1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Official Tomato v1.20 released

Discussion in 'Tomato Firmware' started by jestermiami, Jul 12, 2008.

  1. jestermiami

    jestermiami Addicted to LI Member

    Released 7-12-08
    http://www.polarcloud.com/tomato_120

    Tomato 1.20
    Updated to dnsmasq 2.43. This takes care of the CERT VU#800113 security issue.
    Fixed setting custom scheduler time doesn't save correctly.
    Updated to L7 patterns 2008-04-23
    Static DHCP limit increased to 100.
    Added EasyDNS HTTPS support.
    Added date format option for Bandwidth/* pages.
     
  2. Mercjoe

    Mercjoe Network Guru Member

    Thank you.

    Flashed and running perfect as expected
     
  3. Sunspark

    Sunspark LI Guru Member

    I am sad it doesn't come with an web option to allow dropbear to increase the RWIN to allow for faster SSH transfers. I did email Jon to ask for it.
     
  4. aggybong

    aggybong LI Guru Member

    DNS keeps dropping out for me. Anyone else having this problem?
     
  5. gregg098

    gregg098 LI Guru Member

    What do you mean "dropping out"?
     
  6. CBR900

    CBR900 LI Guru Member

    does it have Bandwidth Limiter per IP/MAC?
    10x
     
  7. Toink

    Toink Network Guru Member

    Victek's mod build will have this. I'm sure Victek's already working on it :)
     
  8. aggybong

    aggybong LI Guru Member

    Can't resolve host names, can only access stuff by IP. Happened with both my ISP's DNS servers and the 4.2.2.1\.4.2.2.2 combo.
     
  9. madsul

    madsul LI Guru Member

    It seems I may be having a small problem. I came back to my computer and I couldn't reach any web sites so I renewed my lease and it works again. That is as far as I have gone so far, but it has happened twice.
     
  10. vanhh

    vanhh Network Guru Member

    I'm not sure it's matter or not, but since the firmware had a few new updates. I did nvram clear. It's running fine so far.
     
  11. madsul

    madsul LI Guru Member

    Could someone tell me how to do that?

    Edit: I did a search. Amazing what you can find. Reset Nvram I will tell you how I go. Is it alright to restore your configuration from before the update?
     
  12. eRd12

    eRd12 LI Guru Member

    I have the same problem, but I didn't make nvram reset after upgrade and it was always ok. Nevermind, now I made reset, get settings from file and we will see if it help, if not I'll make reset and set everything from 0 ...
     
  13. der_Kief

    der_Kief Super Moderator Staff Member Member

    Hi,

    i flashed to new version without doing a nvram reset and everything is working as before. No problems at all.

    Nice work Jon :thumbup:

    der_Kief
     
  14. madsul

    madsul LI Guru Member

    Did it to me again. I am going back to 1.19 for tonight I will have another go tomorrow after work.
     
  15. LLigetfa

    LLigetfa LI Guru Member

    NO. It makes no sense to clear NVRAM and then restore it again from backup.
     
  16. GhaladReam

    GhaladReam Network Guru Member

    Cool that this is out :)

    However, I will be waiting until Victek finishes his 1.20 mod, as I need the features he provides.
     
  17. jsmiddleton4

    jsmiddleton4 Network Guru Member

    I can't get to the Spaniard's web site either. Any luck seeing when Senor Victek is up to?
     
  18. Toink

    Toink Network Guru Member

    I'm sure Señor Victek will come up with his new build in a few days :) I think it's wiser to wait for a few more days if this new build is bug free.

    According to his last post in his thread, he's got some features to pull out his hat of tricks :)
     
  19. mzsubs

    mzsubs Addicted to LI Member

    DNS problems with 1.20

    First of all thank you for the amazing piece of software.

    After upgrading to 1.20 DNS resolution fails after some time with router reboot as the only way to fix it (did not try to restart dnsmasq from the command line). Problem is only DNS related, because everything else is working if IP addresses are used. Downgrading back to 1.19 fixed the problem.
     
  20. hardc0re

    hardc0re Network Guru Member

    Same problem here. In 1.20 the DNS resolution fails after a while.
     
