wLan clients constantly DNS blackholed or blocked entierly

Post new topic   Reply to topic    DD-WRT Forum Index -> Marvell MVEBU based Hardware (WRT1900AC etc.)
Goto page Previous  1, 2
Author Message
Monza
DD-WRT User


Joined: 01 Jul 2018
Posts: 438

PostPosted: Thu Apr 28, 2022 10:52    Post subject: Reply with quote
egc wrote:
What you now are doing seems confusing (at least to me)


Having posted my setup many times this is the first someone has commented, thanks for the info. I won't post flawed setup again. Sorry.

What's sad is my setup was from reading setups on this forum over the years and it "seems" to be working as my clients show my static servers for DNS.
Sponsor
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 12834
Location: Netherlands

PostPosted: Thu Apr 28, 2022 11:25    Post subject: Reply with quote
It is very useful you posted settings, it gives us the opportunity to review and help Smile

and yes it works as outlined in my comment but if you want to use DNSMasq for DNS resolving (i.e. hand out the routers address as DNS server to your LAN clients then I suggest you remove the entry in the Additional DNSmasq options.

You can keep Forced DNS redirection enabled to capture rogue clients but you do not have to.
As rogue clients often use DoT or DoH it is less useful then it used to be.

If you are interested in stopping rogue DNS clients then the IPSET guide (sticky in the Advanced Networking forum) has a paragraph about it Smile

So thank you for posting

_________________
Routers:Netgear R7000, R6400v1, R6400v2, EA6900 (XvortexCFE), E2000, E1200v1, WRT54GS v1.
Install guide R6400v2, R6700v3,XR300:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
Install guide R7800/XR500: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Forum Guide Lines (important read):https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087
SurprisedItWorks
DD-WRT Guru


Joined: 04 Aug 2018
Posts: 1444
Location: Appalachian mountains, USA

PostPosted: Fri Apr 29, 2022 3:06    Post subject: Reply with quote
Regarding checking what channels are used by neighbors at what signal strength (RSSI in dBm so less negative = stronger), the AirPort app for iOS is occasionally useful, but if you have dd-wrt up, a better option is the Status tab, Wireless subtab, then the Site Survey button at the bottom. Before you click it, set the interface drop down near the top of the page at either wlan0 or wlan1 to indicate which band you want data for. After clicking, you get a nice popup window with a ton of info. Click a heading to sort by that heading.

From what you say, you likely have strong neighbor signals on all 2.4GHz channels, but you never know. Sort by RSSI and see if perhaps one or two neighbor signals are real whoppers!

Also, until you get things at least basically working, stick to WPA2 Personal with AES security. Various readers have experimented with WPA3 in these WRT Marvell routers and found it not to work together with WPA2 or WPA2 clients. My own experiments were less thorough but pointed to the same conclusion: stick to WPA2 Personal. Likewise to stick with what works for nearly everyone, use DNSMasq for DNS. Once that works, current builds have a working "Encrypt DNS" menu item for Adguard. (I find Adguard pitifully slow though, though YMMV esp because location.)

_________________
2x Netgear XR500 and 3x Linksys WRT1900ACSv2 on 53544: VLANs, VAPs, NAS, station mode, OpenVPN client (AirVPN), wireguard server (AirVPN port forward) and clients (AzireVPN, AirVPN, private), 3 DNSCrypt providers via VPN.
Goto page Previous  1, 2 Display posts from previous:    Page 2 of 2
Post new topic   Reply to topic    DD-WRT Forum Index -> Marvell MVEBU based Hardware (WRT1900AC etc.) All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum