*) added support for “contains” and “contains not” filtering in IPv4 address ranges;
*) allow to modify DHCPv6 server binding settings;
*) do not show newly created elements as invalid (in red);
*) expand table flag column to show all possible flags;
*) fixed IPv6 prefix column sorting in tables;
*) fixed WinBox crash after saving current session;
*) fixed WinBox crash when accessing v7 routes with VRF set;
*) fixed WinBox crash when some opened element was removed;
*) fixed WinBox disconnect when large text was pasted into terminal window;
*) fixed problem where optional field disappeared if window was maximized;
*) fixed table row selection with keyboard to match Windows behavior;
*) keep inner maximized window maximized when changing WinBox window size;
*) show missing Security Profile field in WiFi simple mode;
If you experience version related issues, then please report them to support@mikrotik.com.
I am still trying to get them to support large DNS blocking lists. When you want that sort of number of addresses you would want to load them from one or more DNS names each returning a large number of addresses. With the maximum reply size of 64K on a DNS reply it is possible to load about 4000 addresses, but unfortunately the limit in RouterOS is much lower because it does not support such large DNS replies. And to make it worse, when you try to do it there is a memory leak (I suspect they allocate a certain buffer, like 16K, for the reply and then forget to free the when the returned DNS reply message is larger).
It now works at least up to 1200 addresses per reply so you can divide your list in 10 DNS names, but when it would work OK then 3 names would be OK.
So when your have your own domain e.g. example.com you can add some records to your DNS: block0.example.com, block1.example.com etc each having 1200 A records as required, and then you can add address list items like:
You can then update it by editing the content of the DNS server, no more need to ever touch the router(s) again!
Hopefully one time MikroTik fixes the limit and allows a full 64K DNS reply to be used in this scenario, as it would make maintenance easier.
Unfortunately the bug that occurs when holding down mousebutton on a window which is frequently updated, e.g. to change column width or to move a line up or down, is still present!
It has been reported so many times already and I think it also was reproduced at MikroTik, please fix it.
(back to version 3.21 where it still worked correctly)
I am still trying to get them to support large DNS blocking lists.
Whilst we all love the flexibility of Mikrotik devices and can often stretch them in amazing, unintended ways, sometimes we need to take stock of the fact that some elements of the platform have their limits and it is better to deploy external, heavier duty solutions, where the specific context of deployment requires it…
Although the RouterOS DNS “server” (lets call it ‘resolver’) has great flexibility and would seem to be a fully fledged DNS server, we need to be realistic about its limits and deploy separate, dedicated and best-of-breed solutions, such as more fully-featured DNS servers.
This is not intended as any criticism… it is the power and flexibility of RouterOS which naturally invites us to do more and more on the same low-cost, jack-of-all-trades device!
It will always be better and easier to integrate and automate the inclusion of large block lists onto a discrete, fully-featured DNS server platforms, which is likely to have more appropriate CPU and memory resources and will be better optimised to dealing with these kinds of full-featured DNS server tasks, over and above basic DNS resolver functionality…
Maybe RouterOS v8 will support containers and allow us to install third-party services on our future Mikrotik devices, so that we can plug in additional software components to augment the standard RouterOS offerings…
Just my take on the situation!
R
EDIT: I would also add (more specifically related to WinBox itself) that most admin consoles are designed for basic manual configuration. Any large scale importing of meta-data such as DNS block records etc would be better done via command line or scripted integration, rather than cutting and pasting large volumes of entries via the admin tool…
In my case I am not using the RouterOS DNS server to host these address lists, they are hosted elsewhere. And the DNS server has no problem returning them to standard software like “dig”. Of course using TCP for the query.
It is only the “resolver” part in RouterOS that has trouble. It cannot process a (perfectly legal) 64KB reply to a DNS query, because it apparently uses an arbitrary smaller buffer for the reply.
I am not asking to add any code, merely to lift this arbitrary limitation and support the DNS protocol which has a 16-bit reply size field in the header and supports replies up to 64KB.
A resolver does not even need to pre-allocate a large buffer for each reply, as it can first read the header, examine the length field, and only then allocate a buffer for the full reply.
But when it would want to do so, 64KB of RAM isn’t a significant amount in any current MikroTik device.
Furhermore there is a coding error in the resolver that results from this arbitrary limit, and that leads to a memory leak. Lifting the limit and accepting 64KB DNS replies would likely solve that as well.
9 replies, nothing regarding this version. forum done right.
Anyway, an actual bug: in QuickSet / CPE or PTP Bridge CPE, selecting one of the discovered networks leads to an instant WinBox hang → not responding.
LE: 10 replies, counting the one below.
LE2: corrected numbers, I’ve missed the bug reported by pe1chl between those off-topic replies, thanks.
That is not correct, in reply #7 I mentioned that an important bug is not fixed in this version, I am sure that helped at least two other forum members so they do not need to waste their time to install 3.28.
As has been requested so many times, there should be some setting in the router to disable the QuickSet feature or at least make it read-only.
So an administrator who has configured advanced features in the router can prevent other administrators from quickly changing something with QuickSet and destroy the whole configuration.
(of course a reasonably experienced administrator would not do that, but it is very common that someone sets up a router for a beginner or client and then tells them the password and to be careful when changing things, and then they destroy everything by making a simple change in QuickSet e.g. because they see something that they think is in error)
There is a problem in the quick setting menu when choosing a Wi-Fi network, the screen stops and freezes and a message appears that it is not responding