  21. Morac

    Morac Network Guru Member

    Hmm sounds like there might be a bug in Dnsmasq 2.43 (or 2.42), that or it doesn't interact well with the router. Tomato 1.19 used Dnsmasq 2.41.

    I was going to install 1.20, but I think I'll hold off for a while since 1.19 has been stable for me and my WRT54GL for 78 days and running.

    For people having problems, what router are you using? Also does unchecking the "Use Internal Caching DNS Forwarder" option in the Advanced->DHCP / DNS Server make the problem go away?
     
  22. nuxator

    nuxator Guest

    Same problem here on an WRT54GL (i'm using internal dns caching)
    Clear nvram and restore didn't resolved the problem.
    Had to donwgrade to 1.19.
     
  23. Techmiles

    Techmiles Guest

    Same problem, DNS stop working after a while on version 1.20, I upgraded from Tomato 1.06 on my WRT54GS version 2.00 that was working trouble free for over a year without a single reset.

    I did the upgrade because I was in need of QOS for my new Vonage line and wanted to test the QOS of the latest version

    Now I installed version 1.19 and is working fine.
     
  24. WayneBike

    WayneBike Guest

    I also had issues w/ DNS dropping after a while. Reverting to 1.19 until fix is out.
     
  25. bdm_module

    bdm_module Network Guru Member

    Back to 1.19

    Flashed the new one 1.20 and yes the dns is dropping out on me after 1 hour, so I went back to 1.19
     
  26. frankdeckard

    frankdeckard Guest

    I'm having the same problem.
     
  27. puddle

    puddle LI Guru Member

    same problem here. DNS drops out after a while. DNS will come back if you change any setting on the DNS tap and then hit "save".
     
  28. schnikies79

    schnikies79 LI Guru Member

    same problem here. i had it happen 3 times since I flashed 1.20 yesterday. A flash back 1.19 fixed everything.

    good ole' WRT54GL
     
  29. Kye-U

    Kye-U Addicted to LI Member

    I had the same problem; flashed back to 1.19 and everything's fine again!
     
  30. Rob650

    Rob650 Addicted to LI Member

    I guess I'm in the minority here. No problems at all with 1.20 on my WRT54GL.
     
  31. Kye-U

    Kye-U Addicted to LI Member

    It seems to "die" after an hour or so after a reboot.
     
  32. Rob650

    Rob650 Addicted to LI Member

    Odd that I have not experienced this. I flashed my router when I first saw the thread posted yesterday. I guess I'll reboot my router manually and see.
     
  33. DumKopf

    DumKopf LI Guru Member

    Same prob here, no DNS after an hour.

    WRT54GL
     
  34. Rob650

    Rob650 Addicted to LI Member

    Over a day after I flashed 1.20 on the WRT and more than an hour after I manually rebooted it and still no problems. For what it's worth, the only notable config changes I made are: changed TCP Timeout, changed default subnet, disabled wireless. I've always read it's not necessary to clear NVRAM after flashing a new version of the same firmware, but I did anyway.
     
  35. turbo53

    turbo53 Network Guru Member

    Glad I checked here before doing the update. Version 1.19 has been very stable and I think I'll wait for the DNS fix.

    I've made enough changes for one night anyway. Finally got the last WEP-only device off my network, so I just upgraded to WPA-2 encryption.
     
  36. hardc0re

    hardc0re Network Guru Member

    Are you using DNS caching? I think all of us having the problem are using DNS caching (which is the default setting).
     
  37. fryfrog

    fryfrog Network Guru Member

    I had the same sort of DNS dropping out issues that everyone else had. In order to restart dns w/o restarting the router, I ticked a few of the boxes under DHCP/DNS, hit save and then unticked them and hit save. Since doing that last night, it seems to be doing okay.

    From the above advice / discussion, I disabled dns caching and will see how that does.
     
  38. Rob650

    Rob650 Addicted to LI Member

    "Use Internal Caching DNS Forwarder" is checked. I didn't change anything on that page.
     
  39. turbo53

    turbo53 Network Guru Member

    OK...I did some searching and think I found a workaround. Can someone who is using 1.20 give this a try?

