We run our DNS off of our Mikrotik CORE router. What is the recommended cache size? If I set to 5000, DNS queries are brutally slow once the cache is fulll… We use OPEN DNS for our dns queries. Our CORE router has a max CPU usage of 11%.
What has prompted me playing with all this is that we used to have a NAT rule masq. requests (forcing) all DNS requests through our DNS… we have been starting to get ALOT of page not found errors. I think it must be over loading or something.
Should we be using a seperate DNS box instead of using our CORE?
Personally I like Bind just because it’s been around awhile and seems to be the most widely used; I am also familiar with it. As mentioned, there are lots of choices though.
Mikrotik is a Router OS. Can you expect a Cisco to be a full-featured DNS/HTTP/xyz server? With Mikrotik, it seems we went “everything” included, and I too find myself saying “just this one more feature would be great”, but of course 1 feature * 1000’s of requests would make Mikrotik bloated and RAM heavy.
Yes… And that is over 7000 dns entries… And you figure 1000’s of requests per second… The response times across the network is brutally slow. If I set the cache to 600 all is fine.
I agree with the one post on this thread… MT is a routing device not a DNS server.
You should set up some DNS on the router so that the router itself can resolve names. Just disable external access.
I’d simply configure the clients to use whatever external DNS you provide, statically or via DHCP. Transparently redirecting users isn’t very nice to do in my opinion, some clients use specific DNS servers for good reasons.
That’s a cached negative reply. Some client tried to resolve that address (could be worm infected, trying to contact a control server? Wild guess, that) and DNS resolver on the router in turn attempted to resolve the address on behalf of the client. The domain does not exist, and the DNS proxy recorded that. It caches negative replies for 24 hours.
yes it seems like worm action , cause we can find like 10 addresses have the same name with one letter change in each name , but this is effecting yahoo mail and yahoo messenger , is there any way to reduce the ttl ?
AFAIK there is not. I remember seeing a feature request to that regard.
How would that negatively affect Yahoo! mail, though? If www.yahoo.com is cached as non-existant, that has nothing to do with other resolution failures unless someone is actively poisoning your cache - if you actually find proof of that you’d want to contact support. If www.yahoo.com is cached as non-existant, it’s far more likely that whatever upstream DNS the router is using is giving back bad results. Try a different upstream server.
its not effecting yahoo all the time , but it happened many times, solved by flushing the dns-cache ..
these unknown names are almost the same every time appears after flushing the cache ,
look at these names : oddracash.net , oddrbcash.net … oddrkcash.net ..
i need to know could this poisoning coming from the public net ? or it should be requested by one of the local clients ?
There are two ways that results can get into the cache - the normal way (the upstream DNS reports something, and the caching resolver caches it) or via cache poisoning (someone maliciously goes to great lengths to insert a fake entry). The latter is much, much, much, much less likely.
The most likely source to your problem is that occasionally the upstream DNS you’re using is saying, “you know what, I don’t know about www.yahoo.com. It does not exist.” The caching resolver in RouterOS does its duty and records that fact. Try a different upstream DNS (OpenDNS comes to mind, but there are other publicly available DNS servers) and see if the problem with Yahoo goes away. It is most likely completely unrelated to the bogus entries you’re seeing. The bogus entries you are seeing are there because someone is asking for them. There is no easy way to tell if it’s coming from the WAN or the LAN, but you should probably block udp/tcp 53 incoming from the WAN because you don’t want to be a caching resolver for the world! Again, they are most likely completely unrelated to any problems you have with Yahoo and DNS.