boktai1000
commented
5 years ago Hi @jmeeter
Not sure if you saw some of the other issues regarding the current state of AdvancedTomato, but the firmware and repository owner has other current real life priorities right now. In the background, a new (different) firmware has been gaining traction called FreshTomato. If you want to read up more on it, do a bit of Googling.
-
406
-
430
Now regarding your issue, I actually posted about this in the FreshTomato thread over on LinksysInfo.org forums ( https://www.linksysinfo.org/index.php?threads/fork-freshtomato-arm.74117/page-19#post-302494 ).
Unfortunately it did not gain much traction, I suggest if this is something you think is important to take up the conversation further over there as well as understand that this change likely isn't going to make it's way into AdvancedTomato here. Maybe a discussion can be formed there to understand the potential impact this may have to the Tomato firmwares.
It's probably still good to track this as an issue against AdvancedTomato as it's something that people should be aware of as the laundry list of issues build up, but hopefully if you weren't already aware of the current state of the firmware this gets you up to speed.
Looking forward to see what comes from this, as it's an issue that I'm interested in following as well but don't know enough regarding the firmware to understand potential implications that it may have and possible use-cases it would affect Tomato.
Taken from dnsflagday.net:
DNS Resolver Operators
On or around Feb 1st, 2019, major open source resolver vendors will release updates that will stop accommodating non-standard responses. This change will affect authoritative servers which do not comply either with the original DNS standard from 1987 (RFC1035) or the newer EDNS standards from 1999 (RFC2671 and RFC6891). Major public DNS resolver operators listed below are also removing accommodations so this change will also impact Internet users and providers who use these public DNS services.
Sites hosted on incompatible authoritative servers may become unreachable through updated resolvers. The web form above diagnostic tool may be helpful while investigating problems with a particular domain. Domains which repeatedly fail the test above have problems with either their DNS software or their firewall configuration and cannot be fixed by DNS resolver operators.
The following versions of DNS resolvers will not accommodate EDNS non-compliant responses:
DNS Server Operators
The main change is that DNS software from vendors named above will interpret timeouts as sign of a network or server problem. Starting February 1st, 2019 there will be no attempt to disable EDNS in reaction to a DNS query timeout.
This effectively means that all DNS servers which do not respond at all to EDNS queries are going to be treated as dead.
Please test your implementations using the ednscomp tool to make sure that you handle EDNS properly. Source code for the tool is available as well.
It is important to note that EDNS is still not mandatory. If you decide not to support EDNS it is okay as long as your software replies according to EDNS standard section 7.
In other words, software which correctly implements the original DNS standard RFC1035 from 1987 does not require any changes. Only non-compliant software has to be fixed.