I use CCR1009 and I just have around 400 customers.
I see the CPU is going above 35%, which is huge for just that less customers.
I know, people using CCR1009 for 20000 customers even.
I saw Tools > Profile.
And it shows, DNS and QUEQE using more than 15%.
Whats wrong ?
Re: CPU usage by DNS ??
I guess I need to switch off ALLOW REMOTE REQUESTS>
Re:
I have my own DNS server hosted in my CO, and it worked well too.You'd better to use dns servers of your isp than common Google servers. It will speed up the browsing as they are the closest.
But I got few complaints from customers that youtube doesnt load, and Facebook sometimes.
I thought, its somethign to do with my DNS, so I had removed my DNS IP and placed by Google DNS.
Re:
See torch of wan port. See firewall connection list. See the firewall filter rules if you are blocking the incoming traffic to port 53 both tcp and udp from the wan.
Seen, not sure, what I should be check.
I took the screenshots, so you can check and tell me.
You do not have the required permissions to view the files attached to this post.
It seems you are not finally dropping the input chain. Not sure if you jump back to it, but you should be dropping everything that was not accepted before (rule 21 should be enabled). Filter the torch according your wan ip port 53 to see if there are incoming requests from outside. At least add dropping rules for them in input chain.
Re:
I did a torch of WAN port and entered PORT 53 and I see this.It seems you are not finally dropping the input chain. Not sure if you jump back to it, but you should be dropping everything that was not accepted before (rule 21 should be enabled). Filter the torch according your wan ip port 53 to see if there are incoming requests from outside. At least add dropping rules for them in input chain.
How to stop this ?
You do not have the required permissions to view the files attached to this post.
Re: CPU usage by DNS ??
Will this do ?
/ip firewall filter
add chain=input action=accept protocol=icmp comment="default configuration"
add chain=input action=accept connection-state=established in-interface=ether8 comment="default configuration"
add chain=input action=accept connection-state=related in-interface=ether8 comment="default configuration"
add chain=input action=drop in-interface=ether8 comment="default configuration"
/ip firewall filter
add chain=input action=accept protocol=icmp comment="default configuration"
add chain=input action=accept connection-state=established in-interface=ether8 comment="default configuration"
add chain=input action=accept connection-state=related in-interface=ether8 comment="default configuration"
add chain=input action=drop in-interface=ether8 comment="default configuration"
Re: CPU usage by DNS ??
The rule 21 was off.
I have switched it on.
Still when In torch wan port for port 53, it shows a lot of active connections.
What to do ?
I have switched it on.
Still when In torch wan port for port 53, it shows a lot of active connections.
What to do ?
Re: CPU usage by DNS ??
I added this two :
Why is it so ?
But when I torch ether8, I still get many active connections on port 53./ip firewall filter
add chain=input in-interface=ether8 protocol=udp dst-port=53 action=drop
add chain=input in-interface=ether8 protocol=tcp dst-port=53 action=drop
/ip firewall filter
add chain=forward protocol=udp dst-port=53 out-interface=!ether8 action=drop
add chain=forward protocol=tcp dst-port=53 out-interface=!ether8 action=drop
Why is it so ?
Who is online
Users browsing this forum: vertraut and 24 guests