Alpine fails because of NXDOMAIN with missing IPv6 entry in ROS DNS

RouterOS General
1

My problem is with Alpine Linux v3.16 because the RouterOS 7.7 DNS server returns NXDOMAIN if an IPv6 entry does not exist, even that an IPv4 does exist.
I tried other DNS, like DNSMASQ/Pi-hole in a Docker container and they return NOERROR instead.
Unfortunately Alpine always asks for A and AAAA record and if one return NXDOMAIN, it fails. Even if a IPv4 record does exist.

Any idea how to change the RouterOS response to not return NXDOMAIN?

Here is my configuration:

/ip dns
set allow-remote-requests=yes
/ip dns static
add address=10.0.0.17 name=ess

Alpine fails to ping:

mosquitto:~# ping ess
ping: bad address 'ess'

Here is the reason:

mosquitto:~# nslookup ess
Server:		10.0.0.1
Address:	10.0.0.1:53
Non-authoritative answer:
Name:	ess
Address: 10.0.0.17
** server can't find ess: NXDOMAIN

Debug IPv4:

mosquitto:~# nslookup -type=a -debug ess 10.0.0.1
Server:		10.0.0.1
Address:	10.0.0.1:53
Query #0 completed in 1ms:
Non-authoritative answer:
Name:	ess
Address: 10.0.0.17

Debug IPv6:

mosquitto:~# nslookup -type=aaaa -debug ess 10.0.0.1
Server:		10.0.0.1
Address:	10.0.0.1:53
Query #0 completed in 3ms:
** server can't find ess: NXDOMAIN

This is how DNSMASQ/Pi-hole @10.0.0.6 responses in the same configuration:

mosquitto:~# nslookup -type=aaaa -debug ess 10.0.0.6
Server:		10.0.0.6
Address:	10.0.0.6:53
Query #0 completed in 0ms:
Non-authoritative answer:
2

I have exactly the same problem. ROS 7.7

3

Fixed in 7.8b3

4

Hi,

unfortunately for me on RouterOS v7.8 stable it still returns NXDOMAIN instead of NOERROR from Alpine:

===========================================

nslookup <my.home.host>

Server: 192.168.88.1
Address: 192.168.88.1:53

Non-authoritative answer:
Name: <my.home.host>
Address: 192.168.88.1

** server can't find <my.home.host>: NXDOMAIN

nslookup -type=a <my.home.host>

Server: 192.168.88.1
Address: 192.168.88.1:53

Non-authoritative answer:
Name: <my.home.host>
Address: 192.168.88.1

nslookup -type=aaaa <my.home.host>

Server: 192.168.88.1
Address: 192.168.88.1:53

** server can't find <my.home.host>: NXDOMAIN

cat /etc/resolv.conf

Generated by NetworkManager

search <home.host>
nameserver 192.168.88.1

wat this fix missed in 7.8 stable?

EDIT: just found it works fine if I don't have "Use DoH Server" field set. If I have DoH server configured - query from Alpine still returns NXDOMAIN.

5

@dksoft can you please check if problem still exists for you if you have “Use DoH Server” checked?

6

Correct, container does not work with DoH set, see:
http://forum.mikrotik.com/t/dns-not-working-in-containers-with-dns-over-https-setup-on-router/165011/1

There was a separate bug in the ~7.6 where IPv6 resolution was broken – that may also been the original issue in this thread. Which is different from Alpine with DoH.

Alpine’s native DNS resolver only uses UDP and even ignores fragmented responses if I recall right… but there is not “native” DoH support in Alpine.