Can't update - could not resolve DNS name error

Greetings!

A have a pair of Mikrotik devices - RB2011UiAS working as router and switch, and RBcAPGi-5acD2nD (cAP ac) working as access point in WISP AP mode.
The second one is not accessible via web interface, configuring with Winbox.
When trying to check for updates in System - Packages tab it returns ‘ERROR: could not resolve DNS name’. Pinging 8.8.8.8 in CLI returns ‘no route to host’.
But AP is working - all devices connected on both frequencies get internet connection. What should I do to get updates?

Thank you in advance.

Two things to be done on cAP ac:

1. Configure default route in /ip route using main router’s LAN IP address as gateway
2. Configure DNS servers in /ip dns … use same IP addresses as usual LAN clients use

Other option (don’t know if the above will work) is to add a DHCP client. Or add an IP address manually (and set the gateway/DNS servers)). Think is required to make the update work.

I’ve tried to set router adress as default route with checking, and it’s marked as unreachable. AP is also unable to ping router with ‘no route to host’.

On both devices, get to command line (in Winbox, it’s the [Terminal] button), export the configuration to a file using /export hide-sensitive file=device_name, download the files, anonymise them following the hint in my automatic signature right below, and post both. Your cAP may have no IP address at all.

Off-topic, if your uplink bandwidth is more than 100 Mbit/s, it may be useful to make the cAP ac a router, because its CPU is much more powerful than the one of the 2011.

@sindy

# apr/30/2020 15:19:02 by RouterOS 6.44.6
# software id = D5BB-D9D8
#
# model = RBcAPGi-5acD2nD
# serial number = B9320A226766
/interface bridge
add admin-mac=74:4D:28:C1:28:DD auto-mac=no comment=defconf name=bridge
/interface wireless
set [ find default-name=wlan1 ] band=2ghz-b/g/n channel-width=20/40mhz-XX \
    country=russia2 disabled=no distance=indoors frequency=auto installation=\
    indoor mode=ap-bridge ssid=MT24 wireless-protocol=802.11
set [ find default-name=wlan2 ] band=5ghz-n/ac channel-width=20/40/80mhz-XXXX \
    country=russia2 disabled=no distance=indoors frequency=auto installation=\
    indoor mode=ap-bridge ssid=MT51 wireless-protocol=802.11
/interface list
add name=WAN
add name=LAN
/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa2-psk mode=dynamic-keys \
    supplicant-identity=MikroTik
/ip hotspot profile
set [ find default=yes ] html-directory=flash/hotspot
/interface bridge filter
add action=drop chain=input dst-port=68 in-interface=ether1 ip-protocol=udp \
    mac-protocol=ip
/interface bridge port
add bridge=bridge comment=defconf interface=ether1
add bridge=bridge comment=defconf interface=ether2
add bridge=bridge comment=defconf interface=wlan1
add bridge=bridge comment=defconf interface=wlan2
/interface list member
add interface=ether1 list=WAN
add interface=ether2 list=LAN
add interface=wlan2 list=LAN
add interface=wlan1 list=LAN
/ip dhcp-client
add comment=defconf dhcp-options=hostname,clientid disabled=no interface=\
    bridge
/ip dns
set servers=8.8.8.8,1.1.1.1
/ip route
add check-gateway=ping distance=1 gateway=192.168.1.1
/system clock
set time-zone-name=Europe/Moscow
/system routerboard mode-button
set enabled=yes on-event=dark-mode
/system script
add comment=defconf dont-require-permissions=no name=dark-mode owner=*sys \
    policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon \
    source="\r\
    \n   :if ([system leds settings get all-leds-off] = \"never\") do={\r\
    \n     /system leds settings set all-leds-off=immediate \r\
    \n   } else={\r\
    \n     /system leds settings set all-leds-off=never \r\
    \n   }\r\
    \n "

