Hi,
in the IP → DNS → cache I see those entry…
| name | Type | Data |
|---|---|---|
| cloud2.mikrotik.com | AAAA | 2a02… |
| cloud2.mikrotik.com | AAAA | 2a02… |
I’m using WebFig, so what did make those DNS query the router itself or the WebFig client ?
and how forbid this and is it possible to disable any AAAA query to the external DNS server ?
Thanks.
These are created by the DDNS if it’s enabled either by you (incl. for the Back to Home service) or by an automatically created VPN through the QuickSet menu. To disable them, you disable the DDNS:
/ip cloud set ddns-enabled=no
or through firewall rules
On newer versions it needs to be set to auto to disable it:
/ip cloud set ddns-enabled=auto
Auto means that it will automatically turn on if the user enables BTH service.
Thank you @TheCat12 & @RaresC95
it was already disabled
ip cloud print
ddns-enabled: no
ddns-update-interval: none
update-time: yes
back-to-home-vpn: revoked-and-disabled
As I have routerOS > 7
I suppose I’ll have to set to auto then.
and is it possible to block (globally) any AAAA query ?
The “auto” value was introduced in RouterOS version 7.17
You also have update-time feature turned on, and I think it uses the same A/AAAA domains as DDNS and other Cloud related services does.
Yes indeed ! good catch.
Not nice from Mikrotik to put those enabled by default…
Just curious, why do you want to disable AAAA queries?
As far as I know, there is no way to do it globally. This is what I use to effectively discard AAAA queries for my local domain.
/ip dns static
add address=100:: comment=discard match-subdomain=yes name=home type=AAAA
If you want to avoid the MikroTik Cloud queries, you can use this approach for mikrotik.com domain.
Thank you @anserk , simply because I do not support IPv6
Not sure about all, but you can block all requests to *.com domain with this:
/ip/dns/static/add name=com match-subdomain=yes type=AAAA address=::ffff
This way was mentioned in MikroTik docs.