    Go to "Advanced | DHCP/DNS" and enter the following in the "DNSMASQ Custom Configuration" field:

    query-port=0

    This restores the old behavior for DNSMASQ prior to DNSMASQ v 1.43. I think the change that has caused this problem is due to a fix for the CERT VU#800113 security issue.

    For more information, see these pages:

    http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2008q3/002183.html
    http://www.thekelleys.org.uk/dnsmasq/docs/dnsmasq-man.html

    If anyone gives this a try, please post your result here.
     
  40. Morac

    Morac Network Guru Member

    I'll mention I contacted Jon about the problem and pointed him to this thread and he sent me a link to an updated test version firmware which lowers the amount of random ports DNSMasq uses as well as restarts it if it dies.

    I haven't installed either 1.20 or the test version as of yet, but if you had a problem with 1.20, I suggest contacting Jon.


    BTW for anyone having the problem, can you see if DNSMasq is still even running after the DNS stops working? It's likely it either crashed or is no longer grabbing ports correctly (the query-post=0 would fix that).
     
  41. Mercjoe

    Mercjoe Network Guru Member

    I had the same issue soon after installing 1.20. About an hour after the flash it lost the DNS and would not load any OLD web pages. Any NEW web pages loaded fine however. By old I mean pages that had been loaded within a few hours before the flash.

    I did a hard reset after this issue appeared, and since then I have had ZERO issues. May this be a problem with something 'hanging' in memory? If it was loaded under the older firmware and then not forcably reset, could this be creating the problem?

    I know that most of us flash and go. Not many of us power down the router or reset the config and start over.

    Just a thought.
     
  42. Kye-U

    Kye-U Addicted to LI Member

    I cleared the NVRAM after flashing to 1.20 from 1.19, and I still got the problem after an hour or so.

    I'm too lazy to flash it again to 1.20 and see if the query-port=0 config string works =[
     
  43. 4char

    4char Network Guru Member

    I flashed 1.20 over 1.19 on WRT54G v2 and so far no problem. It's being up for more than 1 day now. I did not do reset after upgrade either.

    In the DNS page, I have
    - "Use Internal Caching DNS Forwarder" checked
    - "Use Received DNS With Static DNS" checked
    - nothing else checked and no Customer configuration either.
     
  44. puddle

    puddle LI Guru Member

    I upgraded from 1.19 to 1.20, full nvram reset and was having the DNS problem this morning. Just got home from work.

    * wifi was down
    * dhcp was unresponsive
    * couldnt load webpage

    needed to power cycle it... maybe a mem leak in the new dnsmasq?
     
  45. jtopping

    jtopping Guest

    SSH

    I haven't had any dns issues yet, but I typically do a ssh tunnel to my tomato box and with 1.20 the SSH connection from the WAN is very unstable.

    trying again with 1.19...stay tuned
     
  46. Knyte

    Knyte Guest

    No DNS here either.

    Same problem as others; DNS resolution seems to drop after an hour or so. I found that by changing any option in Advanced / DHCP/DNS and Saving (Restarting Some Services) DNS would work again; but only for another hour or so.

    Reverted back to 1.19 as well for now.
     
  47. pilotboy72

    pilotboy72 Guest

    I had the same problem. Had to disable the use of caching DNS in order to resolve anything.
     
  48. Pioneer

    Pioneer LI Guru Member

    No problem here on my WRT54GL...
     
  49. guillaumy

    guillaumy LI Guru Member

    Had problems with DNS less than an hour after flashing WRT54G v2.2 from 1.19 to 1.20 by web GUI.

    After reboot by GUI command, everything seems to be working fine now for over two days.

    (I've also had no complaints from another user of WRT54G v3 who flashed the router to 1.20 from 1.19).


    Despite the grave importance of the dnsmasq patch, I am not yet applying 1.20 to the other routers on remote locations!
     
  50. Morac

    Morac Network Guru Member

    Jon has a test version which he hopes will work around the problem. It tries to stabilize DNSMasq and if it fails, it will restart it and log a "restarting dnsmasq" in the log.
     
  51. Morac

    Morac Network Guru Member

    It's still not really known if the dnsmasq patch is even really needed since the author doesn't even know if dnsmasq is vulnerable or not do to the lack of information about the flaw. The changes do make dnsmasq more secure, but apparently less stable.