# apr/30/2020 15:51:17 by RouterOS 6.45.8
# software id = JICK-DSXG
#
# model = 2011UiAS
# serial number = 762E073AC762
/caps-man channel
add band=2ghz-b/g/n frequency=2412 name=channel24 tx-power=20
add band=5ghz-a/n/ac frequency=5180 name=channel51 tx-power=20
/interface bridge
add admin-mac=64:D1:54:13:34:32 auto-mac=no comment=defconf fast-forward=no \
    name=bridge
/interface ethernet
set [ find default-name=ether1 ] speed=100Mbps
set [ find default-name=ether2 ] name=ether2-master speed=100Mbps
set [ find default-name=ether3 ] speed=100Mbps
set [ find default-name=ether4 ] speed=100Mbps
set [ find default-name=ether5 ] speed=100Mbps
set [ find default-name=ether6 ] advertise=\
    10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full name=\
    ether6-master
set [ find default-name=ether7 ] advertise=\
    10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full
set [ find default-name=ether8 ] advertise=\
    10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full
set [ find default-name=ether9 ] advertise=\
    10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full
set [ find default-name=ether10 ] advertise=\
    10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full
/caps-man datapath
add bridge=bridge client-to-client-forwarding=yes name=datapath1
/caps-man security
add authentication-types=wpa-psk,wpa2-psk encryption=aes-ccm \
    group-encryption=aes-ccm name=security1
/caps-man configuration
add channel=channel24 country=russia datapath=datapath1 name=cfg24 security=\
    security1 ssid=MT24
add channel=channel51 country=russia datapath=datapath1 mode=ap name=cfg51 \
    rx-chains=0,1,2,3 security=security1 ssid=MT51 tx-chains=0,1,2,3
/caps-man interface
add channel=channel24 configuration=cfg24 datapath=datapath1 disabled=no \
    mac-address=00:00:00:00:00:00 master-interface=none name=cap24 radio-mac=\
    00:00:00:00:00:00 radio-name="" security=security1
add channel=channel51 configuration=cfg51 datapath=datapath1 disabled=no \
    mac-address=02:00:00:00:00:00 master-interface=cap24 name=cap51 \
    radio-mac=00:00:00:00:00:00 radio-name="" security=security1
/interface list
add exclude=dynamic name=discover
add name=mactel
add name=mac-winbox
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip pool
add name=dhcp ranges=192.168.1.10-192.168.1.244
/ip dhcp-server
add address-pool=dhcp authoritative=after-2sec-delay disabled=no interface=\
    bridge name=defconf
/snmp community
set [ find default=yes ] addresses=0.0.0.0/0
/caps-man manager interface
set [ find default=yes ] forbid=yes
add disabled=no interface=bridge
/caps-man provisioning
add action=create-dynamic-enabled hw-supported-modes=b,gn \
    master-configuration=cfg24
add action=create-dynamic-enabled hw-supported-modes=an,ac \
    master-configuration=cfg51
/interface bridge port
add bridge=bridge comment=defconf interface=ether2-master
add bridge=bridge comment=defconf interface=ether6-master
add bridge=bridge comment=defconf hw=no interface=sfp1
add bridge=bridge interface=ether3
add bridge=bridge interface=ether4
add bridge=bridge interface=ether5
add bridge=bridge interface=ether7
add bridge=bridge interface=ether8
add bridge=bridge interface=ether9
add bridge=bridge interface=ether10
/ip neighbor discovery-settings
set discover-interface-list=discover
/interface list member
add interface=sfp1 list=discover
add interface=ether2-master list=discover
add interface=ether3 list=discover
add interface=ether4 list=discover
add interface=ether5 list=discover
add interface=ether6-master list=discover
add interface=ether7 list=discover
add interface=ether8 list=discover
add interface=ether9 list=discover
add interface=ether10 list=discover
add interface=bridge list=discover
add interface=bridge list=mactel
add interface=bridge list=mac-winbox
/ip address
add address=192.168.1.1/24 comment=defconf interface=ether2-master network=\
    192.168.1.0
/ip dhcp-client
add comment=defconf dhcp-options=hostname,clientid disabled=no interface=\
    ether1
/ip dhcp-server lease
add address=192.168.1.11 client-id=1:b8:27:eb:fa:f9:ae mac-address=\
    B8:27:EB:FA:F9:AE server=defconf
/ip dhcp-server network
add address=192.168.1.0/24 comment=defconf gateway=192.168.1.1 netmask=24
/ip dns
set allow-remote-requests=yes servers=8.8.8.8,1.1.1.1
/ip dns static
add address=192.168.1.1 name=router
/ip firewall filter
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=accept chain=input comment="defconf: accept established,related" \
    connection-state=established,related
add action=drop chain=input comment="defconf: drop all from WAN" \
    in-interface=ether1
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
    connection-state=established,related
add action=accept chain=forward comment="defconf: accept established,related" \
    connection-state=established,related
add action=drop chain=forward comment="defconf: drop invalid" \
    connection-state=invalid
add action=drop chain=forward comment=\
    "defconf:  drop all from WAN not DSTNATed" connection-nat-state=!dstnat \
    connection-state=new in-interface=ether1
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" \
    out-interface=ether1
/system clock
set time-zone-name=Europe/Moscow
/system ntp client
set enabled=yes primary-ntp=23.105.225.212 secondary-ntp=23.105.225.212
/system package update
set channel=long-term
/tool mac-server
set allowed-interface-list=mactel
/tool mac-server mac-winbox
set allowed-interface-list=mac-winbox

