New Build - 11/09/2022 - r50841

Post new topic   Reply to topic    DD-WRT Forum Index -> Broadcom SoC based Hardware
Goto page Previous  1, 2, 3, 4, 5, 6, 7  Next
Author Message
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 12837
Location: Netherlands

PostPosted: Thu Nov 10, 2022 9:55    Post subject: Reply with quote
First of all thanks @ho1Aetoo for you work and careful analysis

I think we agree to lift the ban for dnscrypt.
(and in the process add SmartDNS to service which needs to restart if time is changing )

I think we also have to carefully look at the default NTP servers, suggestion from my side:
Code:
pool.ntp.org time.google.com 212.18.3.19 216.239.35.0


and if you use secure DNS then in additional DNSMasq options add:
Code:
server=/pool.ntp.org/time.google.com/1.0.0.1
server=/pool.ntp.org/time.google.com/9.9.9.9


Alternatively start with the hard coded IP addresses but as we found out there will come a time that those will fail.

Let's see what the verdict will be, for now lets focus on other things Smile

_________________
Routers:Netgear R7000, R6400v1, R6400v2, EA6900 (XvortexCFE), E2000, E1200v1, WRT54GS v1.
Install guide R6400v2, R6700v3,XR300:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
Install guide R7800/XR500: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Forum Guide Lines (important read):https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087
Sponsor
blkt
DD-WRT Guru


Joined: 20 Jan 2019
Posts: 5660

PostPosted: Thu Nov 10, 2022 10:20    Post subject: Reply with quote
Doubt google or cloudfare will be accepted. 2.pool.ntp.org is needed to return IPv6 and IPv4 results, four of each.
mwchang
DD-WRT Guru


Joined: 26 Mar 2013
Posts: 1855
Location: Hung Hom, Hong Kong

PostPosted: Thu Nov 10, 2022 10:24    Post subject: Reply with quote
portsup wrote:
You are not understanding the problem which is inspite of anything set in ntp_server ddwrt won't use it if DNScrypt is enabled.

Not so according to the source codes. "||" is logical OR ... unless "nvram get dns_crypt" somehow equaled to 0??
Quote:
Anyway I seem to have fixed it using iptables to redirect running in the startup script.

That should be related to DNScript after the clock was set and DNScrypt was loaded successfully. But then I don't use DNScrypt. So I should bug out. Sorry! Smile

Anyway, "grep -i dns /var/log/messages | grep -i crypt" should have helped. Also "grep -i ntpclient /var/log/messages". Or maybe just "grep -i -E 'dnscrypt|ntpclient' /var/log/messages"

Also, do you have some special firewall rules? If those rules were all related to DNScrypt, then you possibly loaded those rules too early. You should make sure that those rules are loaded only after DNScrypt is working.

_________________
Router: Asus RT-N18U (rev. A1)

Drink, Blink, Stretch! Live long and prosper! May the Force and farces be with you!

Facebook: https://www.facebook.com/changmanwai
Website: https://sites.google.com/site/changmw
SETI@Home profile: http://setiathome.berkeley.edu/view_profile.php?userid=211832
GitHub: https://github.com/changmw/changmw


Last edited by mwchang on Thu Nov 10, 2022 10:56; edited 7 times in total
Alozaros
DD-WRT Guru


Joined: 16 Nov 2015
Posts: 6410
Location: UK, London, just across the river..

PostPosted: Thu Nov 10, 2022 10:24    Post subject: Reply with quote
I vote NTP, to check the box first, than apply any other hardcoded NTP time servers..as those could be off..and yes i did a test with DNScrypt v1xx that comes along with DDWRT and it does that bad behaviour

Jan 1 02:01:10 DD-WRT5 daemon.err ntpclient[1458]: Failed resolving address to hostname 2.pool.ntp.org: Try again
Jan 1 02:01:10 DD-WRT5 daemon.err ntpclient[1458]: Failed resolving server 2.pool.ntp.org: Network is down
Jan 1 02:01:10 DD-WRT5 daemon.notice ntpclient[1458]: Network up, resolved address to hostname 212.18.3.19
Jan 1 02:01:10 DD-WRT5 daemon.debug ntpclient[1458]: Connecting to 212.18.3.19 [212.18.3.19] ...
Nov 10 10:01:58 DD-WRT5 daemon.info ntpclient[1458]: Time set from 212.18.3.19 [212.18.3.19].
Nov 10 10:01:58 DD-WRT5 daemon.info process_monitor[1457]: Cyclic NTP Update success (servers 2.pool.ntp.org 212.18.3.19 88.99.174.22)
Nov 10 10:01:58 DD-WRT5 daemon.info process_monitor[1457]: Local timer delta is 1668074453

