Check for updates error

bezerker · June 16, 2022, 12:13pm

Hi,
i just found, that update checking is corrupted. DNS resolve for upgrade.mikrotik.com is 10.0.0.6.
It´s not a local dns problem…mxtoolbox also resolve this IP as well.

netzwerghh · June 16, 2022, 1:34pm

I can confirm this. Futher investigation turns out, that mimas.mt.lv is responding with the wrong NS record:

[root@dns02 ~]# dig upgrade.mikrotik.com @mimas.mt.lv

; <<>> DiG 9.11.4-P2-RedHat-9.11.4-26.P2.el7_9.9 <<>> upgrade.mikrotik.com @mimas.mt.lv
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 42317
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 5
;; WARNING: recursion requested but not available

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;upgrade.mikrotik.com.          IN      A

;; ANSWER SECTION:
upgrade.mikrotik.com.   7200    IN      A       10.0.0.6

;; AUTHORITY SECTION:
mikrotik.com.           7200    IN      NS      moon.mt.lv.
mikrotik.com.           7200    IN      NS      mimas.mt.lv.

;; ADDITIONAL SECTION:
moon.mt.lv.             3600    IN      A       159.148.147.194
mimas.mt.lv.            3600    IN      A       159.148.172.194
moon.mt.lv.             3600    IN      AAAA    2a02:610:7501:1000::194
mimas.mt.lv.            3600    IN      AAAA    2a02:610:7501:2000::194

;; Query time: 34 msec
;; SERVER: 159.148.172.194#53(159.148.172.194)
;; WHEN: Thu Jun 16 15:31:04 CEST 2022
;; MSG SIZE  rcvd: 197

[root@dns02 ~]# dig upgrade.mikrotik.com @moon.mt.lv

; <<>> DiG 9.11.4-P2-RedHat-9.11.4-26.P2.el7_9.9 <<>> upgrade.mikrotik.com @moon.mt.lv
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 1549
;; flags: qr aa rd; QUERY: 1, ANSWER: 3, AUTHORITY: 2, ADDITIONAL: 5
;; WARNING: recursion requested but not available

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;upgrade.mikrotik.com.          IN      A

;; ANSWER SECTION:
upgrade.mikrotik.com.   7200    IN      CNAME   download.mikrotik.com.
download.mikrotik.com.  7200    IN      A       159.148.147.204
download.mikrotik.com.  7200    IN      A       159.148.172.226

;; AUTHORITY SECTION:
mikrotik.com.           7200    IN      NS      moon.mt.lv.
mikrotik.com.           7200    IN      NS      mimas.mt.lv.

;; ADDITIONAL SECTION:
moon.mt.lv.             3600    IN      A       159.148.147.194
mimas.mt.lv.            3600    IN      A       159.148.172.194
moon.mt.lv.             3600    IN      AAAA    2a02:610:7501:1000::194
mimas.mt.lv.            3600    IN      AAAA    2a02:610:7501:2000::194

;; Query time: 34 msec
;; SERVER: 159.148.147.194#53(159.148.147.194)
;; WHEN: Thu Jun 16 15:33:28 CEST 2022
;; MSG SIZE  rcvd: 236

normis · June 16, 2022, 1:48pm

Issue ack, we are working on it, thanks!

Znevna · June 16, 2022, 3:03pm

Temp fix, please check the legitimacy of the IPs by any means

/ip dns static
add address=159.148.172.226 name=upgrade.mikrotik.com
add address=159.148.147.204 name=upgrade.mikrotik.com
add address=2a02:610:7501:4000::226 name=upgrade.mikrotik.com type=AAAA
add address=2a02:610:7501:1000::204 name=upgrade.mikrotik.com type=AAAA

The AAAA records are useless since the upgrade system isn’t IPv6 capable yet.

normis · June 16, 2022, 3:11pm

Issue fixed, but need to wait for DNS to update

Znevna · June 16, 2022, 5:13pm

Not fixed completely:

host download.mikrotik.com moon.mt.lv
Using domain server:
Name: moon.mt.lv
Address: 2a02:610:7501:1000::194#53
Aliases:

download.mikrotik.com has address 159.148.172.226
download.mikrotik.com has address 159.148.147.204
download.mikrotik.com has IPv6 address 2a02:610:7501:4000::226
download.mikrotik.com has IPv6 address 2a02:610:7501:1000::204

host download.mikrotik.com mimas.mt.lv
Using domain server:
Name: mimas.mt.lv
Address: 2a02:610:7501:2000::194#53
Aliases:

download.mikrotik.com has address 159.148.172.226
download.mikrotik.com has address 159.148.147.204
download.mikrotik.com has IPv6 address 2a02:610:7501:1000::204
download.mikrotik.com has IPv6 address 2a02:610:7501:4000::226

host upgrade.mikrotik.com moon.mt.lv
Using domain server:
Name: moon.mt.lv
Address: 2a02:610:7501:1000::194#53
Aliases:

upgrade.mikrotik.com is an alias for download.mikrotik.com.
download.mikrotik.com has address 159.148.172.226
download.mikrotik.com has address 159.148.147.204
download.mikrotik.com has IPv6 address 2a02:610:7501:4000::226
download.mikrotik.com has IPv6 address 2a02:610:7501:1000::204

broken:

host upgrade.mikrotik.com mimas.mt.lv
Using domain server:
Name: mimas.mt.lv
Address: 2a02:610:7501:2000::194#53
Aliases:

upgrade.mikrotik.com has address 10.0.0.6

LE: seems ok now:

host upgrade.mikrotik.com mimas.mt.lv
Using domain server:
Name: mimas.mt.lv
Address: 2a02:610:7501:2000::194#53
Aliases:

upgrade.mikrotik.com is an alias for download.mikrotik.com.
download.mikrotik.com has address 159.148.172.226
download.mikrotik.com has address 159.148.147.204
download.mikrotik.com has IPv6 address 2a02:610:7501:4000::226
download.mikrotik.com has IPv6 address 2a02:610:7501:1000::204

Imposss · June 16, 2022, 5:53pm

flush dns cache

Znevna · June 16, 2022, 5:59pm

do you network much