fl4co

In my country, Italy, Sky (the satellite TV provider) became an ISP and started with a dual-stack network, but it's planning to switch to IPv6-only by the end of the year and you need a router supporting MAP-T to access their network. There is a failry new law in Italy that allows a customer to use any router they want with their ISP, but as far as I know only the router provided by Sky, and OpenWrt, support MAP-T among consumer routers. It may be a good idea to support MAP-T since not many routers support it right now. Would Keenetic be interested in implementing MAP-T?

Hello, I'd like to add new information regarding this issue. 9.9.9.11 is a DNS server with EDNS Client Subnet. This feature might be the one causing problems. If fact, if I try a query with dig google.com +noedns I get a succesful answer: ; <<>> DiG 9.11.5-P4-5.1+deb10u5-Debian <<>> google.com +noedns ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 23119 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 1232 ;; QUESTION SECTION: ;google.com. IN A ;; ANSWER SECTION: google.com. 211 IN A 142.250.180.142 ;; Query time: 197 msec ;; SERVER: 10.88.0.1#53(10.88.0.1) ;; WHEN: dom giu 06 11:34:05 CEST 2021 ;; MSG SIZE rcvd: 55 Maybe the DNS proxy have problems forwarding EDNSClient Subnet information?

With Alpha 12 the new component is present on the Skipper.

Italy. I think Skipper is the European name for the model KN-1910.

Then I don't have it 🤷‍♀️

I don't have it. Do I need to remove "traffic shaper" first?

Hello, I'm in version 3.7 Alpha 11 but I can't find the component to install. I searched for "ntce" and "traffic analizer" but didn't find anything, How is the component called?

Then it's not possible to have a DNS server in the LAN at the moment, when dual-stack is present 😞. As far as I know clients will prefer IPv6 and bypass the DNS server on the LAN. Should I open a thread in the feature request section?

It's working, thank you!

I use Pi-hole on my home network to block ads. All I had to do with IPv4 was set the DHCP server in my Keenetic device. I recently switched my ISP and they provide IPv6 connectivity. I managed to have IPv6 working, but now the router pushes via SLAAC its IPv6 address as DNS server to clients. So now my devices prefer IPv6 and reach to the router for DNS resolution, bypassing the Pi-hole on my home network. I tried to find an option to change the DNS server address pushed via SLAAC but couldn't find one. I saw that I can change SLAAC to DHCPv6 but I can't find where to set the options. Is it possible to change the DNS server pushed to IPv6 clients?

I'm attaching the capture file, as you can see the queries for google.com, facebook.com and twitter.com made with dig received REFUSED as a response. I have to point out that 10.88.0.1 is the Keenetic's private IP address. capture-Bridge0-May 2 22-59-25.pcapng

Hello, I have a problem with DNS over TLS that I can't debug. If I'm using 9.9.9.11 server from Quad9, I receive this output from dig, on Mac and on Linux: └─$ dig cnn.com ; <<>> DiG 9.16.13-Debian <<>> cnn.com ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: REFUSED, id: 37374 ;; flags: qr ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ; COOKIE: 12882241105594ad (echoed) ;; QUESTION SECTION: ;cnn.com. IN A ;; Query time: 1040 msec ;; SERVER: 10.88.0.2#53(10.88.0.2) ;; WHEN: gio apr 22 11:46:21 CEST 2021 ;; MSG SIZE rcvd: 48 host and nslookup work fine. Operating systems can resolve names (web browsers work), at least I tried a Mac and Linux with regular /etc/resolv.conf. However a Linux server with systemd-resolved can't resolve names when the upstream on the router is 9.9.9.11. If I change to 9.9.9.9 everything works fine. DoH works fine even for 9.9.9.11. I tried a packet capture and it seems that queries don't go to the internet, it's the router that responds REFUSED to the local clients. Truncated output from "show dns-proxy": ... proxy-tls: server-tls: address: 9.9.9.11 port: sni: dns11.quad9.net spki: interface: server-tls: address: 149.112.112.11 port: sni: dns11.quad9.net spki: interface: ... Is this a bug? Why is it not working properly for just these two servers? I'd like to use these and not the regular Quad9 because they have EDNS Client Subnet.

Hello, I'd like to request the following feature. When executing ip dhcp pool $POOL_NAME update-dns the Keenetic's DNS server will add a record for devices that are assigned an IP address via DHCP, so every device with a private IP in the LAN will have an A record with the hostname passed via DHCP. It would be great if the Keenetic could add a reverse DNS record, so that private IP addresses would be pointed to the DNS name. I'm asking this because I use Pi-Hole to block ads as my DNS server, but I'd like to keep using the Keenetic as a DHCP server. Doing this makes it impossible for Pi-Hole to display the clients' names. There is an option in Pi-Hole called "conditional forwarding" that solves this problem by making reverse DNS queries to the router in order to discover the clients' names, but as of now this doesn't work with the Keenetic because it does not respond to reverse DNS queries.

Thank you!

Thank you for clearing this out. Now the the wg interface doesn't do NAT anymore as I intended. What does doing no ip nat Home imply, anyway? If I create a L2TP VPN then I will have to manually add ip static Home <l2tp interface> to be able to access the Internet through the tunnel?

Hello, I recently bought a Keenetic Skipper router and I’m very pleased with it.However, there is one problem I can’t seem to be able to fix: I set up a WireGuard connection but I can’t disable NAT translation on the interface. When I connect to a WireGuard peer from a device behind the Skipper, the peer always sees the connection originating from the the Skipper’s WireGuard address and not from the actual device’s IP address.I tried entering the command “no ip nat Wireguard0” but it has no effect because I think that a NAT rule was not active on the interface to begin with.So how can I disable NAT on the WireGuard interface?