Jump to content

fl4co

Forum Members
  • Posts

    17
  • Joined

  • Last visited

Equipment

  • Keenetic
    Skipper

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

fl4co's Achievements

Member

Member (2/5)

3

Reputation

1

Community Answers

  1. fl4co

    MAP-T

    In their configuration page they just say this: IPoE IPv4/IPv6 protocol NAT: MAP-T Mapping of Address and Port, Translation mode (RFC7599) I will post more information when they make the switch or if they release new information.
  2. fl4co

    MAP-T

    In my country, Italy, Sky (the satellite TV provider) became an ISP and started with a dual-stack network, but it's planning to switch to IPv6-only by the end of the year and you need a router supporting MAP-T to access their network. There is a failry new law in Italy that allows a customer to use any router they want with their ISP, but as far as I know only the router provided by Sky, and OpenWrt, support MAP-T among consumer routers. It may be a good idea to support MAP-T since not many routers support it right now. Would Keenetic be interested in implementing MAP-T?
  3. Hello, I'd like to add new information regarding this issue. 9.9.9.11 is a DNS server with EDNS Client Subnet. This feature might be the one causing problems. If fact, if I try a query with dig google.com +noedns I get a succesful answer: ; <<>> DiG 9.11.5-P4-5.1+deb10u5-Debian <<>> google.com +noedns ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 23119 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 1232 ;; QUESTION SECTION: ;google.com. IN A ;; ANSWER SECTION: google.com. 211 IN A 142.250.180.142 ;; Query time: 197 msec ;; SERVER: 10.88.0.1#53(10.88.0.1) ;; WHEN: dom giu 06 11:34:05 CEST 2021 ;; MSG SIZE rcvd: 55 Maybe the DNS proxy have problems forwarding EDNSClient Subnet information?
  4. fl4co

    Ntce

    With Alpha 12 the new component is present on the Skipper.
  5. fl4co

    Ntce

    Italy. I think Skipper is the European name for the model KN-1910.
  6. fl4co

    Ntce

    Then I don't have it 🤷‍♀️
  7. fl4co

    Ntce

    I don't have it. Do I need to remove "traffic shaper" first?
  8. fl4co

    Ntce

    Hello, I'm in version 3.7 Alpha 11 but I can't find the component to install. I searched for "ntce" and "traffic analizer" but didn't find anything, How is the component called?
  9. Then it's not possible to have a DNS server in the LAN at the moment, when dual-stack is present 😞. As far as I know clients will prefer IPv6 and bypass the DNS server on the LAN. Should I open a thread in the feature request section?
  10. I use Pi-hole on my home network to block ads. All I had to do with IPv4 was set the DHCP server in my Keenetic device. I recently switched my ISP and they provide IPv6 connectivity. I managed to have IPv6 working, but now the router pushes via SLAAC its IPv6 address as DNS server to clients. So now my devices prefer IPv6 and reach to the router for DNS resolution, bypassing the Pi-hole on my home network. I tried to find an option to change the DNS server address pushed via SLAAC but couldn't find one. I saw that I can change SLAAC to DHCPv6 but I can't find where to set the options. Is it possible to change the DNS server pushed to IPv6 clients?
  11. I'm attaching the capture file, as you can see the queries for google.com, facebook.com and twitter.com made with dig received REFUSED as a response. I have to point out that 10.88.0.1 is the Keenetic's private IP address. capture-Bridge0-May 2 22-59-25.pcapng
  12. Hello, I have a problem with DNS over TLS that I can't debug. If I'm using 9.9.9.11 server from Quad9, I receive this output from dig, on Mac and on Linux: └─$ dig cnn.com ; <<>> DiG 9.16.13-Debian <<>> cnn.com ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: REFUSED, id: 37374 ;; flags: qr ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ; COOKIE: 12882241105594ad (echoed) ;; QUESTION SECTION: ;cnn.com. IN A ;; Query time: 1040 msec ;; SERVER: 10.88.0.2#53(10.88.0.2) ;; WHEN: gio apr 22 11:46:21 CEST 2021 ;; MSG SIZE rcvd: 48 host and nslookup work fine. Operating systems can resolve names (web browsers work), at least I tried a Mac and Linux with regular /etc/resolv.conf. However a Linux server with systemd-resolved can't resolve names when the upstream on the router is 9.9.9.11. If I change to 9.9.9.9 everything works fine. DoH works fine even for 9.9.9.11. I tried a packet capture and it seems that queries don't go to the internet, it's the router that responds REFUSED to the local clients. Truncated output from "show dns-proxy": ... proxy-tls: server-tls: address: 9.9.9.11 port: sni: dns11.quad9.net spki: interface: server-tls: address: 149.112.112.11 port: sni: dns11.quad9.net spki: interface: ... Is this a bug? Why is it not working properly for just these two servers? I'd like to use these and not the regular Quad9 because they have EDNS Client Subnet.
  13. Hello, I'd like to request the following feature. When executing ip dhcp pool $POOL_NAME update-dns the Keenetic's DNS server will add a record for devices that are assigned an IP address via DHCP, so every device with a private IP in the LAN will have an A record with the hostname passed via DHCP. It would be great if the Keenetic could add a reverse DNS record, so that private IP addresses would be pointed to the DNS name. I'm asking this because I use Pi-Hole to block ads as my DNS server, but I'd like to keep using the Keenetic as a DHCP server. Doing this makes it impossible for Pi-Hole to display the clients' names. There is an option in Pi-Hole called "conditional forwarding" that solves this problem by making reverse DNS queries to the router in order to discover the clients' names, but as of now this doesn't work with the Keenetic because it does not respond to reverse DNS queries.
×
×
  • Create New...