I made some searches here on the forum and read the documentation about the DNS cache. Now I have one question and two suggestions.
Having clearly installed ROS with no static records in dns cache and without any other records in dns cache at all. Looking at dns cache used size and I see it reports 9kB. My question is: What is hidden in those 9kB? When the cache is flushed, it should be blank, clear, empty, so there should be reported 0kB. Otherwise I am suspicious that there is something hidden inside.
The suggestions are: Add the units to this field to winbox window to be clear what is the measure unit displayed. And add a value of how many records the cache holds at the moment.
9 of what? documentation and cli says KiB. So this unit is missing obviously in the winbox.
But how many records is it? Nowhere it is.
When looking to static or cache, there are no records visible. But you are saying there are hidden records. If they are by default installed, I would like to see them. And be able to remove them, If I decide to. Otherwise there may be whatever and it can do whatever. From this point of view it is obvious that I have no control about what is there. Therefore I see it unsecure.
See? 6.27. Cache used: 9.
Ah, now I understand.
On terminal “/ip dns pri” show KiB, but that is obvious, like 4096 as max packet size, obviousli are not KiB
and on cache size are specified because you can set cache only on multiple of 1KiB
But how many records is it? Nowhere it is.
Simply click on cache button and you can see on bottom left of the Windows how much records are in.
And be able to remove them, If I decide to.
If you remove root servers, you lost the ability to use correctly the DNS.
Root servers are fixed list used Worldwide and probably are embedded on each device that use DNS.
I can not see any type of advantage removing them.
You say that those records are counted, but you had not take your time to check what you believe in.
dns.jpg
Where do you see the number of stored records that corresponds to 9KB of occupied space by them?
Seems you are just trying to convince me that there is no security risk if there are the records you are saying that they are. But how can you know that exactly these records are there if you cannot see them?
I know what are the root dns servers, but why I should have them in the router? For me it is enough to know where is my superior dns server and nothing more. Having any (especially not known) dns records in dns cache/server is for example very good way for redirecting the traffic right on my router.
So again. Why there are records that are hidden and not counted?
What else is hidden in ros and not shown to users?
Are you sure about that? I don’t think that’s true.
If that’s the case, then why routeros cannot resolve anything unless you put actual dns servers on /ip dns ?
If it had a hint zone with the root nameservers of the internet it should had been able to resolve anything directly without the need of external DNS servers.
I’m talking about after successfull resolution of first domain, like :resolve google.com, not with just installed RouterOS
Install, inside VMware or similar, RouterOS, make DNS work.
Press “clear cache”, suspend VMware,
After that open VMware virtual disk with one Linux distro or similar, then go to dns folder and open (binary) the sqllite3 working database.
You can see what exactly are inside the DB.
But even before RouterOS resolves anything, it shows cache-used: 9KiB. You can have one without any config (no addresses) and with disconnected network, so there’s no way how it could resolve anything (unless it uses telepathy ) and it will still show 9KiB used.
Root hints do not make sense, because the whole point of having them is when you want to have autonomous recursive resolver. That way you can ask root server for .com nameservers, then one of them for mikrotik.com nameservers and finally one of them for forum.mikrotik.com. That’s not what the resolver in RouterOS does, it simply sends query for forum.mikrotik.com to configured resolver. So if by any chance those 9KiB are root hints, they are completely useless for RouterOS.
Btw, I even tried your VMware idea and I can’t find no dns folder. The only thing related to DNS was /rw/store/resolver/static.dat which holds user defined static records.
To give you the benefit of the doubt I actually tried what you suggested (even though it didn’t make any sense to me).
So, I could not find any sqlite db on the mikrotik partition except for dude (I had it installed) and user-manager.
The DNS cache is stored in RAM not on disk. It would wear out the flash storage if it were to write each dns cache entry to it.
Besides that, the ‘Cached Used’ already shows ‘9Kb’ even after a fresh install without anything cached or attempted to resolve.
So what you are saying does not explain that.
Also I configured a DNS server (which I have access to) on /ip dns and did a (successful) dns lookup.
In the meantime I was monitoring the DNS server to see exactly what was the request and what was the response.
There is nothing in the request/respond, related to the root nameservers.
Only the NS records for the domain I looked up, plus the A record for it of course.
So what you are saying does not make sense.
By the way I’ve never heard of a DNS server implementation that will somehow magically fetch the root nameservers on the first dns lookup.
All popular DNS servers come with their root nameservers preconfigured (check BIND’s db.root zone on debian for example)
) and it will still show 9KiB used.