    I suppose someone could add the "log-queries" and "no-daemon" parameters to generate extra logging data and see why it's failing.
     
  52. gbcox

    gbcox Guest

    I applied the "query-port=0" and still had the same problem. I've backed out now to 1.19 - working fine again...
     
  53. asterger

    asterger Network Guru Member

    I upgraded my WRTSL54GS to 1.20 directly on version 1.19 with no problems. The following parameters set with version 1.19 flowed through to 1.20:


    Use Internal Caching DNS Forwarder - checked
    Static Lease Time - infinite

    cache-size=2048
    log-async=5

    Cheers,

    -- asterger

    EDIT: I should point out that sometime after posting this message I did experience DNS failures. There were a total of 3 restarts listed in the logfile. Subsequently installed v1.20.1494 and so far all is well.
     
  54. Odin-60

    Odin-60 LI Guru Member

    I've just installed it on a Buffalo WHR-G54S; now let's wait for the things to come...
     
  55. jockel

    jockel LI Guru Member

    Hi,
    I have seen the DNS error on my local router now three times within a day.
    I apply Jon´s testversion now and so will see, whether the error is gone.
    For completeness of information I admit, that this router was rebooted several
    times, but there was no NVRAM clearing when updating from 1.19 to 1.20.
    Jockel
     
  56. puddle

    puddle LI Guru Member

    query-port=0 <=- fixed my problem. (WRT54GL)
     
  57. guillaumy

    guillaumy LI Guru Member

    My first observation of a catastrophic failure with 1.20.

    Whereas DNS failed once before while I was on an existing connection, this time I was caught with not being able to get in at all by wireless (i.e. trying to connect after dnsmasq failure). I had to go to the remote location (fortunately very near) and cold reboot the router.

    I moved on to 1.20 build 1494 at once... I'll report back if there are any problems.
     
  58. krux01

    krux01 LI Guru Member

    I had problems with dnsmasq upon the initial boot after upgrade to v 1.20. I found that dnsmasq was failing to start and time not setting on my router. After checking the logs I found the error was due to a duplicate entry "domain=" once I removed this duplicate entry all is well. My router has been up without issue since 7/12/2008.
     
  59. i1135t

    i1135t Network Guru Member

    Care to tell us where this "domain=" entry is located? Thanks...
     
  60. xcooling

    xcooling LI Guru Member

  61. turbo53

    turbo53 Network Guru Member

    /etc/dnsmasq.conf
     
  62. krux01

    krux01 LI Guru Member

    Sure it is an optional entry in the dnsmasq custom configuration. If you check /etc/dnsmasq.conf verify there are no duplicate entries in this file.
     
  63. schlichte

    schlichte LI Guru Member

    works great.. thx a lot!
     
  64. Odin-60

    Odin-60 LI Guru Member

    FYI:
    The test version (1.20.1491) is running flawlessly for more than one day now.
    (Note that my ISP shuts down the PPPoE connection after 24 hrs, so dnsmasq
    was restarted in the meantime.)
    I did not experience any failure, and there is no indication of an "emergeny
    restart" in the log file.
     
  65. Victek

    Victek Network Guru Member

    DNSmasq reported by the author (Kelleys.org), the bug is present in 2.42 & 2.43 release, fixed (apparently) in version 2.44test1. Here are the comments about it.

    "version 2.44
    Fix crash when unknown client attempts to renew a DHCP
    lease, problem introduced in version 2.43. Thanks to
    Carlos Carvalho for help chasing this down.

    Fix potential crash when a host which doesn't have a lease
    does DHCPINFORM. Again introduced in 2.43. This bug has
    never been reported in the wild."

    -Vic :biggrin:
     
  66. turbo53

    turbo53 Network Guru Member

    This makes sense, since Tomato 1.19 had version 2.41 of dnsmasq. So we wouldn't have seen any issues.
     
  67. Mercjoe

    Mercjoe Network Guru Member

    The ugly loss of the internet probelm suddenly happened time after time after time.

    I got tired of having to fix it and flashed back to 1.19. I would recommend staying away from this one till the DNSmasq issues get resolved.
     