Nov 10 10:02:59 DD-WRT5 daemon.debug ntpclient[3922]: Connecting to 2.pool.ntp.org [178.124.134.106] ...

after change the dnscrypt server + save apply

Nov 10 10:02:59 DD-WRT5 daemon.info ntpclient[3922]: Time set from 2.pool.ntp.org [178.124.134.106].
Nov 10 10:02:59 DD-WRT5 daemon.info process_monitor[3921]: Cyclic NTP Update success (servers 2.pool.ntp.org 212.18.3.19 88.99.174.22)
Nov 10 10:02:59 DD-WRT5 daemon.info process_monitor[3921]: Local timer delta is 0

and yes it does ignore the NTP time i set GGl...as an IP ...but it works with the hardcoded and DNScrypt v1xx is up and running, so its down to if those hardcoded servers are off and DDWRT rotates those as you can see...hey i've found the hot water...but i'm not using the DDWRT DNScrypt v1xx (only for the test),
For secure DNS i have better results with Entware - DNScrypt v2xx witch im using instead...
or Stubby or SmartDNS...the last one has updated ssl Smile

_________________
Atheros
TP-Link WR740Nv1 ---DD-WRT 55179 WAP
TP-Link WR1043NDv2 -DD-WRT 55303 Gateway/DoT,Forced DNS,Ad-Block,Firewall,x4VLAN,VPN
TP-Link WR1043NDv2 -Gargoyle OS 1.15.x AP,DNS,QoS,Quotas
Qualcomm-Atheros
Netgear XR500 --DD-WRT 55460 Gateway/DoH,Forced DNS,AP Isolation,4VLAN,Ad-Block,Firewall,Vanilla
Netgear R7800 --DD-WRT 55460 Gateway/DoT,AD-Block,Forced DNS,AP&Net Isolation,x3VLAN,Firewall,Vanilla
Netgear R9000 --DD-WRT 55363 Gateway/DoT,AD-Block,AP Isolation,Firewall,Forced DNS,x2VLAN,Vanilla
Broadcom
Netgear R7000 --DD-WRT 55460 Gateway/SmartDNS/DoH,AD-Block,Firewall,Forced DNS,x3VLAN,VPN
NOT USING 5Ghz ANYWHERE
------------------------------------------------------
Stubby DNS over TLS I DNSCrypt v2 by mac913
groff
DD-WRT Novice


Joined: 10 Nov 2022
Posts: 1

PostPosted: Thu Nov 10, 2022 11:19    Post subject: Reply with quote
Router/Version: Linksys WRT150N v1.1
Firmware: DD-WRT v3.0-r50841 mini (11/09/22)
Kernel: Linux 2.4.37 #70142 Sat Nov 5 22:11:02 -00 2022 mips
Previous: DD-WRT v3.0-r44715 mini
Mode: Repeater, separate subnet
Status: Working fine on this old hardware
Issues/Errors: none so far
Zyxx
DD-WRT Guru


Joined: 28 Dec 2018
Posts: 733

PostPosted: Thu Nov 10, 2022 13:01    Post subject: Reply with quote
Router/Version: Asus RT-N66U
File: dd-wrt.v24-50841_NEWD-2_K3.x-big-RT-N66U.trx
Firmware: DD-WRT v3.0-r50841 big (11/09/22)
Kernel: Linux 4.4.302-st25 #19945 Wed Nov 9 01:28:35 -00 2022 mips
Mode: Gateway, SFE disabled, Wifi disabled, WAN disabled, Wireguard Endpoint for external VPS, connected via LAN to WRT1900ACS v2, Keep Alive reboot 6:05 in the morning
Reset: No
Status: Installed yesterday, ok.
portsup
DD-WRT User


Joined: 20 Oct 2018
Posts: 210

PostPosted: Thu Nov 10, 2022 22:36    Post subject: Reply with quote
ho1Aetoo wrote:
The entry "server=/pool.ntp.org/8.8.8.8" also resolves the subdomains correctly...