And thank you for advice.

What ROS Version your 2011 has?
Your router has its LAN IP address configured on a slave Interface, which is wrong…

You haven’t configured any IP address on the /interface bridge named bridge on the cAP ac manually, and the /interface bridge filter rule action=drop chain=input dst-port=68 in-interface=ether1 ip-protocol=udp mac-protocol=ip prevents responses from the DHCP server running at the 2011 from reaching the client on the cAP ac. Has this rule been added by Quickset or have you added it yourself with something particular in mind?

Depending on what you choose (to set an IP address manually or to remove the bridge filter rule to allow the DHCP to work), you may remove the static default route as the DHCP client will get it from the 2011’s DHCP server; however, the DHCP server doesn’t indicate any DNS, so again, either keep it set manually on the cAP ac, or set dns-server=192.168.1.1 at the only row of /ip dhcp-server network on the 2011.

There are two funny points related to this:

• RouterOS upgrade from pre-6.41 to 6.41+ does this (the pre-6.41 “master port” configuration is converted to the “hw-accelerated bridge” one, but the IP address remains attached to the ex master port)
• although the official documentation states that it is wrong and we all keep recommending other forum users to change it to the right setup, I’ve never found any issue to be actually fixed by moving the IP settings from the slave port to the bridge.

I’ve never found any issue to be actually fixed by moving the IP settings from the slave port to the bridge.

Wrong is only something that makes our configuration not to work ?

Definitely not. I’m just saying that I haven’t seen yet that doing this right would alone be sufficient to solve any issue. I.e. it needs to be done right, but it’s not the solution of the OP’s issue.

I’ve decided to disable the rule in filter, and everything became responsive. I’ve successifully updated the OS to 6.45.8 LT. The rule has been added by Quickset.
Thank you very much for your help, gentlemen. How do I mark the topic as solved?

It the upper right corner of each post, there is a set of icons:

Use the checkmark one (птичка).

hi, solution is static dns:

IP —> DNS–> STATIC → new (+) →

name: upgrade.mikrotik.com
adress: 159.148.172.226

then press “ok”

this works for me.

This worked for me also , thanks..

In my case it was something else.
Someone has disabled one defconf rule

add action=accept chain=input comment=\
    "defconf: accept established,related,untracked" connection-state=\
    established,related,untracked

I enabled it back and all work OK now.

[SOLVED] Can’t update - could not resolve DNS name error Error could not connect no internet host

Here is the correct and simple solution, https://www.youtube.com/watch?v=Qy-IAuesjRM

The IP address has changed over the time and it is no longer valid.
I determined currently valid IP address using the following OS command line:

ping upgrade.mikrotik.com

The new one works well again.

UPDATE:
The issue with improper IP address discussed in this thread was intermittent one. Currently I am at ROS version 7.14.2 and the above extra record with the IP address can be disabled (or deleted), because the router can find correct upgrade location on its own, again.