Can't upgrade: ERROR: could not resolve dns name

RouterOS Beginner Basics
1

Hello,

I have a cAP ac and a cAP lite both on version 6.47.10. When I try to search for updates I get the following error: could not resolve dns name. I also can’t ping from either of them (/ping google.com or /ping 8.8.8.8 ), but I have internet access and can ping normally from devices connected to them. I searched the forum and found similar cases, but unfortunately none of them solved my problem.

Here is the config of both. Thanks!

# jul/18/2023 10:59:08 by RouterOS 6.47.10
# software id = M450-1K1D
#
# model = RBcAPGi-5acD2nD
# serial number = F9AD0F2273F1
/caps-man channel
add band=2ghz-g/n control-channel-width=20mhz name=channel2.4
add band=5ghz-n/ac control-channel-width=20mhz name=channel5
/interface bridge
add name=bridge
/interface wireless
# managed by CAPsMAN
# channel: 2452/20-Ce/gn/P(28dBm), SSID: CSDBTL - Alunos, local forwarding
set [ find default-name=wlan1 ] disabled=no ssid=MikroTik
# managed by CAPsMAN
# channel: 5640/20-eCee/ac/DP(27dBm), SSID: CSDBTL - Alunos, local forwarding
set [ find default-name=wlan2 ] disabled=no ssid=MikroTik
/caps-man datapath
add bridge=bridge local-forwarding=yes name=datapath1
/caps-man rates
add basic=12Mbps name=rate supported=\
    12Mbps,18Mbps,24Mbps,36Mbps,48Mbps,54Mbps
/caps-man security
add name=security1
/caps-man configuration
add channel=channel2.4 country=brazil datapath=datapath1 installation=indoor \
    name=config2.4 rates=rate security=security1 ssid="CSDBTL - Alunos"
add channel=channel5 channel.band=5ghz-n/ac country=brazil datapath=datapath1 \
    installation=indoor name=config5 security=security1 ssid=\
    "CSDBTL - Alunos"
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip hotspot profile
set [ find default=yes ] html-directory=flash/hotspot
/caps-man manager
set ca-certificate=auto certificate=auto enabled=yes
/caps-man manager interface
set [ find default=yes ] forbid=yes
add disabled=no interface=bridge
/caps-man provisioning
add action=create-dynamic-enabled hw-supported-modes=gn master-configuration=\
    config2.4 name-format=identity
add action=create-dynamic-enabled hw-supported-modes=ac,an \
    master-configuration=config5 name-format=identity
/interface bridge port
add bridge=bridge interface=ether1
/interface wireless cap
# 
set bridge=bridge certificate=request discovery-interfaces=bridge enabled=yes \
    interfaces=wlan1,wlan2
/ip dhcp-client
add disabled=no interface=bridge
/ip firewall filter
add action=accept chain=forward
add action=accept chain=input comment="default configuration" \
    connection-state=established,related
/ip firewall nat
add action=accept chain=srcnat out-interface=bridge
/system clock
set time-zone-name=America/Campo_Grande
/system identity
set name=Medio




# jul/18/2023 07:09:31 by RouterOS 6.47.10
# software id = NDDK-4PFM
#
# model = RBcAPL-2nD
# serial number = F0FA0FF98DA9
/interface bridge
add name=bridge1
/interface wireless
# managed by CAPsMAN
# channel: 2452/20-Ce/gn/P(28dBm), SSID: CSDBTL - Alunos, local forwarding
set [ find default-name=wlan1 ] band=2ghz-g/n country=brazil disabled=no \
    frequency=auto mode=ap-bridge ssid="CSDBTL - Alunos" wireless-protocol=\
    802.11
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
add authentication-types=wpa-psk mode=dynamic-keys name=profile1 \
    supplicant-identity=""
/ip hotspot profile
set [ find default=yes ] html-directory=flash/hotspot
/interface bridge port
add bridge=bridge1 interface=ether1
add bridge=bridge1 interface=wlan1
/interface wireless access-list
add authentication=no forwarding=no signal-range=-120..-80
/interface wireless cap
# 
set caps-man-addresses=192.168.1.101 discovery-interfaces=bridge1 enabled=yes \
    interfaces=wlan1
/ip dhcp-client
add disabled=no interface=bridge1
/ip dns
set servers=8.8.8.8
/system clock
set time-zone-name=America/Campo_Grande
/system identity
set name=Coordenacao
2

Usually when I see this, I know something is wrong with local DNS on the device where it happens.
Your devices seem to get IP via DHCP, so the problem is most likely there.

Check on the main router where IP leases are being distributed if DNS server is specified in Network.
Devices obtaining a leases, should also get the DNS server to look for.

Shortcut:
On those 2 devices, use this on terminal or via Winbox (but I prefer to solve the problem at the source):
/ip dns set servers=8.8.8.8 (or IP of your router)

3

I’ve been afflicted with the same issue. Setting the DNS server on the router doesn’t solve the problem. I can access the download site through RouterOS but not from RouterOS. I even added a static DNS address for the download server. Still no luck.