  68. reekoh

    reekoh Guest

    Hi,
    I just installed Tomato for the first time on my WRT54GL yesterday and I appear to be affected by this DNS bug. As recommended by many on this thread, I'd like to downgrade to 1.19. Is there a specific set of instructions for this anywhere or is it just a matter of plugging in the 1.19 firmware through the web interface? Is there anything else I need to know? Also, I've already invested quite a bit of time on my settings (static dhcp lists, etc.). Will I be able to keep them after the downgrade? Thanks in advance for your help.
     
  69. jockel

    jockel LI Guru Member

    Hi,
    I have not seen the DNS error again since I flashed the special test-version
    provided by Jon.

    Jockel
     
  70. jnappert

    jnappert LI Guru Member

    Since 1.19 (i think this was the first version where the "strict rule ordering" option in qos disappeared) i experience problems in qos. My VOIP keeps stumbling even with priority set to highest and only enabling qos without making any changes in qos cuts my upload from 1024 to 450.
    I hoped 1.20 solved this...
     
  71. Edrikk

    Edrikk Network Guru Member

    Apparently a 2.44Test2 version of DNSMasq is out... Can't find what was fixed, but apparently something was...
    http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2008q3/002210.html

    Nvm... Fixes since the last change-log posted on the previous page of thread:

    ------------------------------------------------------------
    Fix crash in netlink code introduced in 2.43. Thanks to
    Jean Wolter for finding this.

    Change implementation of min_port to work even if min-port
    as large.

    Patch to enable compilation of latest Mac OS X. Thanks to
    David Gilman.
    ------------------------------------------------------------
     
  72. guillaumy

    guillaumy LI Guru Member

    An important comment from the author of dnsmasq


     
  73. averylinden

    averylinden Addicted to LI Member

    I imagine most Tomato users serve DNS to their internal LAN and don't expose it to the Internet. If you do this and you trust your LAN users you don't have much to worry about with the latest DNS vulnerability. In this case the --query-port workaround is OK. Make sure to remove the workaround when a fixed version of dnsmasq works its way into Tomato.
     
  74. Morac

    Morac Network Guru Member

    I'm assuming once DNSMasq 2.44 is officially released that a new Tomato firmware will be released?
     
  75. nvtweak

    nvtweak LI Guru Member

    Whether or not you trust your users, malware getting inside the network is still a potential problem. For example, like the recent zlob trojan which maliciously changes routers' DNS settings..
     
  76. Sunspark

    Sunspark LI Guru Member

    Awesome. I was emailed a test build that contains an NVRAM string that I can adjust that will allow me to change the dropbear -W RWIN value.

    I'll have to do some benchmarking when I am the only one using the connection.

    The default value is good enough for my upload, but needs to be more for the download.
     
  77. guillaumy

    guillaumy LI Guru Member

    I was bragging the other day to a friend-user how great his (WRT54Gv3) router was, how he even had security updates to patch that ghastly DNS loophole, how he probably had the best home rig around for hundreds of miles.

    Now I have to turn around to the actual folks doing the work and say, Jonathan, and others like "Victek", thank you vey much and God bless you for your wonderful contribution.
     
  78. pharma

    pharma Network Guru Member

    I don't know if this was posted, but Jon has a Test Build section at his site that includes the following:

    2 Test Builds at the Official Tomato site:




    1. Uses Dnsmasq 2.44test2 (crash fix). Adds EveryDNS DDNS.


    2. Uses Dnsmasq 2.44test1 (crash fix). Restarts Dnsmasq if it dies (can be disabled with "nvram set wdg_norestart=dnsmasq").


    Pharma
    Edit: Removed the direct links. Thanks, DeCexx.
     
  79. DeCex

    DeCex LI Guru Member

    Remove the direct download link. I think I saw it on his page about that. Something like this;

    Download
    (please don't link the files directly - Thanks)
     
  80. ICE1

    ICE1 Addicted to LI Member

    Well, I finally made my decision and updated my new Linksys WRT-54GL Router
    and have to say i like how the UI looks it's differently a big improvement from the stock firmware that came with the router.. Back on topic about Domain Name Servers I notice that every time i reboot a dynamic address would connects to the wan side of the router and say's hello to ISP's DNS.. The interesting part is that my DNS settings are nothing near to what the ISP's DNS offers.. And wonder if any of you guys have ever experience something similar.. Other then that
    Tomato Firmware 1.20 is up and running for 20 hrs non-stop..
     
