DNS resolving issue

ravin · April 4, 2015, 4:00pm

We have several CCR deployed in our network. Each CCR has PPPoE and Hotspot server running (around 1500 users in both PPPoE and hotspot). Using open dns in CCR and DHCP server. PPPoE users are not facing any issue of DNS but hotspot users are facing DNS issue intermittently. We have large subscriber base and this intermittent DNS issue is driving us crazy. Struggling since long to get it resolved but no luck so far.

Please help.

boen_robot · April 4, 2015, 4:10pm

If the CCR can handle it, try giving users it as DNS, and just forward to Open DNS from then on… I’m thinking maybe the packets are sometimes timing out between the CCR and the client’s devices.

Alternatively, use “/ip firewall mangle” to increase the TTL of each packet sent to Open DNS and/or each packet received from Open DNS.

I’ve had a similar issue with much fewer customers, when users have their own CPE routers. As a “catch all”, I increased the TTL of all packets exiting the router, and that fixed everyone… Though I think given your larger customer base, increasing the TTL of all packets may be a little too taxing on the CCR ultimately.

ravin · April 4, 2015, 5:03pm

Didn’t follow you. Please elaborate with firewall rule.

[If the CCR can handle it, try giving users it as DNS, and just forward to Open DNS from then on…]

What exactly Im supposed to do ?

boen_robot · April 4, 2015, 5:29pm

To make the DHCP server give users the router as DNS:

/ip dhcp-server network set [find address=192.168.88.0/24] dns-server=192.168.88.1

(assuming 192.168.88.0/24 is your DHCP subnet, and 192.168.88.1 is the router’s IP on that subnet; Adjust accordingly)

The mangle firewall is a separate, alternative strategy that may or may not help with this issue. I’m talking something like this:

/ip firewall mangle add chain=postrouting in-intercace=!WAN out-interface=WAN action=change-ttl new-ttl=set:64

(replace “WAN” with the actual name of your internet facing interface)
although it may need some refinement to limit its scope if it turns out to be too taxing on the CCR.

ravin · April 4, 2015, 5:50pm

Already giving router IP as DNS to users through DHCP. Primary is router’s IP and secondary is open dns. Tried with both open dns.

Will try mangle rule.