Hello,
I am having an odd issue, that I am pretty sure is DNS related.
I use PPTP/L2TP/PPPoE to secure access from wireless/fixed users.
The MT box is hooked directly to my ISP, and users VPN in to obtain a public ip address and access the internet.
The problem is that certain sites seem to time out on the name resolve.
Yahoo, eBay, and a few other major sites will not come up, but access to the rest of the net is fine.
The problem sites say they are resolving and then just sit there until they time out.
I have noticed this same problem on SveaSoft and a few other Linux/Unix flavors.
Currently I am using Windows2K Server as my VPN concentrators and have zero problems.
Anyone have any help?
I could really cut some costs at my ISP if I can get this resolved.
Ari Rule (Network Administrator)
Instawave Networks, LLC.
I’m using my ISPs DNS servers.
I have no problems when I use my Windows2K VPN servers, but Mikrotik blows it on all the major site.
Mikrotik has issues, and I’ve seen alot of other posts through google with other people having the same problem.
Unless…It’s the fault of SBC in the setup of their DNS, and that UDP packet is just getting kludged by the Mikrotik.
I’ll post back after chewing on SBC for a bit.
Any idea of a Mikrotik fix rather than me complaining to SBC?
Like the article says…
“To resolve this issue, update the firewall program to recognize and permit UDP packets that are larger than 512 bytes. For additional information about how to do this, contact the manufacturer of your firewall program.”
Ari
Are you sure that this is a DNS issue and not an MTU black hole?
Have you tried an MSS-clamp mangle rule to see if it helps?
/ip firewall mangle protocol=tcp tcp-options=syn-only action=passthrough tcp-mss=1360
Regards
Andrew