I tried "server=/pool.ntp.org/9.9.9.9" and it wouldn't resolve, but sometimes "server=/2.pool.ntp.org/9.9.9.9" also doesn't resolve so I will test "server=/pool.ntp.org/9.9.9.9" again, I would guess it's an issue with 9.9.9.9 for me.
KACTET
DD-WRT User


Joined: 01 May 2022
Posts: 235

PostPosted: Thu Nov 10, 2022 22:55    Post subject: Reply with quote
Router/Version: Linksys WRT54GL v1.1
File/Kernel: dd-wrt.v24 mini generic 50841 / Linux 2.4.37 #70158 Tue Nov 8 22:41:25 -00 2022 mips
Previous/Reset: dd-wrt.v24 mini generic r50814 / no
Mode/Status: AP wired and wireless / Up and running for 5 hours
Issues/Errors: Nothing significant

No issues. Thank you BS and gurus
portsup
DD-WRT User


Joined: 20 Oct 2018
Posts: 210

PostPosted: Thu Nov 10, 2022 23:26    Post subject: Reply with quote
mwchang wrote:

Not so according to the source codes. "||" is logical OR ... unless "nvram get dns_crypt" somehow equaled to 0??



https://www.includehelp.com/c/logical-or-operator-with-example-in-c.aspx

https://github.com/mirror/dd-wrt/search?q=ntp_server

Code:

servers = nvram_safe_get("ntp_server");
   if (*servers == 0 || nvram_matchi("dns_crypt", 1)) {
      servers = "2.pool.ntp.org 212.18.3.19 88.99.174.22";


|| means if either condition ntp_server=0 or dns_crypt=1 exists then the servers used are "2.pool.ntp.org 212.18.3.19 88.99.174.22"

So even if you set ntp_server to your custom servers if dns_crypt aka encyrpt dns is enabled then those will be ignored and "2.pool.ntp.org 212.18.3.19 88.99.174.22" used
dale_gribble39
DD-WRT Guru


Joined: 11 Jun 2022
Posts: 1899

PostPosted: Fri Nov 11, 2022 1:17    Post subject: Reply with quote
The dnscrypt version included in DD-WRT does not function with all DNSCrypt-capable servers because it is using a slowly-being-completely deprecated protocol version - v1. The v2 protocol is the most widely-deployed at present.

jwh7 wrote:
Issues, observations, and/or workarounds reported:
DNScrypt 1.95 can still be used in the GUI but v2 (not compatible) requires Golang and thus Entware. 6246


https://svn.dd-wrt.com/browser/src/router/dnscrypt

https://github.com/DNSCrypt/dnscrypt-resolvers/

https://github.com/dnscrypt/dnscrypt-protocol

This "discussion" is old:

Kong please update DNSCrypt to v2 because v1 is down
dnscrypt & dnsmasq & others FRUSTRATIONS...
R7000 DNSCrypt on Kong, NTP not working

_________________
"The woods are lovely, dark and deep,
But I have promises to keep,
And miles to go before I sleep,
And miles to go before I sleep." - Robert Frost

"I am one of the noticeable ones - notice me" - Dale Frances McKenzie Bozzio

<fact>code knows no gender</fact>

This is me, knowing I've ruffled your feathers, and not giving a ****
Some people are still hard-headed.

--------------------------------------
Mac Pro (Mid 2012) - Two 2.4GHz 6-Core Intel Xeon E5645 processors 64GB 1333MHz DDR3 ECC SDRAM OpenSUSE Leap 15.5
mwchang
DD-WRT Guru


Joined: 26 Mar 2013
Posts: 1855
Location: Hung Hom, Hong Kong

PostPosted: Fri Nov 11, 2022 2:37    Post subject: Reply with quote
dale_gribble39 wrote:
The dnscrypt version included in DD-WRT does not function with all DNSCrypt-capable servers because it is using a slowly-being-completely deprecated protocol version - v1. The v2 protocol is the most widely-deployed at present.

No harm starting a new thread about updating DNScrypt. I believe BS is still busy with Privoxy, In-Ady-N, IPv6, and OpenVPN.

BTW, this thread is about build 50841, and DNScrypt stole the show. Meow... Smile

_________________
Router: Asus RT-N18U (rev. A1)

Drink, Blink, Stretch! Live long and prosper! May the Force and farces be with you!