  81. tijaune

    tijaune LI Guru Member

    Power cycle / build 1.20.1501 to resolve the DNS...

    Yesterday, I lost DNS 3 times. Having flashed 1.20 day ago, I found out that if I disconnect from my ISP and reconnect, everything is back. Must be the new firmware 1.20. Hop to the polarcloud site and flashed with the build 1.20.1501 + power cycle the router (WRT54GL), no more lost since last night.

    --
     
  82. ICE1

    ICE1 Addicted to LI Member

    Oh boy, i think i spoke to soon.. today i tried to log in and can't get into UI the prompt would come up so i enter in my login and password and it would not connect to the router it mentioned .css then some other extension with same login/password prompt.. I had no problem before instill i upgraded from stock firmware to tomato 1.20.. should start over?
     
  83. tehgeek

    tehgeek Network Guru Member

    I flashed my WRT54GL to the new 1.20.1501 (the other test version seemed fine but this one had a newer version of dnsmasq that was suppose to fix the crash - not just restart it). Anyways I now see multiple occurrences of this in my logs:

    user.notice kernel: ip_conntrack_pptp.c: bad csum
     
  84. guest

    guest Network Guru Member

    Looks like people should hold off updating until Jon can release new test builds.




    dnsmasq 2.45 released

    http://www.thekelleys.org.uk/dnsmasq/



    http://www.thekelleys.org.uk/dnsmasq/CHANGELOG


    http://www.thekelleys.org.uk/dnsmasq/dnsmasq-2.44-REMOVED.txt
     
  85. njeske

    njeske Network Guru Member

    Thanks for the info about the 2.45 Dnsmasq release. I've been waiting to upgrade from Tomato 1.19 due to the issues in 1.20. I'm definitely waiting for an official 1.21 release now.
     
  86. wahur1

    wahur1 LI Guru Member

    i would say stick with 1.19!!! thats stable as hell!!
     
  87. Odin-60

    Odin-60 LI Guru Member

    From http://www.thekelleys.org.uk/dnsmasq/CHANGELOG :
    As far as I understand the mechanisms of the latest DNS server
    vulnerabilty, a DNS server that woks as a forwarder only is
    indeed not affected. Thus, staying with v1.19 for the time being
    seems not to be a risk.
     
  88. mstombs

    mstombs Network Guru Member

    Simon Kelley says that dnsmasq (which caches dns lookups) is subject to the vulnerability. This is still not fully explained, but we can see from the fixes that it must be possible to request a dns lookup then poison the dns cache with a spoof reply because predictable ports are used. On a nat router the ports used change all the time so I am not sure if they are really that vulnerable.

    See here for a blog from an expert commenting on this old vulnerability, and a test program to see if your dns lookups are susceptible

    http://blog.dickmorrell.org/?p=652

    When I last checked my ISP dns servers had not been patched but opendns were OK.
     
  89. Morac

    Morac Network Guru Member

  90. Odin-60

    Odin-60 LI Guru Member

    Well, in that case hardening dnsmasq would not help, anyway!

    However, as long as you can trust your ISP's DNS servers, no
    third party can attack your dnsmasq.
    Rationale: In contrast to a "full" (recursive) DNS server, a
    "forwarder" such as dnsmasq does not query arbitrary other
    servers. Thus, no potential attacker ever sees your current
    transaction ID, so nobody can guess the next one, not even
    if part of the number space is already used up by a "birthday
    attack".

    Of course, dnsmasq is vulnerable if it queries a malicious DNS
    server. However, if someone would hack your ISP's server,
    there would be no need to attack its clients, too; handing out
    wrong IP addresses would be sufficient. The dangerous case, in
    contrast, is a hacked or malicious DNS server that is normally
    responsible for a particular domain only (but succeeds to hand
    out faked addresses for other domains). Dnsmasq, however, is
    normally not used to immediately contact this kind of DNS server.
     
  91. Morac

    Morac Network Guru Member

    If your ISP's DNS is vulnerable then it doesn't matter if dnsmasq is vulnerable or not since there's no way of knowing whether the ISP's DNS is returning spoofed entries or not.

    dnsmasq caches DNS requests so it could also be vulnerable from a client side attack. The only person who knows for sure how the bug is triggered is the guy who found it, Dan Kaminsky, and he has already told Simon that dnsmasq is "potentially vulnerable".

    For the purpose of using dnsmasq on a router it's probably not a big deal since for the most part people's home networks are private, but once the details of the flaw gets out I expect we'll start seeing malware/scripting that takes advantage of the flaw and you'd want your router patched by then.
     
  92. Daggerx

    Daggerx LI Guru Member

    Victek's version

    Code:
    http://victek.is-a-geek.com/tomato.html
    Is it safe to use this one, I think I was having trouble also when I upgraded to 1.20. I didn't try the test builds though. Thinking about going directly to Vic's version. Any objections? Please advise and thanks in advance.

    Well since he has 2.45 in his release, ill give it a shot...
     
  93. vanhh

    vanhh Network Guru Member

    New test version is released - Tomato 1-20-1508 with dnsmasq 2.45 (DNS/DHCP; crash fix). Restarts dnsmasq if it dies (disable: debug_norestart=dnsmasq). Don't rewrite dnsmasq.conf option. Adds Every DNS DDNS. So far no problem.
     
  94. ICE1

    ICE1 Addicted to LI Member

    Thanks for the heads up .. I did some reading and it seems like there are mix reviews thru out the Enternet.. Have anyone tried the ISP checker? I've checked it out and it seems like my ISP has not done it's updates.. I don't know if i'm the only one here but, is anyone feel a bit hesitant to change DNS servers? it seems so much of a hassle, especially just learning what DNS servers are.. It's like asking Scotti for more power to the warp drive engines...

    *edit*
     
  95. nvtweak

    nvtweak LI Guru Member

    mstombs mentioned OpenDNS.

    If you are worried about your ISP's DNS server(s) being vulnerable, you can put OpenDNS's IP addresses in Tomato and it will use that to look up domain names instead (essentially bypassing your ISP's servers which may be vulnerable).

    I apologize if this was already mentioned. Searching through this thread didn't seem to indicate as much.
     
  96. Morac

    Morac Network Guru Member

    OpenDNS is indeed not vulnerable. In fact even though my ISP was supposedly patched, it passes the DoxPara test, it wasn't patched very well since it half-fails this test while OpenDNS passes with flying colors.

    That said, OpenDNS does some sneaky things such as redirecting all searches from Google to it's own Search page and even redirecting all traffic going to Google from www.google.com to google.navigation.opendns.com. It disables keyword searches in Firefox as well as smart browsing, both which result going to guide.opendns.com.

    The only way to disable that is create an account and disable all the features in OpenDNS. When I did this OpenDNS seemed a lot slower as if it was punishing me or something.

    If you don't mind guide.opendns.com then OpenDNS is perfect, but if you do then it's less than ideal.
     
  97. tehgeek

    tehgeek Network Guru Member

    Some folks knew what it was by guessing, but yesterday exploit code was released so now everyone knows.
     
  98. Daggerx

    Daggerx LI Guru Member

    Ok, so is it alright to use victek's 1.20 mod or no?
     
  99. NetFear

    NetFear Guest

    I'm also loosing DNS but on v1.19

    Before I complain about a problem in my first post: TOMATO is the BEST wifi router software around :thumbups:; it convinced me to do my first ever donation for FREE software.
    =============================================================

    Not sure if it is the same problem but I'm loosing DNS under v1.19.1463 after 1-2 days when WiFi is enabled while doing also considerable torrent download.

    IP is still working OK. In overview page I can see the DNS IP addresses that got assigned by ISP but they stop working under conditions as described above.

    The problem does not occur when I configure static DNS using openDNS .
     
  100. SirDracula

    SirDracula Network Guru Member

    What is the advantage of using dnsmasq on the router vs disabling dnsmasq and just setting the router to serve the OpenDNS servers to its DHCP clients?
     

Share This Page