Posted: Tue Apr 26, 2022 21:53 Post subject: wLan clients constantly DNS blackholed or blocked entierly
I have a bit of a problem with my Linksys WRT3200ACM. It’s running the latest DD-WRT v3.0-r48741 std (04/26/22).
All wired connections have never experienced any issues. They continue to operate 100% normally.
All wireless connections get constantly DNS blackholed. IP address are still reachable, all DNS collapses within 1-12 hours. This has been happening for the last several years, the only resolution is to move in and out of airplane mode several times until it’s resolved. God forbid if one of my wireless bridges can’t reconnect… despite the problem being on the remote bridge, for some bizarre reason it’s only fixable by rebooting the router.
In an attempt to fix all of these bizarre issues, I now made it worse: all wireless clients have connectivity to the router in the first place for only the first 5 minutes after the router boots up. After that point, they all get kicked off and are unable to reconnect to the wireless network. Only restarting the router allows them to reconnect, again only for 5 or so minutes.
I am looking for a guide that will allow me to properly set up wireless on my router. Preferably a guide that also deals with WPA3 and compatibility with WPA2 clients, encrypted DNS, and so forth.
I have tried to find resources myself, but most anything I am finding is many years if not decades old, and sometimes even still references WPA2 as “new technology that your device may not be able to connect to”.
Please understand, I am massively frustrated. I have been working with computers since 1982, on the Internet since 1988, on the Web since 1992 and in the IT industry (including doing networking!) since 1998. Somehow, setting up a secure and functional router should not be this bloody hard.
As a background, here are a few details:
I have resources on this network that require a fair amount of IP assignment via MAC address.
No IPv6 in place, as my ISP makes use of incompatible tech for static IP addresses (Telus is stuck in the 90s when it comes to SOHO).
wLan0 (5Ghz) is AP, AC/N, VHT80, auto channel, channel overlapping disabled.
wLan1 (2.4Ghz) is AP, N/G, HT40, auto channel, TurboQAM disabled.
wLan2 is disabled, DD-WRT is unable to utilize it.
I would like to employ both WPA2 and WPA3. Not all of my wireless devices will support WPA3.
I would like to force DNS redirection to AdBlock DNS servers, to protect anything on the network. Right now I have them manually set up on the first settings tab, not using DNSMasq options (see below).
I would like to set up encrypted DNS via DNSMasq, but every time I have done so I have DNS Blackholed EVERYTHING on my network, sometimes instantly, frequently within 5 hours or so. Reboots of the router do not have any effect - this is permanent until I turn that feature off. The only DNSMasq setting that does not kill all DNS is the first one - simply turning it on so it can handle all DNS requests by internal devices.
Any other questions, please ask. _________________ I am a simple man; my complexity evolves from multitudes.
The wireless is very specific for your router model so I will transfer this thread to the Marvell forum.
Thank you!
egc wrote:
I do not have your router but autochannel is usually a bad idea try with a fixed channel.
That is gonna need more of an explanation for me. I don’t live in an Apartment anymore, but I still see 15+ wireless networks in my area. Shouldn’t autochannel be the default so that the router can find the clearest space available? I thought that autochannel is what allows the router to find, on its own, the clearest channel to work off of. _________________ I am a simple man; my complexity evolves from multitudes.
Apple removed it from their store long ago. Speaking of open source, Marvell sold all WiFi/BT assets to NXP.
Wireless bugs likely to forever remain, smart switches, IoT home automation, doorbells wreaking havoc etc.
Some Marvell WRT users do use WPA3, maybe someone will chime in, but hey no guarantees or use search.
You mention wireless bridge, unspecified models, client bridge? If not WDS this is not a true wireless bridge.
A suggestion to disable all radios completely instead use ethernet, access points or replace router hardware.
For DNS that's a whole can of worms in itself, and I'm sure anyone who is willing to go down that rabbit hole
will need all the details to reproduce, or at least enough information to identify possible configuration issues.
@rekabis, it is my pleasure to let me share my idea for you.
I have WRT1900ACS V1 which firmware is same v3.0-r48741 std (04/26/22).
My WRT1900ACS WiFi both channels on openwrt 21.02.X are always unstable, and DDWRT is unique wonderful solution.
For DNS, I combined unbound and dnsmasq bcz I did not see your configuration.
my unbound is on forward-addr: 45.91.92.121@853#dot-ch.blahdns.com and forward-addr:193.29.62.196@853#dot.chi.ahadns.net (It is in Chicago with oisd.nl, adblock dns, of coz, you can setup a huge private huge blocking host file over 20MiB as below, because the 511836KiB memory and free 430244 KiB)
My dnsmasq included conf-file=/jffs/etc/P, and some content in P is below
address=/zzztube.com/#
address=/zztube.com/#
address=/zzpornpics.com/#
address=/zzgays.com/#
address=/zzcartoon.com/#
address=/zzbabes.com/#
...
It is only for blocking porn and other.
There is an "AirPort Utility" app, maybe is easy way to monitor un-crowded WiFi channels. and Yes, my Apple device IP is setting MAC randomization turned on.
Bcz my home is in an appartment buidling, there are over 30 SSIDs and very crowded .... Then I chose wlan0 on AC/N VHT80 52-5260MHz UU (+6) 20dBm which I think it should be Not occupied on your zone too. And wlan1 N-only on CH13 Full20MHz only 5dBm (be attention of CH13 and TX power), do not use Dynamic or Wide HT. So my meaning is that all my live WiFi channel is only my family using.
If you like, you can contact me. I had been an IT manager too, but I still cannot find a JOB in IT in Montreal. That is Frenzh zone.
Joined: 18 Mar 2014 Posts: 12904 Location: Netherlands
Posted: Thu Apr 28, 2022 6:18 Post subject:
@Monza your DNS settings have me a bit confused.
If I read it right you are enabling DNSMasq for DNS that means the router will hand out its own address as DNS server to the LAN clients.
LAN clients will thus query DNSMasq on the router which either has the DNS address already in its cache and if not will query upstream servers in Static DNS 1,2,3
However in your DNSMasq options I see dhcp-option=6,[DNS servers]
As far as I know that will send these DNS servers to the client instead of the routers address and so you are not using DNSMasq at all.
It is OK if you do not want to use DNSMasq but then just simply disable DNSMasq for DNS in the GUI and DNSMasq will then send the DNS servers from static DNS 1,2,3 to the LAN clients so no need to do it in additional DNSMasq options.
What you now are doing seems confusing (at least to me)
Edit:
I just saw you have Forced DNS redirection enabled which intercepts all DNS queries (on port 53) and reroutes them to the router again.
So you first want to hand out the routers address as DNS server then you override this with dhcp-option 6 then you override this with Forced DNS redirection.
If that is what you want then okidoki _________________ Routers:Netgear R7000, R6400v1, R6400v2, EA6900 (XvortexCFE), E2000, E1200v1, WRT54GS v1.
Install guide R6400v2, R6700v3,XR300:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399 Install guide R7800/XR500:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614 Forum Guide Lines (important read):https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087
Edit:
I just saw you have Forced DNS redirection enabled which intercepts all DNS queries (on port 53) and reroutes them to the router again.
So you first want to hand out the routers address as DNS server then you override this with dhcp-option 6 then you override this with Forced DNS redirection.
If that is what you want then okidoki