Facebook: https://www.facebook.com/changmanwai
Website: https://sites.google.com/site/changmw
SETI@Home profile: http://setiathome.berkeley.edu/view_profile.php?userid=211832
GitHub: https://github.com/changmw/changmw
dale_gribble39
DD-WRT Guru


Joined: 11 Jun 2022
Posts: 1899

PostPosted: Fri Nov 11, 2022 2:46    Post subject: Reply with quote
If you read anything I just posted, updating dnscrypt version is not going to happen because of golang dependencies and flash space restrictions because of code size required. Surely, you're being sarcastic?
_________________
"The woods are lovely, dark and deep,
But I have promises to keep,
And miles to go before I sleep,
And miles to go before I sleep." - Robert Frost

"I am one of the noticeable ones - notice me" - Dale Frances McKenzie Bozzio

<fact>code knows no gender</fact>

This is me, knowing I've ruffled your feathers, and not giving a ****
Some people are still hard-headed.

--------------------------------------
Mac Pro (Mid 2012) - Two 2.4GHz 6-Core Intel Xeon E5645 processors 64GB 1333MHz DDR3 ECC SDRAM OpenSUSE Leap 15.5
manchesterblack
DD-WRT User


Joined: 04 Mar 2021
Posts: 65
Location: Manchester

PostPosted: Fri Nov 11, 2022 15:58    Post subject: Reply with quote
Router/Version: Netgrear R7000
Kernel: Linux 4.4.302-st25 #19945 Wed Nov 9 01:28:35 -00 2022 mips
Mode: Gateway,
Reset: No
Status: Installed today, ok.
NTP ,everything works well mate

_________________
Netgear R7000
DD-WRT DD-WRT v3.0-r50595 std (10/23/22)
Manchester
Enable dnsmasq- Yes
Encrypt DNS- NO
DNSCrypt Resolver- No Using Smart DNS
Cache DNSSEC Data- Yes
Validate DNS Replies (DNSSEC)- NO
Check Unsigned DNS Replies- NO
No DNS Rebind- Enable
Query DNS in Strict Order- Enable
Add Requestor MAC to DNS Query- Disable
RFC4039 Rapid Commit Support- Enable
Maximum Cached Entries- 1500

Smart DNS - YES

server-https https://9.9.9.9/dns-query
server-tls 9.9.9.9:853 -host-name: dns.quad9.net
server-tls 5.2.75.75:853 -host-name: dot.nl.ahadns.net
server-https https://1.1.1.1/dns-query

Additional VPN Configuration-
pull-filter ignore "dhcp-option DNS6 "
pull-filter ignore "dhcp-option DNS "

Dnsmasq Additional Options

server=/pool.ntp.org/9.9.9.9
server=/pool.ntp.org/1.0.0.1
server=/adquard-dns.com/9.9.9.9


BrainSlayer wrote:
we just do it since we do not like any restrictions enforced by stupid cocaine snorting managers
dale_gribble39
DD-WRT Guru


Joined: 11 Jun 2022
Posts: 1899

PostPosted: Fri Nov 11, 2022 17:45    Post subject: Reply with quote
It looks as if the dnscrypt issue may no longer be an issue:

https://svn.dd-wrt.com/changeset/50850
https://svn.dd-wrt.com/changeset/50851

_________________
"The woods are lovely, dark and deep,
But I have promises to keep,
And miles to go before I sleep,
And miles to go before I sleep." - Robert Frost

"I am one of the noticeable ones - notice me" - Dale Frances McKenzie Bozzio

<fact>code knows no gender</fact>

This is me, knowing I've ruffled your feathers, and not giving a ****
Some people are still hard-headed.

--------------------------------------
Mac Pro (Mid 2012) - Two 2.4GHz 6-Core Intel Xeon E5645 processors 64GB 1333MHz DDR3 ECC SDRAM OpenSUSE Leap 15.5
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 12837
Location: Netherlands

PostPosted: Fri Nov 11, 2022 18:37    Post subject: Reply with quote
Yes @ho1Aetoo has been pushing hard to solve this, not yet there, we still have a hard coded ntp server which does not seem to work and probably SmartDNS should also be in the list of services to be restarted but at least progress Smile
_________________
Routers:Netgear R7000, R6400v1, R6400v2, EA6900 (XvortexCFE), E2000, E1200v1, WRT54GS v1.
Install guide R6400v2, R6700v3,XR300:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
Install guide R7800/XR500: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Forum Guide Lines (important read):https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087
Goto page Previous  1, 2, 3, 4, 5, 6, 7  Next Display posts from previous:    Page 5 of 7
Post new topic   Reply to topic    DD-WRT Forum Index -> Broadcom SoC based Hardware All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum