Hi All,
I’m new to the forum so forgive me if the post is in the wrong place.
Hardware RB751G-2HnD
RouterOS 5.16, 5.24 and 6.0rc11
Problem:
I have been having problems with DNS resolution for the past 2 weeks. Every now and then while browsing the internet, webpages refuse to load. I can however ping 8.8.8.8 so my internet connection is still active. Sometimes flushing the DNS cache seemed to fix the issue but other times not, I then resorted to rebooting the RB. This did not always work.
Eventually my ISP told me to start using the Google DNS servers instead of their own servers, this also solved the problem for a little while. I even set the DHCP client on the gateway interface to “Use Peer DNS”.
What I then figured out is that it was sometimes taking longer than 1,5 to 2 seconds to even ping the DNS servers (both Google and the ISP) thanks to the wonderful South African internet. I tried to find a way to set the DNS resolution timeout in v5 but could not find the setting anywhere.
Eventually I upgraded to 6.0rc11 and the problem still persisted.
Solution:
Thank goodness there seems to be an undocumented feature in v6 for DNS:
In terminal I ran the following:
ip dns
set query-server-timeout=4s
This seems to have solved my issue for now (the default value was 2s).
Thank you to the RouterOS developers for adding this!!
Interestingly, I have a secondary DNS entry set in the “gui” but it does not show up on the print…
Even with the 10s and 20s timeouts set, I am still having issues. Another issue I have noticed is that if I continuously ping 8.8.8.8, one a wired connection to my router, I get pings of around 250ms. However, on a wireless connection, at the exact same time, the pings are around 3s to 10s. The wifi signal strength is -28 so should be perfect. Any suggestions?
I found another topic in the ROS6Beta forum that recommends increasing the cache size and reducing the ttl, so giving it a try (reverted the increased timeouts):
/ip dns>> print
servers:
dynamic-servers: 192.168.1.1
allow-remote-requests: yes
max-udp-packet-size: 8192
query-server-timeout: 2s
query-total-timeout: 10s
cache-size: 8192KiB
cache-max-ttl: 1h
cache-used: 134KiB
I had experienced DNS timeouts on RB751G-2HnD and RB951-2n with 5.24 and FW 3.04/3.05 for the past 2 weeks. After downgrade to 5.21 and FW 3.0 the problem seems to be gone. I haven’t contacted support, but I will keep browsing the forum for updates.
This morning I replaced one of the devices with a new RB951G-2HnD that has 5.24 and so far web browsing works just fine.
I’m also having problems with dns resolution in 5.24. I’ve just checked the changelog for 5.25, but there aren’t any changes regarding dns so I won’t upgrade yet.
Ok after many hours browsing and trying I found the problem it was due to TCP MSS packet size as some one in other forum suggested, basically the problem is that when you configure the pppoe to modify the TCP MSS it adds two rules to the mangle section at the firewall, but sometimes this rules are not correct, don’t know if this is a bug on Mikrotik or an error from the ISP, so you get a lot of fragmentation from the packages so for some sites when you browse the packages are sent and dropped, and sent and dropped in a loop until the time out error appears, the first step is to set up the pppoe profile->General->Change TCP MSS to default value. then on Mangle tab at Firewall Section create a new rule with:
[GENERAL TAB]
Chain: forward
Protocol: tcp
Out. Interface: your out interface (pppoe-out in my case)
[ADVANCE TAB]
TCP Flags: syn
[ACTION TAB]
Action: Change MSS
New TCP MSS: here is the catch, here you define the size of the package if its too high you will have DNS problems and fragmentation, if its too small you will have other problems, in my case setting it to 133 did the trick
Passthrough: checked.
At PPP section on the Interface for pppoe the Max MTU was set to 1480, Max MRU to 1400 and MRRU to 1400
I don’t know why setting TCP adjust-mss would fix a DNS issue, since MSS is a value that is present in the TCP handshake procedure, and completely absent in UDP.
DNS uses UDP, which doesn’t benefit from MSS adjustment.
(Some DNS clients may use TCP, but it’s still quite a minority of the time that you’ll find such a thing)