We have 2 mikrotik routers in our home - a Hex POE and a Wap AC. We just move home and ISP and switched to use OpenDNS to provide family controls. OpenDNS provides stats on number of DNS queries. For the four days since we’ve moved to OpenDNS we have ~172,800 DNS lookups per day for cloud.mikrotik.com. Both devices are running v6.42.7.
As a first “fix”, I followed the instructions here to make sure IP/cloud was disabled on both devices:
Under the IP>Cloud setting, check to see if the time update function is ticked (by default it usually is) as this will keep looking time up. Enter your chosen NTP server in System>SNTP client instead.
I spent some time packet sniffing and all the requests come from our gateway router (Hex POE) and emitted directly into the PPPoE connection. There are concurrent requests for cloud.mikrotik.com to both configured OpenDNS servers. The observed request rate was lower than the OpenDNS stats suggest (172,396 requests from our static IP yesterday).
One setting that looks wrong is not accepting remote DNS requests (currently false). I’ll toggle this and see if it has any impact.
As a follow-up, the rate of DNS requests for cloud.mikrotik.com reported by OpenDNS has dropped down to just 1400 per day.
It appears to have done this just at the time I started streaming packet captures. I have no traces with the peak rate.
In those traces, I see queries for cloud.mikrotik.com going to both OpenDNS servers configured, but also to the Google public DNS 8.8.8.8 (which is not configured)?
What are the steps to disable this feature entirely? We have all the options here set to no (and a fixed IP address):
Puzzling update. For no obvious reason, my mikrotik hardware with IP/cloud disabled is back to generating tens of thousands of DNS requests to cloud.mikrotik.com.
So far today 129,442 DNS requests for cloud.mikrotik.com and yesterday 88,907. Two days ago it was idling at 1,442 requests per day and three days ago at 1,441.
No config changes during this time. All three boxes have IP cloud ddns disabled and have SNTP configured. RouterOS 6.42.3 (stable).
As a temporary work around have you tried making cloud.mikrotik a DNS static entry in the main router and sending the traffic nowhere? It may remove the flood of outbound DNS but obviously won’t stop it as such.
I’ve configured all 3 Mikrotik boxes on our network to sniff DNS traffic and forward it a host running tcpdump.
The requests for cloud.mikrotik.com appear directly on the PPPoE interface of that’s our link to the external world. No requests at all from the two other Mikrotik routers acting as bridges on the internal network.
The requests go not only to the configured DNS provider but also to Google’s public DNS. The router is not configured to use Mikrotik’s public DNS.
/ip dns set allow-remote-requests=yes servers=208.67.222.222,208.67.222.220
And there are firewall rules to direct internal DNS requests to the DNS provider:
46725 42264.738922545 A.B.C.D → 208.67.222.222 DNS 125 Standard query 0x8ed0 A cloud.mikrotik.com
46726 42264.752259820 208.67.222.222 → A.B.C.D DNS 141 Standard query response 0x8ed0 A cloud.mikrotik.com A 81.198.87.240
46730 42282.798276192 A.B.C.D → 208.67.222.220 DNS 125 Standard query 0x93e4 A cloud.mikrotik.com
46731 42282.811413416 208.67.222.220 → A.B.C.D DNS 141 Standard query response 0x93e4 A cloud.mikrotik.com A 81.198.87.240
46732 42282.891949252 A.B.C.D → 8.8.8.8 DNS 125 Standard query 0xf123 A cloud.mikrotik.com
46733 42282.904804655 8.8.8.8 → A.B.C.D DNS 141 Standard query response 0xf123 A cloud.mikrotik.com A 81.198.87.240
And this is a feature that the user has turned off per Mikrotik’s wiki:
/ip cloud> print
ddns-enabled: no
update-time: no
public-address: 93.89.129.17
status: updated
Naively, this looks broken. I manually forced a cloud update yesterday to see if this would quiet this feature. No joy.
In the DNS traffic flare reported in the recent posts (October), the Mikrotik boxes are running 6.43.2.
Curiously, the number of DNS requests made for cloud.mikrotik.com has gone back done to the background level: The only changes on the box in that time is to use the force update cloud option and turn on packet sniffing.
Aside from the DNS storms, I feel strongly about the feature:
Any resolution to this!? I am having the same problem. I am running 6.43.8. Have had over 50,000 dns queries just this afternoon. Cloud and time lookup also disabled. I am going to block it with pihole in the meantime.
Same problem with two of my mAP-Lite:s. Both CapsMan clients, both connected to CapsMan Server by OVPN tunnel. Tons of DNA requests for cloud.mikrotik.com… Why?? How do I get rid of this problem?
Edit; I disabled the OVPN tunnel on one of the mAP-Lite units (6.43.12), and it stop yelling for cloud.mikrotik,com.
If enabled on your router, then all interfaces that are configured under this tool will try to resolve cloud servers domain name in order to detect Internet availability:
“WAN interfaces that can reach cloud.mikrotik.com using UDP protocol port 30000 can obtain this state. Reachability is checked every minute. If the cloud is not reached for 3 minutes, the state falls back to WAN.”
Cloud servers are used in order to determine your routers time zone based on your public IP address if your router settings require automatic time zone detection;
Cloud servers are used at the bootup in order to synchronize time with cloud server (only single time after a reboot);
Cloud servers are used in order to determine your routers DDNS name if you use such feature:
Starting from v6.44 you can save and download backup by using a cloud server.
If none from above explains why do you see such traffic on your network, then please send your routers supout file to support@mikrotik.com. We will look into these cases individually.
Hello fellows,
I have the same issue, when I set the DNS server to my server in the other site through VPN, it constantly keeps resolving cloud.mikrotik.com, but surprisingly when I switch the server to any other public server (e.g google dns), it stops resolving.
I tried what’s mentioned above and still no luck, I don’t want to eat up the whole bandwidth through VPN for I’m assigning the link for something very latency-sensitive and the bandwidth between nodes is roughly 600kbps over ADSL, therefore for me this is a major problem.
I hope someone of you has came up with a workaround because I have a lot of DNS entries some of which are dynamic, I can’t make them all static on the other site.
Cheers,