4

I tried doing as you said, but the problem still occurs. I set the DNS as 8.8.8.8 and tried pinging it right after and I still get timeout. I had set static DNS on them before (my router 192.168.1.1 and 8.8.8.:sunglasses:. I don’t underst why the devices connected directly to the router and also connected to the MikroTik AP’s have no apparent problem connecting to the internet, I can for example ping from any of them just fine.
I tested pinging my router (192.168.1.1) and I get timeout, but when pinging the other AP (192.168.1.101) or another host (192.168.1.:sunglasses: it works. So far I couldn’t ping any internet IP. Could there be something preventing the AP from “talking” to the router?

5

They are both cap device under control of capsman ?
You can also upgrade them via capsman manager, i think.
Or reset again to caps mode ? There is no config waisted.

6

I didn’t use the Quick Set mode to configure them, but on the cAP ac I set up CAPsMAN and both of them are provisioned(?) as CAP’s. If I access the Quick Set option it shows that on the ac it is in Home Mesh mode and the lite is on CAP mode. I actually upgraded the ac by uploading the package and rebooting it (it’s now on v7.10.2), but that’s just working around the problem, I still can’t ping the internet from it. I can try resetting them later when there’s less people using them, but if I remember correctly even after resetting I couldn’t search for upgrades.

7

I would reset both CAPS’s into CAPS mode as described here:

https://help.mikrotik.com/docs/display/ROS/Reset+Button

When using CAPsMAN, it is easier to upgrade via CAPsMAN (search for package-path and in Winbox search for the Upgrade button):

https://help.mikrotik.com/docs/pages/viewpage.action?pageId=1409149

If you then still fail upgrading the CAPS’s, you can be sure that it is not CAPS related (but somewhere else in the network).

8

I have seen this happen as well, but never was able to find the root cause.
Even on routers where the DNS clearly is configured correctly, i.e. you see resolved names in the cache, it still can fail for RouterOS upgrade.
It also seems to cache error status somewhere, because when you change the DNS config it just shows the same error.

Sometimes it can be fixed by rebooting the device before attempting the upgrade.

9

Something is definitely goofed up. Rebooting, upgrading, nothing removes the error. I can resolve www.mikrotik.com from tools/ping/ in RouterOS, so I know DNS is working.
I can see download.mikrotik.com in the cache.

10

Not necessarily.
If I recall correctly, tools ping uses your pc settings.
Try terminal.

11

I know how frustrating it is. Several times I have just downloaded the required .npk files manually and uploaded them to the router for an upgrade, which then of course worked OK.
But it is unclear what is failing and why. Certainly it is not a network issue or a DNS settings issue.

12

I can manually upgrade without issues. However, @holvoetn is correct, pings won’t resolve from the terminal. Now I can’t rest until the problem reveals itself.

13

One guess off what it may be: at some point I noticed that Cloudflare DNS mangles the names returned from DNS requests.
E.g. when you request mikrotik.com it will return results for mikrotik.cOm
Maybe in this specific case that is not matched to the query and the resolve fails.
That would affect you when you use 1.1.1.1 or 1.0.0.1 as DNS resolver.

(I have not attempted to reproduce the issue with that setup, but I removed 1.1.1.1 and 1.0.0.1 as DNS server after noticing this, and I guess it may have been the reason for my problem in the past)

14

I never had problems resolving DNS using Capsman:

I not know what is but something in your config should be bad.

Regards.

15

I never use, or used, CAPSMAN. RouterOS went from successfully updating packages to spawning an error after anupgrade (I can’t recall which one). There were NO configurations changes. I’m using the same configuration I’ve been using for a few years.

16

Do you use 1.1.1.1 or 1.0.0.1 as a resolver? It may be the reason.
I just tried to upgrade a router that has 1.1.1.1 and 8.8.8.8 as resolvers, with log enabled on the outgoing DNS request.
I saw it first try 1.1.1.1, then a second later try 8.8.8.8, and then it succeeded.
So my suspicion that it does not like the replies from 1.1.1.1 (posted above) seems to be confirmed.

17

Now the error has changed. No update, no configuration change, and same check for updates button. It no longer give an ERROR: could not resolve dns name message. Now I get the message: ERROR: connection timed out

18

Hi, not sure this topic is still open or resolved somewhere. I had the same problem of DNS error issues trying to upgrade my Mikrotik router. Seems the Firewall config was causing my issue, there is a standard rule that states don’t accept anything not from LAN. If your router is using a subnet not defined in the LAN subnet the packets will be dropped, hence the DNS request will not pass.
Hope this helps others resolve this “issue”.

1 Like
19

Hello, could you be a little clearer in your explanation? I have the same problem, but my router only accepts connections when “general drop” is deactivated. I wanted another way to update without having to disable this rule.