone tested IPSec on this version to see if it is stil having issues with the 'No such file or directory' error in Syslog? _________________ RT-AX86U MerlinWRT & RT-AC68U DD-WRT
Joined: 18 Mar 2014 Posts: 12917 Location: Netherlands
Posted: Wed May 29, 2019 7:48 Post subject:
@kp69 That is exactly what is going on, my ISP DNSserver is used and I did not want it.
The ISP DNS server is automatically added to the specified DNS servers you specify in Static DNS 1,2,3.
But this is only the case if WAN connection type is set on automatic DHCP, not on static. I have not tested other WAN connection types.
You can just telnet to your router and do:
cat /tmp/resolv.dnsmasq
Mine looks like this (mind you the first three entries are the ones I specified, the fourth is my ISP's which is automatically added):
I do not use any DNSMasq directive. DNSMasq will query all specified DNS server and uses the quickest or if you have specified strict order it will start with using the first one and if it fails the second etc.
So specifying strict order will give you some protection but if all your specified DNS servers fail it will use your ISP's.
@rnio you are absolutely right that DNSSEC is the better choice but it does not always work reliably yet
Regarding VPN, there another form of DNS leak can be possible if you are using PBR.
See my signature, in the Simple-PBR thread there is a paper regarding DNS leaks and how to mitigate that (second post). _________________ Routers:Netgear R7000, R6400v1, R6400v2, EA6900 (XvortexCFE), E2000, E1200v1, WRT54GS v1.
Install guide R6400v2, R6700v3,XR300:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399 Install guide R7800/XR500:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614 Forum Guide Lines (important read):https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087
Joined: 08 May 2018 Posts: 14246 Location: Texas, USA
Posted: Wed May 29, 2019 9:07 Post subject:
@egc,
Fortunately, for me, I have access to my ISP-provided modem/router and have set it in DNS bypass mode and specified OpenDNS servers, and it's firmware doesn't allow for more than those specified in the webUI. The only 'leak' for me is DD-WRT using the OpenDNS servers specified by the ISP hardware config, because of how I've configured it. There are still upstream commits to dnsmasq not present in DD-WRT AFAIK, at least not in BS builds. While the flexibility to specify a larger number of DNS servers is nice, it just seems that this 'feature' is problematic, or the implementation of dnsmasq in DD-WRT is in need of some tweaking to fix this. There are options in FreshTomato to negate this kind of behavior, to explicitly ignore the ISP-provided-via-DHCP DNS server entries, if I am not mistaken. I need to double-check and take a look at that again to verify, but.
Joined: 08 May 2018 Posts: 14246 Location: Texas, USA
Posted: Wed May 29, 2019 9:38 Post subject:
egc wrote:
What you describe: "to explicitly ignore the ISP-provided-via-DHCP DNS server entries" is exactly what I like to be added
I am not 100% sure if the 'no-resolv' custom dnsmasq config directive accomplishes this, but I use it along with 'server=w.x.y.z' entries in the custom config section, which seems to help mitigate the issue. I will look and double-check the FT configs later and verify if I am correct on what I said earlier.
Posted: Thu May 30, 2019 16:54 Post subject: EA6350 V2
Router/Version: Linksys EA6350 v2
Firmware: DD-WRT v3.0-r39855M (05/25/19)
Kernel: Linux 4.4.180 #662 SMP Sat May 25 15:26:57 CEST 2019 armv7l
Previous: DD-WRT v3.0-r39715M kongac (05/09/19 )
Mode/Status: Gateway : Up and running
Reset: yes, "nvram erase" before and after update
Issues/Errors: None so far
Upgrade method: Putty into router and perform "nvram erase" then used web GUI to web flash/ upgrade. Then "nvram erase" again after upgrade. Then re-setup manually. So far so good !
Thank you Kong and BS for all the hard work you do. _________________ WRT54GL v1.1 - Flashed
Linksys WRT54G2 v1 - Flashed
EA6350 v2 - Flashed
Router: Asus RT-AC5300
Firmware: DD-WRT v3.0-r39855M kongac (05/25/19)
Kernel: Linux 4.4.180 #662 SMP Sat May 25 15:26:57 CEST 2019 armv7l
Previous: stock
Status: Working
Reset: Yes
Errors: All SSIDs set to Security Mode WPA2-PSK but one of the 5 GHZ is broadcasting as WEP
I saw this same issue reported in the new build thread for build 33657M, and it was noted that other builds had it as well.
Is there a solution or a build appropriate for the AC5300 that doesn't have this?
Really appreciate the work of the builders.
I am not seeing this on any of my AC5300's. Maybe do an erase nvram or nvram erase
I did another reset and nvram erase, and it didn't resolve anything. I had to shut off the second 5 GHz radio. If I use all three, one of them always shows as WEP.
Looking for an earlier build that hopefully won't have this issue.